Everything you need to know about ZScanner
ZScanner is a professional desktop web application vulnerability scanner. It runs locally on your machine (Windows, Linux, macOS) and tests web applications for 200+ vulnerability types across 14 scan modules.
ZScanner is a fully offline desktop application. Your scan results never leave your machine — we only receive scan count metadata for license tracking (no vulnerability details, no report content).
Windows 10/11 (x64) is fully supported. Linux and macOS support is available. Windows is the primary supported platform.
After purchasing, you receive a base64-encoded license key by email. Paste it into ZScanner's Settings → License tab and click Activate. The key is cryptographically verified against the portal.
Each license is intended for a single user/team. Contact sales@bithost.in for multi-seat licensing.
Scanning will be disabled. You can renew by purchasing a new plan — your scan history in the portal is retained.
We use Razorpay which supports Indian debit/credit cards, UPI (GPay, PhonePe, Paytm, BHIM), Net Banking (all major banks), and international Visa/Mastercard/Amex. INR and USD pricing available.
All payments are processed directly by Razorpay — we never store card or UPI details. Razorpay is PCI DSS Level 1 compliant.
We offer a 7-day money-back guarantee if you experience a technical issue we cannot resolve. Email support@bithost.in with your order ID within 7 days of purchase.
No. The packaged application includes everything. Simply download and run — no Python, Node.js, or other dependencies required.
Only scan websites you own or have explicit written permission to test. Unauthorised security testing is illegal in most jurisdictions.
Typically 30 minutes to 3 hours depending on site complexity, crawl depth, and network speed. Use Quick scan mode for faster results.
After each scan, ZScanner sends: your license hash (not the actual key), scan timestamps, target domain, finding counts by severity. No report content, no vulnerability details, no page data is ever transmitted.