External SaaS scanning vs on-prem pentest appliance. Different shape of problem.
Nørdsnipe Hedgehog is a self-hosted pentest platform from a Stockholm startup with strong technical credentials (ex-Google, Ericsson, Microsoft, KTH). The product comes in three tiers: Desktop for individual pentesters, Collaborative for red/purple teams, and Autonomous where multiple Hedgehogs live inside the customer environment and run continuous testing on command. Strength: deep internal-network coverage, AI-augmented for in-house operators, no data leaves the customer network unless they say so.
Pentesting.se is external-perimeter SaaS. Daily scanning of public attack surface (subdomains, APIs, certificates, exposed services) from our infrastructure against assets the customer has authorised. Strength: low monthly price, multi-tenant from day one, NIS2 and CRA mapping built in, MCP integration for AI-agent workflows. Internal-scan (Sentinel) is on the roadmap but not shipped today, that is where Hedgehog leads us.
These are complementary tools, not direct substitutes. If you sell pentest as a service or have a mature in-house red team, look at Hedgehog. If you need continuous external-perimeter monitoring as a managed service, look at us. Many organisations would want both.
| Aspect | Nørdsnipe Hedgehog | Pentesting.se |
|---|---|---|
| Founded | Stockholm startup, ex-Google/Ericsson/Microsoft/KTH founders | Adminor AB 1983, platform 2024 |
| Deployment model | Self-hosted, on-prem appliance inside customer network | External SaaS, scanners run from our infrastructure on customer-authorised assets |
| Primary perspective | Internal: AD, lateral movement, internal services, intranet | External: public perimeter, exposed APIs, subdomains, certs |
| Target buyer | In-house red/purple team, security engineers with pentest skill | CISO/CTO without in-house pentest team, MSP delivering to many SMB tenants |
| AI angle | AI-augmented pentest tooling for the operator | Claude-based summary, FP reduction, MCP for AI-agent integration |
| Continuous mode | Yes (Autonomous tier, multi-agent in customer env) | Yes, daily scans baseline. Delta findings, regression alerts |
| Pricing | Not disclosed publicly, enterprise sales model | From 249 SEK/month, transparent pricing on site |
| External-perimeter coverage | Not the primary product | Core product (subfinder + naabu + httpx + nuclei + custom plugins) |
| API security testing | Generic via Hedgehog tooling | Dedicated: JWT mutation matrix, GraphQL deep audit, OpenAPI-driven fuzzing, OWASP API Top 10 mapped |
| Internal/AD testing | Yes, core capability | Not today (Sentinel internal-scan SKU on roadmap) |
| Multi-tenant SaaS dashboard | No (per-customer install) | Yes (built-in for MSP delivery + multi-tenant orgs) |
| Data residency | Customer-controlled, never leaves customer network | Adminor AB infrastructure in Sweden, GDPR-bound, no US Cloud Act exposure |
| NIS2/CRA mapping | Not specifically targeted | Built-in finding-to-article mapping + CRA-readiness service |
| MCP integration | No | Yes (14 tools, Claude Code + Cursor) |
For organisations with both external attack surface and internal infrastructure worth testing, the two cover different ground. Pentesting.se watches the perimeter every day, Hedgehog audits the internal network when the operator runs it. The closest comparison we have to Hedgehog's internal mode is our Sentinel SKU, which is on the roadmap but not shipped at the time of writing.
Concretely: an ISO 27001 organisation can run Pentesting.se for the daily external evidence the auditor needs, plus a Hedgehog appliance once or twice a year for an internal sweep. Two tools, two budgets, one risk picture.
See your current external exposure in 60 seconds. No account required.