11,000+ security templates

Discover vulnerabilities
before attackers do.

External vulnerability scanning for your websites, servers, and infrastructure. Find CVEs, misconfigurations, and security gaps across your entire attack surface.

Quick scan Comprehensive CVE-only Deep scan
Start 14-Day Free Trial → See How It Works
11,000+
Security Templates
1,000
Ports Scanned
4
Scan Modes
99.9%
Platform Uptime

Trusted by our customers

// The Problem

29% of vulnerabilities are exploited
before they're even publicly disclosed.

The window to patch is shrinking to zero. Most teams don't have the tools or the visibility to keep up.

Legacy tools are overpriced

Tenable, Qualys, and Rapid7 charge thousands per month with complex per-asset pricing that punishes growth.

Manual scanning isn't enough

Running quarterly scans leaves months of exposure. New vulnerabilities are disclosed daily — your security needs to keep pace.

Compliance is a moving target

Cyber Essentials, ISO 27001, SOC 2, PCI DSS, GDPR — the reporting burden alone can overwhelm a lean team without the right tooling.

// Platform

Everything you need.
Nothing you don't.

One platform to scan, prioritise, and fix vulnerabilities across your external attack surface.

SCANNING

Port & Infrastructure Scanning

Scan the top 1,000 ports to discover open services across your infrastructure. Identify unauthorised services, exposed endpoints, and potential attack vectors automatically.

DETECTION

CVE Detection & CVSS Scoring

Detect known CVEs with CVSS-based risk prioritisation. XSS, SQLi, RCE, SSRF — detailed remediation guidance for every finding, mapped to OWASP Top 10 2025.

CERTIFICATES

SSL/TLS Analysis

Check certificate validity, expiration dates, and configuration. Identify weak ciphers and SSL vulnerabilities before they become problems for your users or auditors.

COMPLIANCE

Compliance Reporting

OWASP Top 10 compliance scores with pass/fail breakdowns, Cyber Essentials control mapping, and exportable reports in PDF, CSV, and JSON. Hand your auditor a finished report.

LIFECYCLE

Vulnerability Lifecycle Management

Track every finding from Open to Acknowledged to Fixed. Mark false positives, assign remediation, and never lose context across your team's workflow.

AUTOMATION

Scheduled Scans & Integrations

Daily, weekly, or monthly scans with custom cron expressions. Slack alerts for critical findings, email notifications, and a full REST API for your CI/CD pipeline.

// How It Works

Up and scanning in minutes.

Fully cloud-based. Nothing to install. Add your domains or IPs and run your first scan in under five minutes.

1
Add your targets
Domains, IPs, or CIDR ranges. Luna maps your external attack surface.
2
Pick your scan mode
Quick, Comprehensive, CVE-only, or Deep scan. Schedule or run on-demand.
3
Fix what matters
CVSS-scored findings with remediation guidance. Track from Open to Fixed.
Terminal — luna@security-api
$ curl -X POST "https://api.lunatech.xyz/v1/scan" \
  -H "Authorization: Bearer sk-luna-..." \
  -H "X-Organization-ID: YOUR_ORG_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "target": ["example.com"],
    "scan_type": "comprehensive",
    "discovery_preset": "full"
  }'

// Scan started
✓ Scan launched successfully
// Pricing

Simple, transparent pricing.

Start with a 14-day free trial. Add your targets and start scanning in minutes.

Trial
Free / 14 days
Up to 20 targets · 2 team members
  • 20 scans per month
  • All scan types
  • Port scanning (top 1,000)
  • SSL/TLS analysis
  • OWASP Top 10 tracking
Start Free Trial
Professional
$249/mo
Up to 50 targets · 3 team members
  • 50 scans per month
  • All scan types + deep scan
  • API access
  • Report exports (CSV/JSON/PDF)
  • Scheduled scanning
  • Slack & email alerts
Start Free Trial
Business
$499/mo
Up to 100 targets · 10 team members
  • 100 scans per month
  • All scan types + deep scan
  • API access
  • Report exports (CSV/JSON/PDF)
  • Scheduled scanning
  • Email alerts
Get Started
Business Plus
$899/mo
Up to 200 targets · 20 team members
  • 150 scans per month
  • All scan types + deep scan
  • API access
  • Report exports (CSV/JSON/PDF)
  • Scheduled scanning
  • Email alerts
Get Started

Need custom limits? Contact us for Enterprise pricing.

// Trusted

Teams that sleep better at night.

★★★★★
Luna is really intuitive. I didn't even look at the docs, just added our domain and started scanning. Had results within the hour.
JW
James Wood
Founder
Ease of use
★★★★★
We run scheduled scans every night and get Slack alerts if anything new comes up. Fits straight into how we already work.
DK
Daniel Kim
Security Engineer
Automation
★★★★★
We have about 200 targets across multiple environments. Luna scans them all without us having to think about it. The board reports are a nice bonus.
LH
Laura Hughes
Director of Engineering
Scale
// FAQ

Common questions.

External vulnerability scanning checks your internet-facing infrastructure — websites, servers, network services — for security weaknesses before attackers find them. Luna automates this with 11,000+ security templates covering exposed services, SSL misconfigurations, known CVEs, and common web vulnerabilities like XSS, SQLi, RCE, and SSRF.
Vulnerability scanning is automated, runs continuously, and covers your full attack surface on a regular schedule. Penetration testing is manual, expensive, and gives you a point-in-time snapshot. Most teams use both: Luna for ongoing monitoring and a pentest once or twice a year for deeper manual testing.
At minimum, weekly for production systems. PCI DSS requires quarterly scans, but best practice is more frequent — 75% of vulnerabilities are exploited within 19 days of disclosure. Luna supports scheduled scans running hourly, daily, weekly, or monthly, with Slack alerts when new issues surface.
Luna maps findings to OWASP Top 10 2025 and Cyber Essentials controls with compliance scores and pass/fail breakdowns per control. Scanning also supports ISO 27001, SOC 2, PCI DSS, and GDPR requirements. Reports export as PDF, CSV, or JSON.
Luna scans your public-facing infrastructure the same way a regular visitor would interact with it — no disruption to your services. You can also schedule scans for off-peak hours if you prefer.
Luna is fully cloud-based with nothing to install. Sign up, add your domains or IP addresses, and run your first scan in under five minutes. Quick scan results come back within minutes. No agents, no hardware, no configuration needed.
// Blog

Recent Security Insights

Essential reading for security professionals — vulnerability management, threat intelligence, and defensive strategies.

View All Blog Posts

Secure your attack surface today.

14-day free trial. Up to 20 targets. Set up in under 5 minutes.

Start Free Trial → Contact Sales