ZAPScanner icon

Free Online Web Application Security Scan with OWASP ZAP

The ZAP Scanner by binsec.tools is a web-based tool for the automated identification of vulnerabilities in web applications. Technically, the solution is based on a headless instance of OWASP ZAP running server-side. This removes the need for local installation. Scans can be initiated and reviewed directly through the platform. Its functionality includes the automated execution of DAST scans and the provision of structured results. Identified vulnerabilities are presented in a clear way and are also available as a PDF report.

The ZAP Scanner is primarily intended for IT teams and developers who require a fast, standardized security assessment of their applications. In contrast to a manual penetration test, the analysis is performed entirely automatically and without project-specific customization.

To ensure authorization, the following requirements apply:

  • Registration of a user account (free of charge)
  • Verification of the target domain via DNS TXT record

The ZAP Scanner therefore serves as a complementary measure for continuous security validation and can be used in particular between more comprehensive manual penetration tests.

Go to ZAPScanner
ZAPScanner icon

Penetration Testing
Tools

On binsec.tools, you’ll find free online tools for penetration testing – the same ones used by the binsec group in real-world pentests. The publicly available tools are primarily designed to gather information and enrich it with additional data. Check them out!

Security check of SSL/TLS protocols and ciphers
SSLCheck
Find subdomains of a Domain
SubDomainFinder
Check headers for OWASP recommendations
HTTPHeaderCheck
Find Plaintext Passwords with rockyou.txt Hash Lookup
HashLookup
Check SOA, SPF, DMARC, DNSSEC, Zone Transfers & More
DNSCheck
Analyze Authentication Methods, Ciphers, Protocols & Banners
SSHCheck
Validate SPF record by address and mailserver
SPFCheck
Get my IP Address via Browser or wget/curl
WhatIsMyIp
Check your Password Quality
PasswordCheck
Identify Web Components and Exposed Vulnerabilities
WebCompScan
Certificate Transparency Lookup
CertWatch
TCP and UDP Ports
WellKnownPorts
Network and Subnet Analysis
SubnetcCalc
Email Security Check
MailCheck
Check if your password is breached
PasswordListCheck
Generate CVSS4 scores
CVSS4Calculator
Explain CVSS4 vectors
CVSS4VectorDecoder
Free Online Web Application Security Scan with OWASP ZAP
ZAPScanner

Manual Penetration Testing by Certified, In-House Senior Penetration Testers

binsec penetration testing

Who tests

For more than ten years, binsec has stood for technically rigorous, strictly manual penetration testing. All engagements are conducted exclusively by employed senior penetration testers. Freelancers or subcontractors are not involved. Our clients work directly with the responsible senior tester who personally performs and technically leads the assessment. Communication is conducted in German and English; international projects are a regular part of our work. Our experts hold recognized offensive security certifications such as OSCP, OSCE, CRTO, and BACPP.

What we test

Our project experience covers complex enterprise networks, modern web and API architectures, and hybrid infrastructures. We work with organizations in manufacturing and industry, financial services and insurance, healthcare, IT and software providers, as well as public institutions. Technical, regulatory, and organizational requirements are systematically taken into account.

How we work

Our tests are based on a structured and reproducible methodology. They align with established standards such as OWASP and OSSTMM and are adapted to the specific project scope. Each assessment follows clearly defined phases: structured reconnaissance, manual analysis, targeted exploitation, and validated impact assessment. Automated tools support the process; identification, verification, and evaluation of vulnerabilities are performed manually.

Where we operate and document

Assessments are not conducted from cloud infrastructures. We operate our own infrastructure in a data center in Frankfurt. From there, all engagements are centrally executed and documented within our internal system PTDoc. PTDoc serves as the central documentation platform for all project data, evidence, and evaluations. All findings are recorded in a structured manner, technically described, risk-assessed, and supported by reproducible proof-of-concept information.

What you receive

We identify technical vulnerabilities and assess their business impact. Findings are evaluated based on risk or CVSS. The result is a clearly structured report including an executive management summary and detailed technical documentation. Re-testing of identified vulnerabilities is an integral part of our service.

Contact us

Pentest Knowledge and Tools

binsec.tools logo

Free pentest tools for your security analysis.

Pentest Tools
binsec.wiki logo

Take a look at our wiki page about pentesting.

Pentest WIKI
binsec FAQ logo

Straight answers to common pentesting questions.

Pentest FAQ
binsec news logo

News about pentesting and the binsec universe.

Pentest News

Company

binsec GmbH
Clemensstraße 6-8
60487 Frankfurt am Main
Germany

Contact

info@binsec.com

+49 692475607-0

Legal notice

Director: Patrick Sauer
Authorised Officer: Florian Zavatzki, Dominik Sauer
Registration: Frankfurt am Main, HRB97277
Turnover Tax Identification No.: DE290966808

© 2026 All rights reserved by binsec GmbH.

Privacy Notice

© 2026 All rights reserved by binsec GmbH.

Privacy Notice