How it works
- Just enter a
- See what
- See what
Everything Visible. Everything Secure.
Compliance, Security and Vendor Risk Management
Prevent Data Breaches
or misconfigured IT assets
incidents, data leaks or phishing
Cut Operational Costs
risk-based pentesting and patching
Minimize Human Risk
abandoned or forgotten assets
Prevent Supply Chain Attacks
vendors and suppliers
Threat Intelligence and Dark Web Monitoring
24/7 monitoring of your brand mentions in:
Compliant with “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources” guidelines by the U.S. Department of Justice
Cloud Security Posture Management
Containers and CI/CD Pipeline Monitoring
Prevent Data Breaches and Supply Chain Attacks
- APIs & Web Services
Third-party and in-house REST/SOAP APIs and Web Services used by your web or mobile apps, or otherwise attributable to your company.
- Public Cloud Services
Cloud storage and cloud-native services in AWS, Azure and GCP including exposed repositories, serverless, API gateways, load balancers, queues and container management systems.
- Domains & SSL Certificates
A holistic list of your domain names and SSL certificates for subsequent expiration and validity monitoring.
- Web Applications & Websites
Your external web applications and websites that are used or operated by your company or are otherwise attributable to it.
- Critical Network Services
Exposed network services including SSH, FTP, VPN, RDP, LDAP, VoIP and email servers, and network devices or routers.
- IoT & Connected Objects
Connected objects ranging from CCTV cameras to building security systems, located in your digital premises and accessible from the outside.
- Public Code Repositories
GitHub and other public repositories with accidentally leaked source code belonging to your company, or malicious code targeting your company.
- SaaS & PaaS Systems
Over 200 third-party solutions ranging from Slack to Salesforce that process or handle your data and attributable to your company.
- Mobile Apps
Mobile apps attributable to your company from Apple Store, Google Play and over 20 other public mobile app stores.
Over 50 types of databases spanning from MongoDB to Elasticsearch that are attributable to your company and accessible from the Internet.
External Attack Surface
- Website Security
Non-intrusive checks for over 10,000 known security vulnerabilities and misconfigurations in web CMS and frameworks.
- WAF & CSP Presence
Non-intrusive fingerprinting of Web Application Firewall and in-depth analysis of Content Security Policy configuration.
- SSL Encryption & Hardening
In-depth SSL/TLS encryption analysis on your external systems spanning from web applications and APIs to cloud and email servers.
- PCI DSS & GDPR Compliance
Non-intrusive checks for relevant security controls and requirements imposed by PCI DSS, GDPR, NIST, HIPPA, CCPA and other regulations.
- Software Composition Analysis
Detection of over 250 web CMS and frameworks, and over 150,000 of their plugins, themes and extensions.
- Expiring Domains & Certificates
Monitoring for expiring domain names and SSL certificates, including certificates’ validity.
- Malware & Black Lists Presence
Monitoring for IP addresses and domains belonging to your company for presence in various black lists, from spam lists to IoC and hacking activities lists.
- SPF, DMARC & DKIM Presence
Monitoring for properly configured SPF, DMARC and DKIM records on your external email servers.
- Mobile Application Security
OWASP Mobile Top 10 scanning, mobile Software Composition Analysis and privacy assessment of your mobile apps.
- Cloud & DB Security
Monitoring for open public cloud storage and password-unprotected databases accessible from the Internet.
and Compliance Scanning
- Stolen Credentials
Monitoring for presence of your employees’ credentials in password collections and stolen databases on Dark Web marketplaces, IRC and Telegram.
- Pastebin Mentions
Monitoring of Pastebin, including deleted posts, and other paste websites for mentions of your company, domain names or IP addresses.
- Exposed Documents
Monitoring for leaked or stolen documents attributable to your company on Dark Web marketplaces and hacking forums.
- Leaked Source Code
Monitoring for accidently or maliciously exposed source code on public code repositories such as GitHub.
- Breached IT Systems & IoC
Monitoring for mentions of your systems on Dark Web marketplaces and hacking forums, enhanced with monitoring of threat intelligence and IoC lists.
- Phishing Websites & Pages
Monitoring for newly registered phishing domains and created scam web pages targeting your company, its employees or clients.
- Fake Accounts in Social Networks
Monitoring for newly created accounts that impersonate your company in Facebook, Twitter, LinkedIn and other social networks.
- Unsolicited Vulnerability Reports
Monitoring for social networks and special Vulnerability Disclosure Platforms for security flaws impacting your systems or applications.
- Trademark Infringements
Monitoring for websites and domains trying to impersonate your company, its brands or trademarks.
- Squatted Domain Names
Monitoring for cyber- and typo-squatted domain names involving your company name or brand.
to Security Incidents
1 Enter Your Company Name
Just enter a company name to run
open-sourced intelligence scan
of its entire attack surface
2 See What Hackers See
Explore on-premises systems and
cloud resources where the data
is stored or processed
3 See What Hackers Do
Detect data breaches, compromised
accounts or systems, stolen data,
phishing and brand misuse
|ImmuniWeb® Discovery|| |
| Access to Security Analysts |
| Domain & Subdomains Discovery |
| Web Applications & API Discovery |
| Mobile Applications & API Discovery |
| Security & Compliance Monitoring |
| Multicloud Resources Discovery |
| Network Services Discovery |
| Cyber Threat Intelligence |
| Repositories Monitoring |
| Dark Web Monitoring |
| Phishing Monitoring |
| Brand Monitoring |
| Access to Dark Web Analysts |
| Phishing Websites Takedown |
| Updates ||24/7||Every Day||Every Week||Every 2 Weeks|
|Annual Subscription|| |
|Monthly Subscription|| || |
| || |
Why Choosing ImmuniWeb® AI Platform
Instant start. Rapid Delivery.
SC Awards Winner
250+ Business Partners
70% YoY Sales Growth
Zero Breaches of SLA
Frequently Asked Questions
- QHow many IT assets can I include into my subscription?AThere is no limit for the number of IT assets or Dark Web mentions per company, but each company requires a separate subscription. If you have multiple brands or companies to monitor, please get in touch to get a special quote. You may have unlimited number of users per project with granular permissions.
- QDo I have to deploy any on-premise agents or software?ANo, we normally detect 99.9% of externally visible and accessible IT assets located on premises or in a cloud by using a wide spectrum of OSINT-based methodologies, network reconnaissance and our proprietary sets of Big Data. To start a Discovery project all you need to do is enter the name of your company: your interactive dashboard with first results will be ready in 3 days. While your subscription is active, we will continuously monitor your external Attack Surface for changes and automatically add new IT assets at no additional cost.
- QHow can you test security of my Microsoft Azure, AWS or GCP?AWe rapidly detect your multicloud attack surface and external cloud assets including various types of data storage, gateways, load balancers, databases and other external cloud instances in AWS, Azure, GCP and over 50+ other public cloud service providers. In addition to illuminating your cloud attack surface for various misconfigurations, excessive access permissions or default IAM policies, we also map your geographical data storage for compliance and regulatory purposes. Unlike other vendors, you don’t need to provide us with a cloud IAM account, just enter your company name to run cloud discovery and start continuous cloud monitoring.
- QDo I need a permission to run Discovery on third parties?AGenerally, no formal authorization is required as we use only non-intrusive OSINT (Open Source Intelligence) discovery and production-safe security evaluation methodologies. To maintain transparency in your Third-Party Risk Management program, you may wish to notify your vendors in advance.
Trusted by 1,000+ Global Customers
ImmuniWeb is an efficient and very easy-to-use solution that combines automatic and human tests. The results are complete, straightforward and easy to understand. It’s an essential tool for the development of the new digital activities
ImmuniWeb is the best and simplest way to secure your business online. It's really fantastic experience to get report with zero false positive with detailed actions how to resolve problems and remove vulnerabilities. I think ImmuniWeb is definitely the best alternative to pen testers. As well as a way to save on staff and other costs. I am glad that I can get it all without any hidden costs and without complicated licensing schemes
Senior Information Security Officer
We believe ImmuniWeb platform would definitely address the common weaknesses seen in manual assessments. The AI-assisted platform not only automates the assessments, but also, executes them in a continuous, consistent and reliable fashion. Admittedly, the platform would definitely add quick wins and great ROI to its customers on their investment.
Information Security Officer
ImmuniWeb provides accurate assessment on the security posture of our cloud-based applications. The report provided is concise and easy to read with sound advisories on the necessary steps to fix the issues. What impressed me most was that no false positive was listed and the vulnerabilities are real. ImmuniWeb certainly gives us the right level of assurance that our cloud-based applications are safe and "good-to-go" before we deploy them out to production
Lee Chye Seng
Director, Learning Systems and Applications
ImmuniWeb is an invaluable tool for iPresent with both automated and manual penetration testing. The fantastic manual testing has found even the most hidden and complicated bugs in our security and ImmuniWeb has delivered first class knowledge. The self-service interface also gives us great control to schedule and monitor tests when we need them
Chief Technical Officer
ImmuniWeb is a great innovative service that brings unbeatable ROI. It is undoubtedly the best way to quickly and easily guarantee your customers that their data is safe with you - and yours too by the way! Efficient and effective!
Head of IT