Free Domain Exposure Scan A light, public-surface review for domain, email, TLS, headers, and obvious exposure. No credentials, no exploitation, no intrusive testing.
DNS, SPF, DMARC, MX posture TLS and security-header signals Basic subdomain and public endpoint checks Plain-English risk summaryExternal Attack Surface Assessment A written-scope external review modeled after the assessments we produce internally: evidence, severity, OWASP mapping, and a remediation plan.
Website and CMS exposure review VPN, webmail, cPanel, and portal exposure WordPress/API/directory-index checks Executive PDF and technical appendixAuthorized Penetration Test A controlled test performed only after authorization, scope, rules of engagement, and emergency contacts are signed off by the client.
Authenticated web/API testing when credentials are supplied Controlled exploit validation where approved Remote-access and VPN posture review Retest letter after remediationWritten authorization Testing starts only after the asset owner signs scope and authorization.
Rules of engagement Every engagement defines targets, windows, intensity, stop conditions, and emergency contacts.
Non-destructive default No password spraying, DoS, social engineering, or exploit chaining unless explicitly written into scope.
Findings over theatrics We prioritize verified business risk, evidence, remediation, and retestability over flashy payloads.
External attack surface Domains, DNS, exposed subdomains, public ports, TLS, web headers, mail security, stale vendor records, and takeover indicators.
Web/CMS and hosting WordPress, plugin metadata, REST exposure, directory indexing, webmail/cPanel surfaces, public admin endpoints, and safe OWASP checks.
Remote access VPN portals, certificate hygiene, MFA evidence, rate-limit posture, login surfaces, and vendor/version exposure from outside.