Community Edition
Total Tests:
This Week:

Attack Surface Management & Dark Web Monitoring

For self-assessment and third-party risk scoring

ImmuniWeb® Discovery reduces complexity and costs of cybersecurity and compliance with continuous discovery of
your external digital assets and attack surface. Attack Surface Management (ASM) is enhanced with
actionable Security Ratings for your assets and proactive Dark Web monitoring.

How It Works

  1. Enter your
    company name
  2. See what
    hackers see
  3. Prioritize, monitor
    and respond

Frequent Use Cases

Reduce Attack Surface

Detection of shadow, abandoned and
unprotected digital assets

Simplify Compliance

Asset inventory and monitoring

Reduce Human Risk

Rapid alerts on exposed code
repositories, cloud and IoT

Outpace Attackers

Dark Web monitoring to timely
react and respond

Secure Open Source

Detection of outdated and vulnerable
Open Source Software

Score Your Partners

M&A, vendors, suppliers & other third-party
security ratings and risk scoring

ImmuniWeb® Discovery in Nutshell

Asset Inventory
Helicopter view of your attack surface and external digital assets
  • APIs & Web Services
  • Web Applications & Websites
  • Domains & SSL Certificates
  • IoT & Connected Objects
  • Public Code Repositories
  • Cloud & NAS Storage
  • Mobile Applications
  • Mail Servers
Continuous Monitoring
Production-safe vulnerability and compliance scanning
  • Website Security
  • WAF & CSP Presence
  • Mobile Application Security
  • PCI DSS & GDPR Compliance
  • SSL Encryption & Hardening
  • Software Composition Analysis
  • Expiring Domains & Certificates
  • Malware & Black Lists Presence
  • SPF, DMARC & DKIM Presence
Dark Web Monitoring
Threat intelligence and proactive data leaks monitoring
  • Stolen Credentials
  • Exposed Documents
  • Leaked Source Code
  • Vulnerability Reports
  • Phishing Websites and Pages
  • Fake Accounts in Social Networks
  • Trademark Infringements
  • Squatted Domain Names
Security Ratings
Award-winning AI technology for actionable and data-driven risk scoring
Hackability Score
Hackability score shows how easy a web application can be hacked from a
technical point of view.
Attractiveness Score
Attractiveness score shows how attractive a web application is within your industry for cybercriminals.

Everything Visible. Everything Secure.

ImmuniWeb® Discovery Pricing

Turbocharged performance
at unbeatable price

$99 per month
Up to 20 Websites
Other Assets Unlimited
$299 per month
Up to 100 Websites
Other Assets Unlimited
Corporate Pro
$999 per month
Unlimited Websites
Other Assets Unlimited
ImmuniWeb® Discovery leverages non-intrusive OSINT (Open Source Intelligence) technology for a 24/7 discovery of external digital assets including cloud storage and public code repositories.24/7 Asset Discovery* Yes Yes Yes
ImmuniWeb® Discovery leverages production-safe vulnerability and compliance scanning based on in-depth Software Composition Analysis (SCA) and server configuration. Over 50,000+ known vulnerabilities.24/7 Continuous Monitoring Yes Yes Yes
ImmuniWeb® Discovery leverages award-winning AI technology to assign Hackability and Attractiveness scores to your web applications, all other digital assets get estimated risk rating.24/7 Security Ratings Yes Yes
ImmuniWeb® Discovery leverages rapid OSINT (Open Source Intelligence) technology for a 24/7 monitoring of Dark Web, web forums, IRC chats, social networks, paste and data sharing websites for leaks and incidents.24/7 Dark Web Monitoring Yes

* Public code repositories discovery is available only in Corporate Pro

Need a one-time or custom package? Get in touch

Testimonials and Customer References

Crédit Agricole next bank (Suisse) SA
eBay Classifieds Group
Haymarket Media, Inc.
Swissquote Bank SA
University Hospitals of Geneva (HUG)
SIX Group Services AG
International Telecommunication Union (ITU)
Banca dello Stato del Cantone Ticino
SIM University
Arab Bank (Switzerland) Ltd.
Legal Vision

Frequently Asked Questions

Subscription for 3, 6 and 12 months is available for rapid purchase via a secure online payment by credit card or PayPal. Payment by a bank wire is likewise available for a yearly subscription.

Yes, ImmuniWeb Discovery is non-intrusive and is based on OSINT model, leveraging the data already accessible or visible in the Internet. Therefore, you can use it for Security Ratings Services (SRS) to rapidly scorecard your suppliers, vendors and other third-parties including parties to M&A transactions.

Yes, at any time you can add supplementary websites or mobile apps belonging to the same brand. You can also import a list of such web applications, we will automatically remove duplicates adding only the new ones.

Yes, if there are any mentions of them in the Internet. For example, if your developers accidentally leak a URL of your internal application via a public code repository (e.g. GitHub), it will likely be detected and brought to your attention.

We have an automated, OSINT-based technology to monitor all publicly accessible .onion websites, web resources, IRC channels, Pastebin and other data sharing websites, Telegram chats and other social networks for sensitive data related or belonging to your company.

No, ImmuniWeb Discovery ensures a holistic visibility of your external IT assets, continuous web security and compliance monitoring, and surveillance of data leaks and mentions on Dark Web. For business-critical applications we recommend more in-depth ImmuniWeb penetration testing offering.

No, the testing process is production-safe and non-intrusive, no action is required from your side.

We provide 24/7 access to our ticketing system for technical and business questions you may have.

Each domain name is counted as separate website. For example, and will be counted as two websites. Web applications on non-standard ports, let’s say, will be likewise counted as a supplementary website.

Yes, you can download the data from the dashboard via our API.

Any other questions? Contact Sales

Gartner Peer Insights Recommends

Gartner Peer Insights