Attack Surface Management & Dark Web Monitoring
ImmuniWeb® Discovery reduces complexity and costs of cybersecurity and compliance with continuous discovery of
your external digital assets and attack surface. Attack Surface Management (ASM) is enhanced with
actionable Security Ratings for your assets and proactive Dark Web monitoring.
How It Works
- Enter your
- See what
- Prioritize, monitor
Frequent Use Cases
Reduce Attack Surface
unprotected digital assets
for GDPR, PCI DSS & NIST
Reduce Human Risk
repositories, cloud and IoT
react and respond
Secure Open Source
Open Source Software
Score Your Partners
security ratings and risk scoring
ImmuniWeb® Discovery in Nutshell
- APIs & Web Services
- Web Applications & Websites
- Domains & SSL Certificates
- IoT & Connected Objects
- Public Code Repositories
- Cloud & NAS Storage
- Mobile Applications
- Mail Servers
- Website Security
- WAF & CSP Presence
- Mobile Application Security
- PCI DSS & GDPR Compliance
- SSL Encryption & Hardening
- Software Composition Analysis
- Expiring Domains & Certificates
- Malware & Black Lists Presence
- SPF, DMARC & DKIM Presence
- Stolen Credentials
- Exposed Documents
- Leaked Source Code
- Vulnerability Reports
- Phishing Websites and Pages
- Fake Accounts in Social Networks
- Trademark Infringements
- Squatted Domain Names
$99 per month
Up to 20 Websites
Other Assets Unlimited
$299 per month
Up to 100 Websites
Other Assets Unlimited
$999 per month
Other Assets Unlimited
|ImmuniWeb® Discovery leverages non-intrusive OSINT (Open Source Intelligence) technology for a 24/7 discovery of external digital assets including cloud storage and public code repositories.24/7 Asset Discovery*|
|ImmuniWeb® Discovery leverages production-safe vulnerability and compliance scanning based on in-depth Software Composition Analysis (SCA) and server configuration. Over 50,000+ known vulnerabilities.24/7 Continuous Monitoring|
|ImmuniWeb® Discovery leverages award-winning AI technology to assign Hackability and Attractiveness scores to your web applications, all other digital assets get estimated risk rating.24/7 Security Ratings|
|ImmuniWeb® Discovery leverages rapid OSINT (Open Source Intelligence) technology for a 24/7 monitoring of Dark Web, web forums, IRC chats, social networks, paste and data sharing websites for leaks and incidents.24/7 Dark Web Monitoring|
* Public code repositories discovery is available only in Corporate Pro
Testimonials and Customer References
Frequently Asked Questions
Subscription for 3, 6 and 12 months is available for rapid purchase via a secure online payment by credit card or PayPal. Payment by a bank wire is likewise available for a yearly subscription.
Yes, ImmuniWeb Discovery is non-intrusive and is based on OSINT model, leveraging the data already accessible or visible in the Internet. Therefore, you can use it for Security Ratings Services (SRS) to rapidly scorecard your suppliers, vendors and other third-parties including parties to M&A transactions.
Yes, at any time you can add supplementary websites or mobile apps belonging to the same brand. You can also import a list of such web applications, we will automatically remove duplicates adding only the new ones.
Yes, if there are any mentions of them in the Internet. For example, if your developers accidentally leak a URL of your internal application via a public code repository (e.g. GitHub), it will likely be detected and brought to your attention.
We have an automated, OSINT-based technology to monitor all publicly accessible .onion websites, web resources, IRC channels, Pastebin and other data sharing websites, Telegram chats and other social networks for sensitive data related or belonging to your company.
No, ImmuniWeb Discovery ensures a holistic visibility of your external IT assets, continuous web security and compliance monitoring, and surveillance of data leaks and mentions on Dark Web. For business-critical applications we recommend more in-depth ImmuniWeb penetration testing offering.
No, the testing process is production-safe and non-intrusive, no action is required from your side.
We provide 24/7 access to our ticketing system for technical and business questions you may have.
Each domain name is counted as separate website. For example, admin.example.com and test.example.com will be counted as two websites. Web applications on non-standard ports, let’s say crm.example.com:8931, will be likewise counted as a supplementary website.
Yes, you can download the data from the dashboard via our API.