// OPTIONAL UPGRADE · OUT-OF-BAND DETECTION · NEWSCAN PRO

Online detection packs — catch the bugs that only prove themselves out-of-band.

A whole class of vulnerabilities — blind and reflection-based — never appear in any response your scanner can see. Confirming them means making the target reach back out to a listener you control and watching for the callback. Online detection packs are the hosted listener NewNormal Security runs for you, so NewScan can trigger and verify those findings end to end.

Everything NewScan verifies in-band stays fully local and free. Packs are strictly opt-in: only the out-of-band callback interactions touch the hosted listener — your target traffic, findings, and AI keys still never leave your machine.

▸ See pricing What's in a pack →

What the packs add

// out-of-band classes the listener unlocks

// WHEN A FINDING NEEDS A TARGET TO POINT BACK AT

One hosted endpoint. Six blind vulnerability classes, verified.

Each pack provides the HTTP(S) and DNS endpoint the target calls back to. NewScan plants a unique canary in its payloads, the hosted listener records any callback, and the scanner correlates it to the exact request that triggered it — recording a verified, true-positive finding, never a guess.

The hosted listener is the one capability that needs a Pro license and an account. The scanner itself never does — without a pack it falls back to its in-process local canary, so a scan is always fully functional.

// DETECTION CLASSES UNLOCKED

Blind SSRF

HTTP / DNS callback confirmation

Out-of-band SQLi

DNS / HTTP exfil channels

Blind XSS

fires when an admin views it later

OOB XXE

external-entity callback

JWT jku callback

hosted JWKS the token fetches

DNS exfiltration

data-over-DNS detection

The listener answers DNS under its domain and serves a valid jwks.json, so multi-step callbacks (DNS → HTTP, jku fetch) complete and correlate to one session.

How it works

// opt-in, correlated, privacy-preserving

01

Open a session

Your licensed scanner opens a session and gets a unique canary host: <token>.<session>.<domain>. Payloads carry that host so any callback is yours alone.

02

Target calls back

A vulnerable target reaches the hosted HTTP or DNS endpoint. The interaction is recorded and matched to your session by the canary subdomain — no shared state to untangle.

03

Verify & record

NewScan polls the interactions back, ties the callback to the request that caused it, and records a confirmed finding — real, with evidence attached.

PRIVACY BY DESIGN

Only the out-of-band callbacks ever touch the hosted listener. Your scan traffic, findings, credentials, and AI keys stay on your machine — the pack receives a callback, not your data.

NEVER MANDATORY

Local in-band detection is free, forever. Without a pack the scanner uses its built-in local canary, and the hosted collaborator is self-hostable — so nothing online is ever required to run a complete scan.

Pricing

// one pack, hosted & maintained by NewNormal Security

1 MONTH

$495 / month

The full online detection pack, billed month to month. Cancel anytime — ideal for a single engagement or a short assessment window.

  • Hosted HTTP(S) + DNS OOB listener
  • All six blind detection classes
  • Up to 3 activated devices
  • Upgrade to annual anytime — pay only the difference
Get the monthly pack →

ANNUAL

BEST VALUE
$1,985 / year

≈ $165/mo · save $3,955 vs monthly

A full year of hosted out-of-band detection at the lowest effective rate. For testers and teams who run engagements all year.

  • Everything in monthly
  • 12 months for the price of ~4
  • Up to 3 activated devices
  • Priority support on the hosted listener
Get the annual pack →

MONTH → YEAR UPGRADE

$1,690 one-time

Already on the monthly pack and want the year? Convert your active month straight into a full annual term — no re-activation.

  • One-time payment — not a new subscription
  • Converts to a 12-month annual term
  • Same license & devices — no re-activation
Upgrade to annual →

// ENTERPRISE SALES

Bigger rollout? Let's do a deal.

Multi-seat, organization-wide, or procurement that needs a PO and invoice? Enterprise gets custom pricing and invoicing that bypasses the standard plans above — sized to your deployment, billed how your finance team needs it. Tell us what you're after and we'll come back with terms.

Contact Enterprise sales →

HOW ACTIVATION WORKS

Online packs activate from inside the NewScan app: hit Upgrade →, complete checkout in your browser, and the app polls for the signed license and installs it on its own — nothing ever connects back to your machine. The license is registered to your email and bound to the device that requested it (up to 3 devices).

QUESTIONS?

Volume, multi-seat, or invoicing needs? That's a conversation, not a sales call.

Talk to us →

All prices in USD. Online detection packs are an optional upgrade to the free, self-hosted NewScan scanner — local in-band scanning never requires a license. The hosted collaborator is also self-hostable, so the capability is never locked behind our infrastructure.

Verify the findings other scanners can't see.

Keep your scans local and free. Add an online detection pack only when you need the out-of-band callback — and confirm blind SSRF, OOB SQLi, blind XSS, XXE, jku, and DNS-exfil end to end.

▸ See pricing Get NewScan (FREE) →