Mythoscan turns every client site you maintain into an auditable, monitored, reportable asset. Here is the shape of the workflow, end to end, from the first click to the first white-label PDF in your client's inbox.
Create an agency account in under a minute. Start on the free tier — 1 target, 1 scan per month — and upgrade at any time. We auto-provision an isolated workspace scoped to your organization through Postgres row-level security.
Paste a client domain. Give it a label. Assign it to a client folder so every site you maintain for Boulangerie Dupont lives together. Import targets in bulk via CSV when you onboard several accounts at once.
Passive modules (headers, SSL, DNS, email security, GDPR) run immediately with no proof of ownership — they use publicly broadcast data, just like a browser. To unlock active modules (port scan, CVE cross-referencing, WordPress audit) drop a DNS TXT or an HTML file. It takes 2 minutes and is persistent.
We dispatch the scan as an async job. You keep working. When it lands, you see the grade, the priority-ranked issues, the copy-pasteable fix snippets. Hand your client a PDF dressed in your agency's brand — logo, colours, voice. Nothing about Mythoscan on the page they read.
Enable continuous monitoring to scan every target weekly or daily. We diff each run against the previous one and email you only when something new appears — a certificate about to expire, a header removed, a new CVE affecting one of your stacks. Silence means the parc is still clean.
We don't sell scans. We sell the silence between them.
Ports (active), HTTP security headers, SSL/TLS config, DNS records, email authentication (SPF, DKIM, DMARC, MTA-STS, TLS-RPT, BIMI), subdomain enumeration from passive sources, technology fingerprinting, CVE cross-reference, WordPress plugin/theme versions, and GDPR / cookie compliance.
Yes, provided you have a mandate. A maintenance contract, a signed audit agreement, or an explicit email from the client covers this. For active-tier scans we enforce a technical ownership check in addition to your contractual mandate — belt and braces.
In France. Supabase eu-west-3 region (Paris), backed by AWS. Customer data never transits to non-EU regions during normal operation. Stripe handles billing (Ireland). Transactional emails go through Resend (EU).
On paid plans, you upload your logo and a brand color in Settings. Every generated PDF renders with your identity — no Mythoscan logo, no Mythoscan footer, no mention of us anywhere on the page the client reads. The file you hand over looks like you built it.
A clean report is as valuable as a long one. Your client pays you for the confidence that nothing changed. We generate the same white-label PDF with an 'all clear' executive summary — your maintenance retainer justified in one artifact.
Free tier available, no card needed to start. Upgrade to a paid plan whenever you want — cancel anytime from the customer portal.