Kontinuerlig pentest, hantverksmässigt avslutad

Tre lager.
En rapport.
Färre false positives.

Vi scannar er externa angreppsyta varje dygn med 30+ verktyg, verifierar varje fynd mot er live-miljö, och avslutar med en LLM-driven granskning som plockar bort skitsnacket. Det som hamnar i rapporten har överlevt tre filter.

Starta 14 dagar gratisGratis hälsokoll på er domän

Hostat i Stockholm. GDPR Art. 28-DPA på begäran. Org.nr 556227-6351.

Senaste scan, exempel
Råscan, alla verktyg47
Efter verifiering12
Efter artisanal granskning8
Levererat till kund (varav 2 high)8

39 fynd togs bort längs vägen, varav 4 markerades som false positives av vår FP-lärande motor. Resten var dubletter, redan kända eller helt täckta av annan kontroll.

Hosted in StockholmGDPR Art. 28 DPA on requestNIS2 + ISO 27001 + NIST CSF 2.0CRA-readyAdminor AB · since 1983

Metoden

Fyra steg
som filtrerar
ner bruset.

Skillnaden mot en vanlig sårbarhetsskanner ligger inte i fler verktyg, den ligger i vad som händer efter scannet. Tre av stegen tar bort fynd. Ett enda lägger till.

01

Daglig scan

nuclei, subfinder, httpx, naabu och ~25 verktyg till körs mot er externa angreppsyta. Vi använder de verktyg som faktiskt fungerar för stacken, inte allt på en gång.

Tar bort ingenting. Bygger råmaterial.

02

Verifieringsmotor

Varje fynd dubbelkollas mot er live-miljö med HTTP-self-tests, snapshot-jämförelse, och globala FP-mönster. Dubletter merges, kända FP markeras.

Tar bort ~70 % av råfynden.

03

Artisanal LLM-granskning

En Opus-driven granskning läser scan-datat med scope-medvetenhet och evidence-grunding, hittar coverage-gaps och nedgraderar svaga signaler. Operatör läser och godkänner.

Lägger ibland till. Tar oftare bort.

04

Rapport ni faktiskt orkar läsa

Slutprodukten är en kort, prioriterad lista i dashboarden eller som månadsmail. Inget "Critical: missing X-Frame-Options". Bara saker värda att åtgärda.

Levereras. Klart.

Our products

Three sides of the same platform.

Filter

Verification Engine

Removes duplicates, FP and noise so what ends up in the report is worth reading. Takes 47 raw findings down to 8.

Read more
API

MCP for AI agents

14 tools over the Model Context Protocol. Claude Code and Cursor trigger scans and fetch findings right from chat.

Read more
Consulting

Strategic Security Assessment

Maturity assessment against NIST CSF 2.0, NIS2 and CRA. Workshops, report, prioritized roadmap. Delivered as a project.

Read more

Pricing

In SEK,
upfront.
No "contact sales".

14 days free, no credit card. Standard fits most customers. Guarantee: if we find nothing in 30 days, full refund.

Basic

249SEK/mo~25 EUR
  • 1 domain + 5 subdomains
  • Daily vulnerability scanning
  • Verification Engine
  • Monthly findings email
  • NIS2 + ISO 27001 report
Get started

Standard

990SEK/mo~95 EUR
  • 5 domains + unlimited subdomains
  • Daily scanning
  • Verification Engine + FP-learning
  • Weekly findings email
  • Site monitoring
  • Artisanal LLM review / month
  • REST API + MCP server
  • Priority support
Start 14-day trial

Premium

Contact
  • Everything in Standard
  • Custom scope and scan profile
  • Dedicated operator
  • Signed compliance attestation
  • SLA + on-call
  • Bespoke artisanal passes
Contact us

Comparison

What you get vs what others offer.

Actual features, not claims. Things actually listed on competitor pricing pages as of May 2026.

ServiceDailyAI verif.SwedishEASMMonitoringPrice
Pentesting.se249 SEK
Aikidofr €300/mån
Detectifyfr $275/mån
Intruderfr $172/mån
Pentest-Toolsfr $85/mån
QualysCustom

Frequently asked

What people ask most.

What is external attack surface management (EASM)?+

EASM continuously maps and monitors externally exposed IT assets: domains, subdomains, IPs, ports, web applications, and cloud services. The point is to find vulnerabilities before an attacker does.

How is pentesting.se different from a regular vulnerability scanner?+

The difference is not more tools, but three filters after the scan: cross-tool correlation, verification against your live environment, and an LLM-driven review that cleans and complements. What ends up in the report has survived three filters, not the raw scan.

Which compliance frameworks are supported?+

Findings are automatically mapped to the NIS2 Directive, ISO 27001 Annex A, and OWASP Top 10. Compliance reports can be generated directly from the dashboard. Premium plan includes a signed attestation.

Can it integrate with CI/CD and AI agents?+

Yes. REST API, Prometheus metrics, and an MCP server (Model Context Protocol) that works with Claude Code, Cursor, and other AI assistants. Trigger scans and fetch results programmatically.

Where is data stored?+

All data is hosted on servers in Sweden (Stockholm). No US Cloud Act exposure. GDPR Art. 28 DPA available on request. Org.nr 556227-6351, Adminor AB.

Articles

What we wrote recently.

NIS2 pentest requirements, what you must do and how to document it

NIS2 doesn't mention "pentest" verbatim, but art. 21 points e and f make penetration testing de facto best practice. We go through exactly w…

Am I covered by NIS2? Decision guide for Swedish organizations 2026

The NIS2 directive came into force in Sweden on 1 January 2025 via the Cybersecurity Act. 27,000 Swedish organizations are now covered, many…

Pentest price 2026, what does a penetration test cost in Sweden?

Price guide for pentest in Sweden 2026, automated scanning, web app test, network test, red team. We share concrete price ranges from the Sw…

Want to see what your external attack surface actually looks like?

One domain, two minutes, no credit card. We show you what the first scan found, and what survived our three filters.

Start 14-day trialFree health check on your domain

Adminor AB · Swedish IT security since1983 · Org.nr 556227-6351