ScanTower Documentation

Everything you need to know about using ScanTower to secure your websites, from getting started to advanced integrations and API usage.

Quick Navigation

Getting Started
Quick start guide
Features
Security scanning capabilities
Monitoring
Automated scans & alerts
Notifications
Email, Slack & Discord
FAQ
Common questions

Getting Started

What is ScanTower?

ScanTower is an automated website security monitoring platform that continuously scans your websites for vulnerabilities, security misconfigurations, malware, and threats. Get instant alerts when issues are detected, with detailed reports and remediation guidance.

Quick Start

1

Run Your First Scan

Visit the homepage and enter your website URL. No account needed for instant scans!

https://example.com → Click "Scan Now"
2

Create an Account

Sign up for free to save scan results, set up monitoring, and receive alerts.

3

Add Your Sites

Go to your Dashboard → Sites → Add Site to start monitoring your websites.

4

Configure Monitoring

Set up automated scans (daily/weekly) and configure notification channels (email, Slack, Discord).

Security Scanning Features

ScanTower performs comprehensive security checks on every scan. Here's what we analyze:

Vulnerability Detection

Automatically identifies your CMS, plugins, themes, and frameworks, then checks them against vulnerability databases to find known security issues.

Detects:
  • ✓ WordPress, Joomla, Drupal versions and vulnerabilities
  • ✓ Outdated plugins and themes with known CVEs
  • ✓ JavaScript libraries with security issues (jQuery, React, etc.)
  • ✓ Web frameworks and server software vulnerabilities
  • ✓ Severity ratings (Critical, High, Medium, Low)

SSL/TLS Certificate Monitoring

Monitors your SSL certificates to ensure your site remains secure and trusted by browsers.

Checks:
  • ✓ Certificate expiration dates (with advance warnings)
  • ✓ Certificate chain validity
  • ✓ TLS version support (TLS 1.2, 1.3)
  • ✓ Security grade (A+ to F rating)
  • ✓ HTTPS enforcement and redirects
  • ✓ Mixed content warnings

Certificate Transparency Monitoring

Discovers subdomains and monitors certificate issuance through public CT logs.

Discovers:
  • ✓ All subdomains with issued certificates
  • ✓ Forgotten or shadow IT domains
  • ✓ Unauthorized certificate issuance attempts
  • ✓ Historical certificate records
  • ✓ Wildcard certificate usage

Security Headers Analysis

Analyzes HTTP security headers to ensure your site is protected against common web attacks.

Analyzes:
  • ✓ Content-Security-Policy (CSP)
  • ✓ Strict-Transport-Security (HSTS)
  • ✓ X-Frame-Options (clickjacking protection)
  • ✓ X-Content-Type-Options
  • ✓ X-XSS-Protection
  • ✓ Referrer-Policy and Permissions-Policy

Malware & Malicious Script Detection

Scans your website's frontend for card skimmers, keyloggers, and suspicious third-party scripts.

Detects:
  • ✓ Credit card skimmer patterns (Magecart)
  • ✓ Keylogger and form hijacking scripts
  • ✓ Suspicious third-party domains
  • ✓ External script reputation checks
  • ✓ Visual screenshot evidence
  • ✓ Cryptomining scripts

Configuration Change Detection

Monitors critical configuration changes that could indicate security issues or misconfigurations.

Monitors:
  • ✓ DNS record changes (A, MX, TXT records)
  • ✓ Security header modifications
  • ✓ SSL/TLS configuration changes
  • ✓ Server software version changes
  • ✓ Exposed configuration files

Automated Monitoring

Set up continuous security monitoring to automatically scan your sites on a schedule and get notified when issues are found.

Scan Schedules

Hourly Scans

Maximum protection for critical production sites. Detects issues within an hour of occurrence.

Daily Scans

Recommended for production sites, e-commerce stores, and high-traffic websites. Detects issues within 24 hours.

Weekly Scans

Suitable for low-traffic sites, staging environments, or portfolios. Good balance between coverage and usage.

Manual Scans

Run scans on-demand after deployments, updates, or when investigating specific issues.

Setting Up Monitoring

  1. Navigate to Dashboard → Sites
  2. Click on a site or add a new site
  3. Go to the Settings tab
  4. Enable Monitoring and select your schedule (daily/weekly)
  5. Configure notification preferences
  6. Save your settings
Pro Tip

Enable monitoring immediately after adding a site to establish a security baseline. This helps you track changes over time and catch new vulnerabilities as they're discovered.

Notifications & Alerts

Get instant notifications when vulnerabilities or security issues are detected. ScanTower supports multiple notification channels:

Email Notifications

Receive detailed email alerts with vulnerability summaries and remediation guidance.

Configure in: Dashboard → Settings → Notifications

Slack Integration

Post scan results and alerts directly to your Slack channels.

Webhook URL: https://hooks.slack.com/services/YOUR/WEBHOOK/URL
Configure in: Dashboard → Settings → Integrations

Discord Integration

Send scan alerts to Discord channels for team coordination.

Webhook URL: https://discord.com/api/webhooks/YOUR/WEBHOOK
Configure in: Dashboard → Settings → Integrations
Alert Thresholds

Configure which severity levels trigger notifications. You can choose to only be alerted for Critical/High issues, or receive all notifications including informational items.

Frequently Asked Questions

How often should I scan my website?

For production websites and e-commerce stores, we recommend daily scans. For less critical sites, weekly scans are usually sufficient. You should also run a manual scan after any major updates or deployments.

Do I need to install anything on my server?

No! ScanTower scans your website from the outside, just like a visitor or attacker would. No plugins, agents, or server access required. Just provide your website URL.

Will scanning impact my website performance?

ScanTower uses responsible scanning techniques with rate limiting to avoid impacting your site's performance. Our scans typically load only a few pages and check headers and certificates, similar to normal visitor traffic.

What happens when a vulnerability is found?

You'll receive an immediate notification via your configured channels (email, Slack, Discord). The vulnerability will be displayed in your dashboard with severity rating, description, and remediation steps. We also track when it was first detected and when it's resolved.

Can I scan password-protected or staging sites?

Currently, ScanTower scans publicly accessible websites. For password-protected or private staging sites, you'll need to temporarily allow our scanner IPs or set up a public staging URL. Contact support for our scanner IP addresses.

How accurate are the vulnerability detections?

We use multiple vulnerability databases and actively maintained detection rules. While we strive for high accuracy, some detections may be false positives (e.g., if you've patched a vulnerability manually). Always verify findings in your environment.

Can I export scan results?

Yes! You can generate and download PDF reports for any scan. These are great for sharing with clients, management, or compliance requirements. Premium plans also support API access for programmatic export.

What's the difference between free and paid plans?

Free plans include basic instant scans and limited monitoring. Paid plans offer more frequent scans, increased site limits, priority support, advanced integrations, team features, and detailed historical analytics. See our pricing page for complete feature comparison.

Need More Help?

Can't find what you're looking for? Our support team is here to help.