• Subscribe to the low volume list for updates.

Attack Surface Assessment


Using open source intelligence (OSINT) we map your organisations network and compile a detailed report. By using Internet Wide Scan Data we have zero impact on your network.

Vulnerability scanner matrix
Expert Advice
Independent assessment from a Senior Security Analyst. No BS.
Streamlined Process
Focused on the things that matter. Clear and Accurate Results.
Know Your Exposure
Get a clear snapshot of your external attack surface.
Book your assessment window today. Due to high demand there are limited windows available in the next 4 weeks.

Single ReviewFrom $2000USD
  • Zero Impact on Target
  • Fixed price assessment
  • Fast turn around (72 hrs)
  • Clear results from the attackers perspective
  • Compare results with Asset Register
  • Custom Options Available

20% discount
Quarterly ReviewFrom $6400USD
  • Attack Surface Analysis x4 (Quarterly)
  • Hassle Free Regular Assessments
  • Monitor Ongoing System Changes
  • Clear results from the attackers perspective
  • Compare results with Asset Register
  • Custom Options Available

Today we found  directory indexing unmanaged and open
Order your Report Today.
Easy approvals as there is zero impact on your network.

Some Common Questions

What are the typical targets of this assessment service?
Typical clients include both Enterprise and Small / Medium Enterprises (SME), anyone with more than a handful of Internet facing services will get immediate value from this type of assessment. Starting from a single domain or organization name we review open source intelligence (OSINT) sources and Internet Wide Scan data to develop an attack surface. That is end points where a targeted attacker would be probing to get access to your systems and data.

The target of this assessment is network resources, systems and endpoints. There is no targeting of organisations members or employees for social engineering purposes.

An attacker targeting your organisation has access to this intelligence. Do you?

The report will be delivered as a PDF and a Spreadsheet and contain:

  • Discovered Host names
  • Discovered IP addresses and Network Blocks
  • Discovered open services (from Internet wide Scan Data not active port scans)
  • Email addresses found in breach data sets, including details on breach and information compromised
  • Metadata from documents, code leaks, S3 Buckets and other information leaks relevant to the organisation
  • Related Security & Network Information sourced from open source (OSINT)

Another third party assessment we offer is a focused External Vulnerability Assessment. This involves active vulnerability scanning and validation of the detected vulnerabilities.

Who uses these Security Assessment Services?
Our professional assessment services are popular with anyone who wants an independent third party review of their security posture. Clients are based around the world and vary from small business to large enterprises.
Can I get an assessment against client systems?
Of course! Agencies and consultants can use this service to perform security reviews of clients organisations. A value added service for your IT consulting or managed services.
What are the testing methods used?
Using a combination of manual security analysis and automated reconnaissance tools the site, network and / or systems will be checked for Internet end points. The discovery process uses Internet wide data sets and open source intelligence resources. Results from the automated tools are assessed and used to further expand the attack surface. An easy to follow attack surface report is then compiled to provide an overview of the findings in an understandable format.

Sample Resources used:

  • HackerTarget.com IP Tools
  • CommonCrawl Website Archive
  • Certificate Transparency Logs
  • Reverse Whois searches for related domains
  • Shodan.io and other Internet Wide Scanners
  • Pastebin and other resources used by threat groups
  • Search Engines (Google Dorks)
  • Twitter / Facebook / Github and other Social Media Platforms
  • Metadata leaks in published resources
  • Other custom resources and data sets as required
Who performs the security assessment?
With years of experience in both commercial and government environments our experts have a deep knowledge of adversary tactics and techniques. All security assessments are performed by a Certified Senior Security Analyst. Industry standard qualifications include GIAC (Global Information Assurance Certification) from the Sans Institute.
What if my budget is limited?
If you cannot afford the cost of a manual assessment you may like to try our automated DIY services. We have hosted open source vulnerability scanners and reconnaissance tools that can be run manually by members of your team. This involves planning your testing, receiving the raw results from our scanning tools, analysis and validation of those results.
Why is this service so cheap?
By offering a focused tactical assessment service, we have streamlined the process and eliminated scope creep. Not everyone needs an assessment that takes weeks and costs tens of thousands of dollars. By having a fixed length testing window, the aim is to get an actionable understanding of the organisations Internet facing attack surface.

Rest assured that our focus does not impact our availability to answer your questions before, during and after the assessment.

What does the report include?
The report is compiled after analysis of the results from the automated and manual testing. Sections include an overall summary of the endpoints found, a detailed list of discovered assets including recommended remediation of any glaring security issues and an appendix that contains the raw results from the tools that were used during the assessment.
Longer term engagements?
Organisations with a large number of endpoints will inevitably have a wide ranging attack surface. Once we have an idea of the number of Internet facing endpoints we will develop a proposal. Ideal for the CISO looking to get an overview of the attack surface from the adversary's perspective.

How does the payment system work?
Payment is via Credit Card (preferred) or international money transfer to our bank. Once we receive your initial booking we will provide a copy of the terms of the assessment and payment details. Following confirmation of payment, we are ready and will proceed with the assessment at your allotted time. Reports are available within 72 hours.
Organizations that do not scan for vulnerabilities and address discovered flaws pro-actively face a significant likelihood of having their computer systems compromised.

Get Started Here

Complete this form to request an Attack Surface Assessment of your Internet facing systems. We will get back to you within 24 hours with a proposed plan, terms of the service and payment details.

If there are particular systems or networks you would like the assessment to focus on then please detail these requirements. In this case a high level security assessment will be conducted against the target, with focused testing performed against the system or network of particular interest.

With this fixed rate security assessment testing is conducted in a 48 hour window, with report delivered within 72 hours.

Client Requirements:

  • You must be the owner of the system or have explicit permission to have a third party security assessment performed against the target organisation.
  • An understanding that while we are primarily relying on open source information sources, there is a chance that some requests may access the organisations systems. For example, DNS requests against discovered systems.


  • Detailed Security Report delivered within 72 hours.
  • Report to contain discovered results and recommended remediation.
  • Follow up questions to be conducted via email.
  • Attack Surface Assessment Request: