VulnScanners Logo

How Hosted Vulnerability Scanners Price: Per-Scan, Per-Credit, Per-Target & Subscription

The four pricing models hosted vulnerability scanning platforms use — per-scan, per-credit, per-target, and flat subscription — with the trade-offs, real cost math, and which model fits which team.

VulnScanners team5 min read

Short answer: Hosted vulnerability scanners price one of four ways — per-scan, per-credit, per-target (per-asset), or flat subscription. Per-target and flat subscription reward a stable, known asset list; per-scan and per-credit reward irregular or bursty usage. If your target count changes month to month — the norm for MSPs, consultants, and agencies — a credit or per-scan model is almost always cheaper than paying a per-asset subscription for assets you don't scan every month.

TL;DR

  • Per-scan — you pay each time you run a scan. Simplest to reason about; best for occasional use.
  • Per-credit — you buy a balance and each scan deducts credits. Best for irregular/bursty usage; look for credits that don't expire.
  • Per-target (per-asset) — you pay per IP/host/domain under management, usually monthly. Best for a fixed, continuously-monitored asset list.
  • Flat subscription — one price, (soft) unlimited scans. Best for high-frequency scanning of a stable scope.
  • The cheapest model is the one that matches your usage shape, not the one with the lowest headline number.

The four models at a glance

| Model | You pay for | Best for | Watch out for | |-------|-------------|----------|---------------| | Per-scan | Each scan run | Occasional, one-off assessments | Costs spike if you scan often | | Per-credit | A prepaid balance, drawn down per scan | Bursty / irregular usage, MSPs with variable clients | Credits that expire; unclear credit-per-scan cost | | Per-target | Each asset (IP/host/domain) under management | Fixed asset list, continuous monitoring | Paying for assets you scan once a quarter | | Flat subscription | A tier (feature/seat/scope caps) | High-frequency scanning, stable scope | "Unlimited" with hidden fair-use or target caps |

Per-scan pricing

You pay a fixed amount every time you launch a scan. Nothing to forecast, nothing to waste.

  • Cost shape: linear with usage. 10 scans cost 10×.
  • Predictability: perfect for the buyer, unpredictable for finance if usage grows.
  • Who it suits: consultants running an occasional external assessment; teams validating a single fix.
  • Where it hurts: continuous monitoring. If you want weekly scans of 20 assets, per-scan becomes the most expensive model fast — that's 80+ scans a month.

Per-credit pricing

You buy a balance of credits up front; each scan deducts a set number depending on scan type and target size. A network sweep might cost 1 credit; a full authenticated web app scan might cost 3–5.

  • Cost shape: you pre-commit, then draw down. Bulk credit packs usually lower the effective per-scan price by 20–40% versus one-off pricing.
  • The single most important question: do credits expire? Expiring credits quietly convert "prepaid flexibility" into "use it or lose it." Non-expiring credits are strictly better for anyone with uneven demand.
  • Who it suits: MSPs and MSSPs whose client roster changes; pentest shops with lumpy project timing; anyone who'd rather not pay a monthly per-asset fee for assets they touch a few times a year.

This is the model VulnScanners uses: buy credits, spend them on hosted Nmap, Nuclei, or OWASP ZAP scans, and credits never expire. You're never paying a monthly fee for an asset you're not actively scanning.

Per-target (per-asset) pricing

You pay per IP, host, or domain under management, billed monthly or annually. Scanning is typically "unlimited" within your licensed asset count.

  • Cost shape: linear with inventory, not usage. 100 assets cost roughly 10× what 10 assets cost — whether you scan them daily or never.
  • The trap: paying for idle assets. If you manage 200 assets but only 40 need monthly scanning, a per-target plan bills you for 200.
  • Who it suits: a security team with a fixed, known perimeter that it monitors continuously. Here per-target can be the cheapest model because the per-asset rate is low and you're scanning constantly.

Flat subscription pricing

One tier price, (soft) unlimited scans. Differentiation lives in feature gates, seat counts, scan concurrency, or scope caps.

  • Cost shape: fixed. Marginal scan cost is effectively zero, which is great — until you hit an undisclosed fair-use limit or a target cap buried in the tier.
  • Read the tier carefully: "unlimited scans" frequently means unlimited scans of a limited number of targets, which is really per-target pricing wearing a subscription hat.
  • Who it suits: teams that scan a stable scope very frequently and want a predictable line item.

The cost math that actually decides it

Take the same workload — 20 assets, scanned weekly for a month (≈80 scans) — and the models rank completely differently:

| Model | Relative cost for 80 scans/mo | Relative cost for 5 scans/mo | |-------|-------------------------------|------------------------------| | Per-scan | Highest | Lowest | | Per-credit | Low–moderate (bulk packs help) | Low | | Per-target | Low (rate spread over many scans) | Highest (paying for idle assets) | | Flat subscription | Lowest | Highest (paying for capacity you don't use) |

The lesson: there is no cheapest model in the abstract. High, steady volume favors subscription/per-target. Low or spiky volume favors per-scan/per-credit. Match the model to your usage shape and you'll typically cut spend by a large margin versus picking on headline price.

A 30-second decision guide

  • My asset list is fixed and I scan constantly → per-target or flat subscription.
  • My asset list changes month to month → per-credit (non-expiring) or per-scan.
  • I run occasional one-offs → per-scan.
  • I'm an MSP/MSSP with a variable client roster → per-credit, non-expiring. See our MSP scanner guide.

Questions to ask any vendor before you buy

  1. Which model is this, really? (Watch for per-target dressed as "unlimited.")
  2. Do prepaid credits expire? If so, when?
  3. What counts as one scan — and does target size or authentication change the price?
  4. Are there seat, concurrency, or target caps on the tier?
  5. Is the report/export included, or an add-on?

Where VulnScanners fits

VulnScanners is credit-based with non-expiring credits, one console for hosted Nmap, Nuclei, and OWASP ZAP, and a PDF report per scan. That's a deliberate fit for irregular and multi-client workloads — you pre-buy flexibility and never forfeit it to an expiry clock or pay a per-asset fee for assets you aren't scanning.

If you scan a fixed perimeter every single day, a per-target plan elsewhere might edge us out on pure math. If your usage is anything less than constant, credits win.

Further reading