OnScanner vs Detectify
Detectify and OnScanner share a philosophy: scan from the outside, the way an attacker sees you, with findings kept current rather than served from a stale database. The practical difference is coverage per pass. Detectify pairs its application scanning with crowdsourced research from ethical hackers; OnScanner folds privacy and tracker analysis, email authentication, TLS and WAF posture, and CVE intelligence with EPSS and KEV into the same scan.
Evaluating options? See OnScanner as a Detectify alternative.
TL;DR
Choose OnScanner when you want the widest fully automated single pass: live, never-cached scans with safe exploit verification and zero-day heuristics, EPSS and CISA KEV prioritization, deep technology and end-of-life detection, and 40+ privacy and tracker checks with email, TLS and WAF posture. Turn on AI Findings and it writes the executive summary, ranks your Top Risks, chains findings into MITRE ATT&CK attack paths, drafts remediation, and generates SOC 2, ISO 27001, GDPR, PCI-DSS and HIPAA compliance reports. Free tier and a hosted MCP server included.
Detectify is a great choice when crowdsourced vulnerability research is your priority: Detectify's tests come from its ethical hacker community, and its surface monitoring focuses on web application and subdomain exposure.
Feature comparison
Verified against public product pages on 2026-07-02. Cells marked "Not listed" mean the capability is not described on the vendor's public docs as of that date, not that it is impossible.
| Capability | OnScanner | Detectify |
|---|---|---|
| External (unauthenticated) scanning | YesThe anonymous attacker's view, no agents | YesCore product: 'Simply add your domain and instantly monitor all subdomains and applications' from an external, attacker's-view… |
| Authenticated scanning | YesScan behind login with credentials | YesApplication Scanning supports authenticated testing: 'Test the parts of your application that require authentication:… |
| Privacy, tracker & consent scanning | Yes40+ categories incl. fingerprinting | Not listed*Not listed on public docs as of 2026-07-02 |
| CVE intelligence (EPSS & CISA KEV) | YesCVE/CPE matching with EPSS + KEV context | PartialActively tests for CVEs by sending safe payloads |
| Active exploit verification | YesSafe, non-destructive, in-band probes | YesVendor states testing is payload-based and findings are 'high-signal, verified findings' |
| Patch-status & end-of-life detection | YesVendor/distro patch data + EOL flags | PartialFingerprints technologies and can 'Identify exposed services, open ports, and outdated technologies', with technology… |
| Email security (SPF, DKIM, DMARC) | Yes | Not listed*Not listed on public product docs as of 2026-07-02 |
| WAF detection | Yes | Not listed*Not listed on public docs as of 2026-07-02 |
| Continuous monitoring | YesScheduled scans + change detection | Yes'Continuous and always on monitoring' of the attack surface (Surface Monitoring), including continuous monitoring for DNS… |
| REST API | Yes | YesPublic REST API v3 at api.detectify.com/rest/v3 (API-key auth): asset/technology/port inventory, policy breaches, cloud… |
| MCP server for AI agents | YesHosted: mcp.onscanner.com | YesDetectify MCP Server launched 2026-05-26 |
| AI analysis, remediation & compliance reports | YesOpt-in AI Findings + AI Compliance (SOC 2, ISO 27001, GDPR, PCI-DSS, HIPAA) | Not listed* |
| Transparent self-serve pricing | YesFree tier; Professional $60/mo | PartialPlatform-fee tiers (EUR 0 to 15,000/yr) are published with self-serve signup and a 2-week free trial, but the… |
Why teams pick OnScanner
- Enterprise-grade coverage, fully automated: specialist engines for security, privacy, CVE, DNS, technology and infrastructure analysis run in parallel in a single live pass.
- Every scan is live and never cached, with safe active exploitation probes that verify what is actually exploitable and zero-day heuristics that flag unknown vulnerabilities before a CVE exists.
- Deep technology detection with patch-status and end-of-life flags, so you know exactly what is running and what is out of support.
- Exploit-aware prioritization: CVE and CPE matching enriched with EPSS scores and the CISA KEV catalog, so you fix what attackers actually use.
- Opt-in AI Findings: an executive summary, ranked Top Risks, and clear per-finding explanations with remediation your developers can act on.
- Vulnerability chaining: AI Findings links related results into real attack paths mapped to the MITRE ATT&CK kill chain.
- AI Compliance reports on demand: SOC 2, ISO 27001, GDPR, PCI-DSS and HIPAA assessments generated from your scan results.
- 40+ privacy, tracker, fingerprinting and consent checks plus email (SPF, DKIM, DMARC), TLS and WAF posture in the same pass.
- Continuous monitoring with scheduled scans and 24/7 change detection, plus a REST API and hosted MCP server on every plan, free tier included.
When Detectify fits
- You want tests sourced from a bug bounty style community: Detectify's Crowdsource researchers submit payload-based test modules that feed its scanner.
- You focus on subdomain exposure: discovery and monitoring of subdomains, takeover and DNS misconfiguration detection, plus crawling of custom apps behind login.
- You want self-serve rollout with a REST API, cloud connectors (AWS, GCP, Azure, Cloudflare), and an MCP server.
The short version: OnScanner covers more categories in a single pass, including privacy and consent, email posture, end-of-life detection, and opt-in AI compliance reports, from a free tier.
Pricing
OnScanner is self-serve with a free Starter tier and Professional at $60 per month. Detectify: EUR 0/yr platform fee (Starter) + unpublished per-asset fees; effectively custom beyond the platform fee (Annual platform-fee tiers (Starter EUR 0, Standard EUR 2,500, Professional EUR 5,000, Enterprise EUR 15,000) plus additional per-asset costs for added assets, domains, environments, and IP ranges (per-asset prices not published). PCI ASV scanning add-on at EUR 500/month. 2-week free trial and self-serve signup, no credit card required. Verified 2026-07-02.)
Frequently asked questions
How are OnScanner and Detectify similar?
Both scan from outside, without agents, and both emphasize fresh results over cached databases. If you are choosing between them you are already thinking about your attack surface the right way: from the attacker's side.
What does OnScanner cover that Detectify does not list?
As of the verification date, Detectify's public pages do not describe tracker, fingerprinting or consent scanning, email authentication checks, or EPSS and KEV based CVE prioritization. Those are standard parts of an OnScanner pass. See the sources list for exactly what was checked.
Can I run both?
Yes. Some teams pair a dedicated EASM product with OnScanner's broader per-target pass. If budget forces a choice, compare which capabilities you would actually act on: breadth per scan versus crowdsourced web-app test depth.
Sources
Every Detectify fact above was checked against these public pages on 2026-07-02. If something has changed since, tell us at support@onscanner.com and we will correct it.
See what OnScanner finds on your site
Live, never-cached security and privacy scanning: OWASP Top 10, CVE intelligence with EPSS and KEV, 40+ privacy checks, REST API and MCP server. Free Starter tier, no sales call.