Attack Surface Assessment

See what attackers see — before they do

We discover your internet-facing assets, including forgotten subdomains, exposed test environments, and open services, and show you exactly what an attacker sees — before anyone takes advantage of it.

Forgotten subdomains

Open ports & services

SSL/TLS weaknesses

Leaked credentials

Exposed test environments

Shadow IT

Your details

First name *

Required

Last name *

Required

Work email *

Please enter a valid email

Phone (optional)

Organisation name *

Required

Your role

Scope & assets

Primary domain *

Required

Additional domains, subdomains, or IP ranges One per line — we only scan assets you explicitly authorise.

Asset types to include * Select all that apply

Web applications

APIs & endpoints

Cloud infrastructure

Servers & open ports

Subdomains & DNS

VPN & remote access

Mobile app backends

Third-party integrations

Urgency & context

How soon do you need this? *

Urgent
Within 1 week

Soon
1–2 weeks

Standard
This month

Planning
No rush

What is driving this assessment?

Proactive risk reduction Find issues before attackers do

Compliance requirement NDPA, ISO 27001, PCI DSS, SOC 2

Recent incident Suspected or confirmed breach

New product launch Going live soon

Board directive Leadership has requested it

Customer requirement Client or partner asking for it

Anything else we should know?

We review every request and respond within one business day to confirm scope and pricing.

Request received

We will review your request and get back to you within one business day to confirm scope, methodology, and pricing. Nothing will be scanned until you sign off on the scope.

Your submission

← Back to home

What we look for

Forgotten assets Dev, staging, old test environments left exposed to the internet

Open ports & services SSH, RDP, databases, admin panels directly reachable from the internet

Leaked credentials API keys, passwords, tokens in code repos, paste sites, or dark web

SSL/TLS weaknesses Expired certificates, weak ciphers, misconfigured HTTPS

Shadow IT Unauthorised assets and services running under your domain

What happens next

We review your request Within one business day we confirm receipt and scope.

Scope agreement We send a scope document for your review and signature before anything is scanned.

Assessment begins Passive and active reconnaissance of your authorised assets.

Report delivered Full findings with severity ratings, screenshots, and remediation guidance.