Your organization's attack surface from the outside. 30+ tools, AI analysis, verified findings. Not just a vulnerability list — we prove what's actually exploitable.
30+
Security tools
< 0.1%
False positive rate
4-pass
AI verification
47
Assets
842
Scanned
12
Verified
Automated vulnerability scanning, external attack surface management, and AI analysis — built and hosted in Sweden.
Automated daily scans using 30+ professional tools including Nuclei, Nmap, Nikto, and SQLMap. Covers OWASP Top 10, known CVEs, misconfigurations, and exposed services.
Continuous discovery of subdomains, IP addresses, open ports, and technologies. External attack surface management (EASM) that maps your full exposure.
Every scan runs through a 4-pass AI pipeline: triage, correlation, deep analysis, and executive reporting. Identifies attack chains, lateral movement paths, and generates audit-grade reports with CVSS justification — delivered daily via email and dashboard.
Scan templates auto-update daily with the latest CVEs, zero-days, and novel attack techniques from the security community. AI correlates findings into attack chains and identifies lateral movement paths unique to your infrastructure.
Continuous monitoring of 25+ cloud services for dangling DNS records — AWS S3, Azure, GitHub Pages, Heroku, Netlify, Shopify, and more. Instant alerts when a subdomain becomes vulnerable to takeover.
Connect Claude Code, Cursor, Windsurf, or any MCP-compatible AI assistant directly to your security dashboard. Manage targets, trigger scans, and review findings through natural language — your AI agent becomes your security analyst.
Four built-in profiles: Vibecode Audit for AI-built apps, Standard Pentest for thorough testing, Stealth Scan for production systems, and Passive Recon for zero-touch analysis. Create custom profiles for specific needs.
Deploy lightweight scan agents inside your network for internal vulnerability scanning. Outbound-only connections — no inbound firewall rules needed. Docker one-liner deployment with enterprise-grade encryption.
Automated daily screenshots and deep content analysis. Self-learning AI baseline detects injected scripts, defacement, removed security headers, and unauthorized changes — not routine content updates.
Enter your domains and we automatically discover subdomains, open ports, and exposed services across your attack surface.
30+ security tools run daily scans — vulnerability detection, web application testing, SSL analysis, and subdomain takeover checks. Scan templates auto-update with the latest CVEs and zero-days.
AI analyzes every finding and delivers plain-language reports with prioritized recommendations straight to your inbox.
Integrate vulnerability scanning into your CI/CD pipeline or connect your AI assistant via MCP. Queue on-demand scans, retrieve findings, manage targets programmatically, or let your AI agent handle it through natural language.
curl -H "Authorization: Bearer ps_live_..." \
https://pentesting.se/api/v1/scans \
-d '{"target": "example.com",
"profile": "standard"}'Detect unauthorized changes to your websites before your customers do. Our AI learns what normal looks like and alerts you when something suspicious appears.
AI-generated app vulnerabilities
Full web application security
WAF evasion, low-noise scanning
Zero-touch reconnaissance
All plans include daily scanning and AI-powered reports.
| Service | Daily scans | AI reports | Swedish | EASM | Profiles | Site monitoring | Price |
|---|---|---|---|---|---|---|---|
| Pentesting.se | From 249 SEK | ||||||
| Aikido | From €300/mo | ||||||
| Detectify | From $275/mo | ||||||
| Intruder | From $172/mo | ||||||
| Pentest-Tools | From $85/mo | ||||||
| Qualys | Custom |
Insights from our security assessments
NCSC published new guidelines for protecting operational technology. We summarize the key measures.
CF IP whitelisting means "trust all CF customers". Here's how attackers bypass your WAF entirely.
EASM continuously maps and monitors your organization's externally exposed IT assets — domains, subdomains, IPs, ports, web applications, and cloud services — to find vulnerabilities before attackers do.
We combine 30+ security tools with a self-learning Verification Engine that eliminates false positives. The result is actionable reports — not hundreds of unfiltered alerts. Plus: continuous monitoring, AI analysis, and compliance mapping included.
We automatically map findings to the NIS2 Directive, ISO 27001 Annex A, and OWASP Top 10. Compliance reports can be generated directly from the dashboard.
Yes. We offer a REST API, Prometheus metrics, and an MCP server (Model Context Protocol) that works with Claude Code, Cursor, and other AI assistants. Trigger scans and fetch results automatically.
All data is stored on servers in Sweden. No US Cloud Act exposure. Full GDPR compliance.
Start a free trial — no credit card required.
Adminor AB — Swedish IT infrastructure & security since 1983