Everything you need to know about ZScanner
ZScanner is a professional desktop web application vulnerability scanner. It runs locally on your machine (Windows, Linux, macOS) and tests web applications for 200+ vulnerability types across 14 scan modules.
ZScanner is a fully offline desktop application. Your scan results never leave your machine — we only receive scan count metadata for license tracking (no vulnerability details, no report content).
Windows 10/11 (x64) is fully supported. Linux and macOS support is in beta. Windows is the primary supported platform.
After purchasing, you receive a base64-encoded license key by email. Paste it into ZScanner's Settings → License tab and click Activate. The license is bound to your email and expires after the purchased duration.
Each license is intended for a single user/team. Contact sales@bithost.in if you need multi-seat licensing.
Scanning will be disabled. You can renew by purchasing a new plan — your scan history in the portal is retained.
You can download the application and run it without a license to explore the interface. A 1-day trial license is available — contact support@bithost.in.
We use Razorpay which supports Indian debit/credit cards, UPI (GPay, PhonePe, Paytm, BHIM), Net Banking (all major banks), and international Visa/Mastercard/Amex. INR and USD pricing available.
All payments are processed directly by Razorpay — we never store card or UPI details. Razorpay is PCI DSS Level 1 compliant.
We offer a 7-day money-back guarantee if you experience a technical issue we cannot resolve. Email support@bithost.in with your order ID within 7 days of purchase.
Yes. Your payment confirmation email from Razorpay serves as a receipt. For a formal GST invoice, email sales@bithost.in with your GSTIN.
No. The packaged application includes everything. Simply download and run — no Python, Node.js, or other dependencies required.
Only scan websites you own or have explicit written permission to test. Unauthorised security testing is illegal in most jurisdictions. ZScanner is intended for professional VAPT engagements and testing your own infrastructure.
Typically 30 minutes to 3 hours depending on site complexity, crawl depth, and network speed. Use Quick scan mode for faster results.
After each scan completes, ZScanner sends a small telemetry ping containing only: your license hash (not the actual key), scan timestamps, target domain, finding counts by severity, and detected tech stack. No report content, no vulnerability details, no page data is ever transmitted.