Continuous pentest, finished by hand
We scan your external attack surface every day with 30+ tools, verify every finding against your live environment, and finish with an LLM-driven review that strips out the noise. What reaches the report has survived three filters.
Hostat i Stockholm. GDPR Art. 28-DPA på begäran. Org.nr 556227-6351.
39 findings dropped along the way, of which 4 were marked false positive by our FP-learning engine. The rest were duplicates, already known, or fully covered by another control.
The method
The difference from a regular vulnerability scanner isn't more tools, it's what happens after the scan. Three steps remove findings. Only one adds.
nuclei, subfinder, httpx, naabu and ~25 more tools run against your external attack surface. We use what actually works for the stack, not everything at once.
Removes nothing. Builds raw material.
Every finding is double-checked against your live environment with HTTP self-tests, snapshot comparison and global FP patterns. Duplicates merge, known FPs are marked.
Removes ~70 % of raw findings.
An Opus-driven review reads scan data with scope-awareness and evidence-grounding, finds coverage gaps and downgrades weak signals. An operator reads and approves.
Sometimes adds. More often removes.
The final product is a short, prioritized list in the dashboard or monthly email. No "Critical: missing X-Frame-Options". Just things worth fixing.
Delivered. Done.
Our products
Removes duplicates, FP and noise so what ends up in the report is worth reading. Takes 47 raw findings down to 8.
Read more14 tools over the Model Context Protocol. Claude Code and Cursor trigger scans and fetch findings right from chat.
Read moreMaturity assessment against NIST CSF 2.0, NIS2 and CRA. Workshops, report, prioritized roadmap. Delivered as a project.
Read morePricing
14 days free, no credit card. Standard fits most customers. Guarantee: if we find nothing in 30 days, full refund.
Comparison
Actual features, not claims. Things actually listed on competitor pricing pages as of May 2026.
| Service | Daily | AI verif. | Swedish | EASM | Monitoring | Price |
|---|---|---|---|---|---|---|
| Pentesting.se | ✓ | ✓ | ✓ | ✓ | ✓ | 249 SEK |
| Aikido | ✓ | ✓ | — | ✓ | — | fr €300/mån |
| Detectify | ✓ | — | ✓ | ✓ | ✓ | fr $275/mån |
| Intruder | — | — | — | — | — | fr $172/mån |
| Pentest-Tools | — | — | — | — | — | fr $85/mån |
| Qualys | ✓ | — | — | ✓ | — | Custom |
Frequently asked
EASM continuously maps and monitors externally exposed IT assets: domains, subdomains, IPs, ports, web applications, and cloud services. The point is to find vulnerabilities before an attacker does.
The difference is not more tools, but three filters after the scan: cross-tool correlation, verification against your live environment, and an LLM-driven review that cleans and complements. What ends up in the report has survived three filters, not the raw scan.
Findings are automatically mapped to the NIS2 Directive, ISO 27001 Annex A, and OWASP Top 10. Compliance reports can be generated directly from the dashboard. Premium plan includes a signed attestation.
Yes. REST API, Prometheus metrics, and an MCP server (Model Context Protocol) that works with Claude Code, Cursor, and other AI assistants. Trigger scans and fetch results programmatically.
All data is hosted on servers in Sweden (Stockholm). No US Cloud Act exposure. GDPR Art. 28 DPA available on request. Org.nr 556227-6351, Adminor AB.
Articles
The EU Cyber Resilience Act entered into force in 2024 but most provisions don't apply until 11 December 2027. Before that, on 11 September …
NIS2 doesn't mention "pentest" verbatim, but art. 21 points e and f make penetration testing de facto best practice. We go through exactly w…
The NIS2 directive came into force in Sweden on 1 January 2025 via the Cybersecurity Act. 27,000 Swedish organizations are now covered, many…
One domain, two minutes, no credit card. We show you what the first scan found, and what survived our three filters.
Adminor AB · Swedish IT security since1983 · Org.nr 556227-6351