How it works
- Enter a
company name - See what
hackers see - See what
hackers do
Everything Visible. Everything Secure.
Successful Use Cases
Prevent Data Breaches
misconfigured cloud or IT assets
Simplify Compliance
monitoring requirements
Outpace Cybercriminals
in Deep, Dark and Surface Web
Avoid Redundant Costs
patching in a risk-based manner
Reduce Human Risk
Internet-exposed test systems
Minimize Third Party Risks
your vendors and suppliers
What Hackers Know
Deep Dive into the Dark Web
We Continuously Monitor:
Compliant with “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources” guidelines by the U.S. Department of Justice
Code Repositories Monitoring and Beyond
Get Control Over Your Source Code at:
Illuminate and Continuously Monitor:
- Accidentally leaked source code
- Malicious source code and exploits
- Copyright infringements
What You Get
- APIs & Web Services
Third-party and in-house REST/SOAP APIs and Web Services used by your web or mobile apps, or otherwise attributable to your company.
- Web Applications & Websites
Your external web applications and websites that are used or operated by your company or are otherwise attributable to it.
- Domains & SSL Certificates
A holistic list of your domain names and SSL certificates for subsequent expiration and validity monitoring.
- Critical Network Services
Exposed network services including SSH, FTP, VPN, RDP, LDAP, VoIP and email servers, and network devices or routers.
- IoT & Connected Objects
Connected objects ranging from CCTV cameras to building security systems, located in your digital premises and accessible from the outside.
- Public Code Repositories
GitHub and other public repositories with accidentally leaked source code belonging to your company, or malicious code targeting your company.
- SaaS & PaaS Systems
Over 200 third-party solutions ranging from Slack to Salesforce that process or handle your data and attributable to your company.
- Public Cloud & CDN
Public cloud attributable to your company including AWS, Microsoft Azure, Google Cloud and over 50 others cloud storages, CDNs and NAS systems.
- Mobile Apps
Mobile apps attributable to your company from Apple Store, Google Play and over 20 other public mobile app stores.
- Databases
Over 50 types of databases spanning from MongoDB to Elasticsearch that are attributable to your company and accessible from the Internet.
- Website Security
Non-intrusive checks for over 10,000 known security vulnerabilities and misconfigurations in web CMS and frameworks.
- WAF & CSP Presence
Non-intrusive fingerprinting of Web Application Firewall and in-depth analysis of Content Security Policy configuration.
- SSL Encryption & Hardening
In-depth SSL/TLS encryption analysis on your external systems spanning from web applications and APIs to cloud and email servers.
- PCI DSS & GDPR Compliance
Non-intrusive checks for relevant security controls and requirements imposed by PCI DSS, GDPR, NIST, HIPPA, CCPA and other regulations.
- Software Composition Analysis
Detection of over 250 web CMS and frameworks, and over 150,000 of their plugins, themes and extensions.
- Expiring Domains & Certificates
Monitoring for expiring domain names and SSL certificates, including certificates’ validity.
- Malware & Black Lists Presence
Monitoring for IP addresses and domains belonging to your company for presence in various black lists, from spam lists to IoC and hacking activities lists.
- SPF, DMARC & DKIM Presence
Monitoring for properly configured SPF, DMARC and DKIM records on your external email servers.
- Mobile Application Security
OWASP Mobile Top 10 scanning, mobile Software Composition Analysis and privacy assessment of your mobile apps.
- Cloud & DB Security
Monitoring for open public cloud storage and password-unprotected databases accessible from the Internet.
- Stolen Credentials
Monitoring for presence of your employees’ credentials in password collections and stolen databases on Dark Web marketplaces, IRC and Telegram.
- Pastebin Mentions
Monitoring of Pastebin, including deleted posts, and other paste websites for mentions of your company, domain names or IP addresses.
- Exposed Documents
Monitoring for leaked or stolen documents attributable to your company on Dark Web marketplaces and hacking forums.
- Leaked Source Code
Monitoring for accidently or maliciously exposed source code on public code repositories such as GitHub.
- Breached IT Systems & IoC
Monitoring for mentions of your systems on Dark Web marketplaces and hacking forums, enhanced with monitoring of threat intelligence and IoC lists.
- Phishing Websites & Pages
Monitoring for newly registered phishing domains and created scam web pages targeting your company, its employees or clients.
- Fake Accounts in Social Networks
Monitoring for newly created accounts that impersonate your company in Facebook, Twitter, LinkedIn and other social networks.
- Unsolicited Vulnerability Reports
Monitoring for social networks and special Vulnerability Disclosure Platforms for security flaws impacting your systems or applications.
- Trademark Infringements
Monitoring for websites and domains trying to impersonate your company, its brands or trademarks.
- Squatted Domain Names
Monitoring for cyber- and typo-squatted domain names involving your company name or brand.
- JSON
- XLS
-
present in a web or mobile application. Helps properly prioritize the
penetration testing targets in a risk-based manner.
specifically) per month against a web application. Helps properly
schedule the penetration testing in a threat-aware manner.
ImmuniWeb® Discovery Packages
1 Enter a Company Name
Non-intrusive OSINT technology for
self-assessment or third-party
risk management
2 See What Hackers See
You will get your dashboard
delivered within the next
three business days
3 See What Hackers Do
Add users and personalize
instant alerts about new
breaches or incidents
| Unlimited assets and incidents per company Each package includes unlimited number of discoverable assets and security incidents related to your company (excluding subsidiaries with different names). | Corporate Pro Daily Update We automatically scan all your assets | Corporate Weekly Update We automatically scan all your assets | Express Pro Biweekly Update We automatically scan all your assets |
|---|---|---|---|
| Web & Mobile Assets Discovery Including:
|  | | |
| Cloud & SaaS Assets Discovery Including:
| | | |
| Network & IoT Assets Discovery Including:
| | | |
| Application Security Ratings Including:
| | | |
| Security & Compliance Monitoring Including:
| | | |
| Dark Web and Incidents Monitoring Including:
| | ||
| Public Code Repositories Monitoring Including:
| | ||
| Continuous For Attack Surface Management & Dark Web Monitoring | $995 / month | $499 / month | $199 / month |
| One-Time For Third Party Risk Management & e-Discovery | $2,995 / discovery | currently unavailable | currently unavailable |
| Start now and get your dashboard by — | |||
Frequently Asked Questions
- QHow many companies can I include into one subscription?AThere is no limit for the number of continuously monitored digital assets per company, but each company requires a separate subscription.
- QDo I need a permission to run Discovery on third-parties?ANo, we use only OSINT discovery and non-intrusive security testing methodologies that normally do not require a pre-authorization from the targeted company, differently from penetration testing for example. Therefore, you can use Discovery to scorecard your suppliers or vendors for third-party risk management purposes.
- QWill you discover all my external assets?AWe normally detect 99% of externally exposed IT and digital assets that are attributable to your organization by a wide spectrum of OSINT-based methodologies and network reconnaissance. Moreover, you can always manually add any assets for continuous security and compliance monitoring in just one click.
We Make Applications Secure
