Skip to content
Intruder

Intruder

Category: DAST
License: Commercial
Visit Intruder
Suphi Cankurt
Suphi Cankurt
+8 Years in AppSec
Updated May 19, 2026
5 min read
Key Takeaways
  • Intruder runs 140,000+ security checks against web applications, APIs, cloud infrastructure, and network services continuously.
  • GregAI is an AI security analyst that explains findings in plain language and prioritizes remediation for non-security teams.
  • Native AWS, Azure, and GCP cloud connectors automatically discover and scan new infrastructure as it comes online.
  • Used by 3,000+ customers with SOC 2, ISO 27001, PCI DSS, HIPAA, and DORA compliance reporting, and a 14-day free trial.
Latest Updates
  • Intruder API (April 2026) β€” The Intruder API gains a new Tags endpoint that lists all tags defined at the account level, building on the earlier add/delete tag endpoints for targets. source
  • Intruder API (April 2026) β€” The Targets endpoint now returns WAF detection metadata for each target and accepts a WAF-detection filter, letting users query for assets fronted by a web application firewall. source
  • Intruder API (February 2026) β€” The Scans API adds an update endpoint for scan schedules so existing schedules can be modified programmatically instead of requiring delete-and-recreate. source

Intruder is a cloud-based continuous vulnerability scanner that monitors your external attack surface for security weaknesses. It runs 140,000+ checks against web applications, APIs, cloud infrastructure, and network services.

Intruder Current Issues list showing Remote OS Command Injection and Server Side Code Injection findings with severity badges

Founded in 2015 and selected for the GCHQ Cyber Accelerator, Intruder now serves 3,000+ customers. It has a 4.8/5 rating on G2 from 154 reviews.

FeatureDetails
DeploymentCloud-only SaaS
Security checks140,000+
Cloud connectorsAWS, Azure, GCP
AI analystGregAI
ComplianceSOC 2, ISO 27001, PCI DSS, HIPAA, DORA
Integrations15+ (Jira, Slack, GitHub, etc.)
API accessPro, Premium, and Vanguard plans
Free trial14 days (Cloud plan features)
Starting priceSee intruder.io/pricing

What is Intruder?

Intruder scans internet-facing systems for vulnerabilities on a continuous basis. When your infrastructure changes or a new threat emerges, it triggers scans automatically.

No manual scheduling required.

The Verizon 2024 Data Breach Investigations Report found that vulnerability exploitation as an initial access vector grew significantly year over year, reinforcing the need for continuous scanning of internet-facing assets.

The platform differs from traditional DAST tools in scope. Where most DAST scanners focus on web application logic (XSS, SQLi, authentication flaws), Intruder covers the broader attack surface: exposed ports, misconfigured services, outdated software, and cloud misconfigurations alongside web application vulnerabilities.

Scope Difference

Intruder is an attack surface management platform with vulnerability scanning, not a deep application security tester. It finds exposed services and known CVEs across your entire perimeter.

For detailed web app testing of authenticated flows and business logic, pair it with a dedicated DAST scanner like ZAP or Burp Suite .

Intruder dashboard overview showing threat level score, checks run count, cyber hygiene rating, and activity feed

What are Intruder’s key features?

Attack Surface Monitoring
Automatically discovers new subdomains, exposed services, and cloud resources. Scans trigger when changes are detected so new assets get tested before attackers find them.
GregAI Analyst
Intruder’s AI security analyst. It verifies findings, suppresses false positives, and ranks what to fix first based on exploitability and whether the CVE is actively being used in the wild.
Cloud Security (CSPM)

Native connectors for AWS, Azure, and GCP. Runs daily misconfiguration checks and automatically imports cloud assets.

Up to 3 accounts on Cloud plan, 10 on Pro, unlimited on Enterprise.

Emerging Threat Scans
When a new high-profile vulnerability drops, Intruder proactively checks your infrastructure. No waiting for scheduled scans when a critical CVE is published.
Compliance Reporting
Generates reports for SOC 2, ISO 27001, PCI DSS, HIPAA, and DORA. NIST SP 800-53 requires organizations to maintain a continuous monitoring program, and Intruder’s compliance reporting helps satisfy those audit requirements.
Risk Prioritization
Scoring factors in exploitability, asset criticality, and active exploitation data. Helps you ignore the noise and fix what actually matters.

How much does Intruder cost?

Intruder offers four tiers, all with 5 infrastructure licenses included:

  • Essential β€” 1 scheduled scan, unlimited ad hoc scans, enhanced risk data, unlimited users
  • Cloud β€” Unlimited scheduled scans, emerging threat scans, GregAI analyst, up to 3 cloud accounts, advanced analytics, role-based access, 15+ integrations
  • Pro β€” Internal target scanning, up to 10 cloud accounts, mass deployment options
  • Enterprise β€” Unlimited cloud accounts, 1000+ checks, attack surface visibility, advanced access control

Pricing is based on a base fee plus a per-target fee, calculated dynamically on Intruder’s pricing page .

All plans include a 14-day free trial with Cloud plan features.

Best Value
The Cloud plan is Intruder’s most popular tier. It includes unlimited scheduled scans, the GregAI analyst, and cloud security β€” none of which are in the Essential plan.

What you actually pay scales with two variables: the number of infrastructure licenses (each license covers one target IP, hostname, or URL) and the plan tier. Vanguard, the highest tier, layers managed pentesting on top of automated scanning β€” useful when you want hybrid coverage without staffing an internal pentest team.

Web application scanning is included on Cloud and above, but the depth is shallower than dedicated DAST tools like Acunetix or Invicti . I treat Intruder as an attack-surface and continuous-vulnerability scanner first, with web application scanning as a bonus layer rather than the primary capability β€” pair it with a dedicated DAST when you need authenticated SPA testing or business-logic coverage.

What does Intruder integrate with?

Cloud Providers
AWS AWS
Azure Azure
Google Cloud Google Cloud
DevOps & Communication
GitHub GitHub
GitLab GitLab
Azure DevOps Azure DevOps
CircleCI CircleCI
Slack Slack
Microsoft Teams Microsoft Teams
Jira Jira
PagerDuty PagerDuty
Identity & Security
Okta Okta
Auth0 Auth0
Cloudflare Cloudflare

How do I get started with Intruder?

1
Create an account β€” Sign up at portal.intruder.io for a 14-day free trial. No installation needed; everything runs in the cloud.
2
Add targets β€” Specify domains, IP addresses, or connect AWS/Azure/GCP accounts. Cloud connectors auto-import your assets.
3
Run your first scan β€” Trigger manually or let Intruder scan automatically when it detects infrastructure changes.
4
Review and prioritize β€” GregAI filters noise and ranks findings by risk. Export reports for compliance or push issues to Jira/Slack.

API Access

The Intruder API lets you manage targets, trigger scans, and retrieve results programmatically. Available on Pro, Premium, and Vanguard plans.

# Trigger a scan via the Intruder API
curl -X POST "https://api.intruder.io/v1/scans" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"target_id": "target_123"}'

When to Use Intruder

Intruder works well for small to mid-sized organizations that need continuous attack surface monitoring without a dedicated security team. The cloud connectors and automated scanning mean less manual work for teams with cloud-native infrastructure.

It covers the gap between traditional vulnerability management (Qualys, Nessus) and application-specific DAST tools. If your primary concern is “what’s exposed on the internet and is it vulnerable,” Intruder answers that question.

For deep web application security testing of complex SPAs, authenticated workflows, or API business logic, you will need a complementary tool like Acunetix or Invicti .

Intruder itself acknowledges this positioning: it scans your perimeter, not the inner workings of your applications. For help choosing the right approach, see the what is DAST guide.

What are alternatives to Intruder?

If Intruder’s external-attack-surface focus or pricing model does not fit, these are the alternatives I’d weigh in the DAST tools landscape :

  • Detectify β€” Closest peer in the crowdsourced-DAST + EASM space. 1,765+ vulnerability modules from 400+ ethical hackers, plus External Attack Surface Management. Better fit when crowdsourced research depth matters more than continuous infra scanning.
  • Probely β€” Now part of Snyk DAST , Probely is developer-focused DAST with strong API coverage and OpenAPI support. Worth evaluating when you want DAST tied to existing Snyk SAST/SCA workflows rather than a standalone scanner.
  • Acunetix β€” Standalone DAST scanner with proof-based verification, 7,000+ vulnerability checks, and IAST sensor support for .NET, Java, PHP, and Node.js. Stronger choice when web application depth matters more than ASM coverage.
  • Pentest-Tools.com β€” On-demand vulnerability scanning with a published per-scan and subscription pricing page. Better when you want pay-as-you-go pentest tooling rather than continuous monitoring.
  • Qualys WAS β€” Enterprise web app scanning from a vendor your operations team likely already uses for vulnerability management. Lower friction when Qualys is the incumbent platform.
Visit Intruder

Frequently Asked Questions

What is Intruder and what does it scan?
Intruder is a cloud-based continuous vulnerability scanner that tests web applications, APIs, cloud infrastructure, and network services. It runs 140,000+ security checks against your external attack surface and alerts you when new vulnerabilities appear or infrastructure changes.
How much does Intruder cost?
Intruder has four tiers: Essential (1 scheduled scan, unlimited ad hoc), Cloud (unlimited scheduled scans, cloud security, GregAI), Pro (internal scanning, up to 10 cloud accounts), and Enterprise with custom pricing. Pricing is calculated based on the number of infrastructure and application licenses. All plans include a 14-day free trial.
What is GregAI in Intruder?
GregAI is Intruder’s AI security analyst that automates vulnerability assessment and response. It helps prioritize findings based on context, reduces alert noise, and provides actionable remediation guidance so teams can focus on the issues that matter most.
How does Intruder compare to traditional DAST tools?
Intruder focuses on continuous external attack surface monitoring rather than deep application-level testing. It excels at finding exposed services, misconfigurations, and known vulnerabilities across infrastructure. For thorough web application testing of complex SPAs, pair Intruder with a dedicated DAST tool.
What cloud platforms does Intruder integrate with?
Intruder has native connectors for AWS, Azure, and Google Cloud Platform. These automatically import your cloud assets and run daily misconfiguration checks. The platform also integrates with Jira, Slack, Microsoft Teams, GitHub, GitLab, Azure DevOps, CircleCI, PagerDuty, and Okta.
How I review tools Suggest an edit

Other DAST Tools

AppTrana
AppTrana

Fully managed WAAP with integrated DAST and WAF

ZeroThreat
ZeroThreat

AI-powered DAST with automated pentesting

Acunetix
Acunetix

Multi-Platform Easy-to-Use DAST

AppCheck
AppCheck

Former Internal Pentest Tool

Astra Security
Astra Security

AI-Powered Continuous Pentest Platform

Beagle Security
Beagle Security

AI-Powered Pentesting Platform

See all DAST tools

Complement with IAST

Pair dynamic testing with runtime instrumentation for broader coverage.

Contrast Security
Contrast Security

Runtime-Powered Application Security

Acunetix AcuSensor
Acunetix AcuSensor

Line-of-Code Details

See all IAST tools

Learn More

Best DAST Tools for APIs in 2026 Free DAST Tools What is DAST?

Explore all DAST guides and tools