In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Total Tests:
This Week:
Today:

ImmuniWeb® Discovery

Reducing complexity and costs

ImmuniWeb® Discovery leverages our award-winning OSINT and AI technology to illuminate your external attack surface. We continuously detect, test and scorecard your digital and IT assets, enhancing visibility with
proactive monitoring of your company mentions in Dark Web and Code Repositories.

How it Works

  1. Enter your
    company name
  2. See what
    hackers see
  3. Prioritize, monitor
    and respond

Frequent Use Cases

Reduce Attack Surface

Detection of shadow, abandoned and
unprotected digital assets

Simplify Compliance

Asset inventory and monitoring
for GDPR, PCI DSS & NIST

Reduce Human Risk

Rapid alerts on exposed code
repositories, cloud and IoT

Outpace Attackers

Dark Web monitoring to timely
react and respond

Secure Open Source

Detection of 200+ CMS & frameworks
and 200,000+ plugins

Score Your Partners

Security ratings and risk scoring for
M&A, vendors and suppliers

ImmuniWeb® Discovery in a Nutshell

Asset Discovery
24/7
  • APIs & Web Services

    Third-party and in-house REST/SOAP APIs and Web Services used by your web or mobile apps, or otherwise attributable to your company.

  • Web Applications & Websites

    Your external web applications and websites that are used or operated by your company or are otherwise attributable to it.

  • Domains & SSL Certificates

    A holistic list of your domain names and SSL certificates for subsequent expiration and validity monitoring.

  • IoT & Connected Objects

    Connected objects ranging from CCTV cameras to building security systems, located in your digital premises and accessible from the outside.

  • Public Code Repositories

    GitHub and other public repositories with accidentally leaked source code belonging to your company, or malicious code targeting your company.

  • Cloud & NAS Storage

    Public cloud attributable to your company including AWS, Microsoft Azure, Google Cloud and over 50 others cloud storages and NAS systems.

  • Data in SaaS or PaaS

    Over 200 third-party solutions ranging from Slack to Salesforce that process or handle your data and attributable to your company.

  • Mobile Applications

    Mobile apps attributable to your company from Apple Store, Google Play and over 20 other public mobile app stores.

  • Mail Servers

    Email serves operated or hosted by your company and visible from the Internet.

  • Databases

    Over 50 types of databases spanning from MongoDB to Elasticsearch that are attributable to your company and accessible from the Internet.

Helicopter view of your external attack surface
Security Monitoring
24/7
  • Website Security

    Non-intrusive checks for over 10,000 known security vulnerabilities and misconfigurations in web CMS and frameworks.

  • WAF & CSP Presence

    Non-intrusive fingerprinting of Web Application Firewall and in-depth analysis of Content Security Policy configuration.

  • SSL Encryption & Hardening

    In-depth SSL/TLS encryption analysis on your external systems spanning from web applications and APIs to cloud and email servers.

  • PCI DSS & GDPR Compliance

    Non-intrusive checks for relevant security controls and requirements imposed by PCI DSS, GDPR, NIST, HIPPA, CCPA and other regulations.

  • Software Composition Analysis

    Detection of over 250 web CMS and frameworks, and over 150,000 of their plugins, themes and extensions.

  • Expiring Domains & Certificates

    Monitoring for expiring domain names and SSL certificates, including certificates’ validity.

  • Malware & Black Lists Presence

    Monitoring for IP addresses and domains belonging to your company for presence in various black lists, from spam lists to IoC and hacking activities lists.

  • SPF, DMARC & DKIM Presence

    Monitoring for properly configured SPF, DMARC and DKIM records on your external email servers.

  • Mobile Application Security

    OWASP Mobile Top 10 scanning, mobile Software Composition Analysis and privacy assessment of your mobile apps.

  • Cloud & DB Security

    Monitoring for open public cloud storage and password-unprotected databases accessible from the Internet.

Production-safe vulnerability and compliance scanning
Dark Web Monitoring
24/7
  • Stolen Credentials

    Monitoring for presence of your employees’ credentials in password collections and stolen databases on Dark Web marketplaces, IRC and Telegram.

  • Pastebin Mentions

    Monitoring of Pastebin, including deleted posts, and other paste websites for mentions of your company, domain names or IP addresses.

  • Breached IT Systems

    Monitoring for mentions of your systems, or systems containing your data, on Dark Web marketplaces and hacking forums.

  • Exposed Documents

    Monitoring for leaked or stolen documents attributable to your company on Dark Web marketplaces and hacking forums.

  • Leaked Source Code

    Monitoring for accidently or maliciously exposed source code on public code repositories such as GitHub.

  • Phishing Websites & Pages

    Monitoring for newly registered phishing domains and created scam web pages targeting your company, its employees or clients.

  • Fake Accounts in Social Networks

    Monitoring for newly created accounts that impersonate your company in Facebook, Twitter, LinkedIn and other social networks.

  • Unsolicited Vulnerability Reports

    Monitoring for social networks and special Vulnerability Disclosure Platforms for security flaws impacting your systems or applications.

  • Trademark Infringements

    Monitoring for websites and domains trying to impersonate your company, its brands or trademarks.

  • Squatted Domain Names

    Monitoring for cyber- and typo-squatted domain names involving your company name or brand.

Proactive and timely reaction to security incidents
Security Ratings
24/7
86
Hackability Score
Hackability score shows how easy a web application can be hacked from a
technical point of view.
18
Attractiveness Score
Attractiveness score shows how attractive a web application is within your industry for cybercriminals.
Award-winning AI technology for actionable and data-driven risk scoring

Everything Visible. Everything Secure.

ImmuniWeb® Discovery Pricing

Unlimited digital assets
discovery & monitoring

Corporate Pro
Daily Update
Any asset can be manually re-scanned at any time.
Corporate
Weekly Update
Any asset can be manually re-scanned at any time.
SMB
Biweekly Update
Any asset can be manually re-scanned at any time.
Asset Discovery
Including:
  • APIs & Web Services
  • Web Applications & Websites
  • Domains & SSL Certificates
  • IoT & Connected Objects
  • Public Code Repositories
  • Cloud & NAS Storage
  • Data in SaaS or PaaS
  • Mobile Applications
  • Mail Servers
  • Databases
Yes Yes Yes
Security Monitoring
Including:
  • Website Security
  • WAF & CSP Presence
  • SSL Encryption & Hardening
  • PCI DSS & GDPR Compliance
  • Software Composition Analysis
  • Expiring Domains & Certificates
  • Malware & Black Lists Presence
  • SPF, DMARC & DKIM Presence
  • Mobile Application Security
  • Cloud & DB Security
Yes Yes Yes
Security Ratings
Including:
  • Hackability Score
  • Attractiveness Score
Yes Yes
Dark Web Monitoring
Including:
  • Stolen Credentials
  • Pastebin Mentions
  • Breached IT Systems
  • Exposed Documents
  • Leaked Source Code
  • Phishing Websites & Pages
  • Fake Accounts in Social Networks
  • Unsolicited Vulnerability Reports
  • Trademark Infringements
  • Squatted Domain Names
Yes
Buy now, get results on
$999
/ month
$299
/ month
$99
/ month
VISA MasterCard American Express PayPal JCB UnionPay Bank Transfer

How It Works

  1. Enter your
    company name
  2. See what
    hackers see
  3. Prioritize, monitor
    and respond

We Make Applications
Secure and Reliable

Frequently Asked Questions

  • Q
    How many companies can I include into one subscription?
    A
    There is no limit for the number of continuously monitored digital assets per company, but each company requires a separate subscription.
  • Q
    Do I need a permission to run Discovery on third-parties?
    A
    No, we use only OSINT discovery and non-intrusive security testing methodologies that normally do not require a pre-authorization from the targeted company, differently from penetration testing for example. Therefore, you can use Discovery to scorecard your suppliers or vendors for third-party risk management purposes.
  • Q
    Will you discover all my external assets?
    A
    We normally detect 99% of externally exposed IT and digital assets that are attributable to your organization by a wide spectrum of OSINT-based methodologies and network reconnaissance. Moreover, you can always manually add any assets for continuous security and compliance monitoring in just one click.

Gartner Peer Insights Recommends

Gartner Peer Insights
Ask a Question