Do you replace a pentest?

No — and we wouldn't want to. A pentester runs custom logic against your auth flows, business logic, and chained exploits. We don't. What we replace is the DAYS between pentests where new exposures appear: a new staging subdomain a developer spun up, a cert that expired, a public S3 bucket created last Tuesday, a CVE that just dropped on your nginx version. CyberScore is the continuous layer between two pentests — they catch deep bugs once a year, we catch surface drift every day.

How is this different from Detectify or UpGuard?

Detectify focuses on DAST (active web-app vuln testing) — they scan your login forms with payloads. UpGuard focuses on third-party risk scoring — they rate your VENDORS. CyberScore is neither: we're a continuous external Attack Surface Management tool for YOUR OWN domains, with a compliance tracker and an AI brief on top. If you want active web-app payload testing on your own apps, you want Detectify. If you want to rate your supply chain, you want UpGuard. If you want to know what's drifting on your perimeter every day, we're 1/10th the price of either.

Is the scan invasive — will my server notice?

No. CyberScore is read-only. We hit your public DNS, public certs, public storage URLs, public GitHub. We never send exploit payloads. Your WAF logs may show our user agent (CyberScoreBot/1.0); that is the only trace.

How accurate is the AI brief?

It only summarises evidence we collected during the scan. The prompt is locked to forbid invented findings. Every sentence ties back to a finding you can verify in the report annex.

Can I scan a domain I do not own?

We only collect information that is already public on the internet — DNS records, TLS certificates, HTTP headers, leaked secrets in public GitHub repos. No authentication required, ever. By signing up, you confirm you are authorised to scan the domains you submit. Abuse (scanning competitors at scale, harassment) gets your account suspended and we keep audit logs.

What happens if a scan fails or a source is rate-limited?

We surface partial results honestly. If GitHub or Wayback throttles us mid-scan, the report says so — no fake "all clear" findings.

Where is data stored?

On a single dedicated VPS in France. Reports are kept for the lifetime of your subscription. Free Scan results are purged after 24 h. Full details on our /security page.

Do you have an enterprise tier?

Always-On covers most security-conscious scaleups. For larger orgs (50+ domains, custom integrations, SSO, DPA), email patrick@cybersco.re.

The continuous layer between your pentests

Pentests cover one weekWe cover the other 51

Daily monitoring of your external attack surface, with a CTO-ready brief on every scan.

Get a one-time scan — $49 Try a free sample first

~60 seconds to scan. Read-only and non-intrusive. No agent.

A+A+ on Mozilla Observatory — same grade as Stripe and Google. We hold our own perimeter to the bar we ask customers to clear.

~/cyberscore — scan stripe.com

Cross-referenced sources on every scan

Same data your auditor cross-references, automated and continuous.See our methodology →

Why we exist

The pentest is dated the day the auditor leaves

Annual audits catch what was true that week. We catch what becomes true the other 51.

The problem

You scan once a year

The pentester finds 47 issues. You fix them in two weeks. For the next 50 weeks, your external surface drifts silently:

A developer spins up a staging.acme.com subdomain on a Tuesday.
Your TLS cert expires on a Sunday at 2 AM.
An S3 bucket goes public after a Terraform change.
A new CVE drops on the nginx version you forgot to patch.
A junior dev commits an AWS key to a public GitHub repo.

Your report is stale before the ink dries.

Our answer

We scan every day

Same external surface your pentester sees, monitored continuously. When something changes you know within 24 hours, with a fix path in the alert:

Subdomain enum every 24h with 10k-word probing — new hosts flagged.
TLS certificate watch + email when expiry is <30 days.
Cloud bucket sweep across 73 providers, public ones alerted instantly.
CVE matching against your detected stack versions, nightly.
GitHub secret scan on every repo your team touches.

Your auditor signs off without comment.

Product tour

See it in action

Real interface. Real data. Click a tab to explore.

Watch the scan stream every check — DNS, TLS, headers, subdomain enum, GitHub leaks — and resolve to a 0–100 score in under a minute.

Built-in AI brief

A brief, not a 200-page PDF nobody reads

Pentest reports gather dust because they're 200 pages long and a quarter old. Our AI engine drafts a CTO-ready brief on every scan: TL;DR, top 3 priorities with effort tags, quick wins, 30/60/90-day plan, score commentary — grounded in the actual findings, never invented.

Appendix C · cont.Page 142 / 187

CVE-2023-4863webp · libwebp9.6

CVE-2023-32434kernel · iOS <16.58.1

CVE-2022-37434zlib · inflate9.8

CVE-2024-23222WebKit · type conf8.8

CVE-2023-21716MS Word · RCE9.8

CVE-2023-44487HTTP/2 reset7.5

…continues for 43 more rows

Section 5.1 — Risk matrix · p. 32

Likelihood →Impact ↑

Appendix F — NIST 800-53 mapping

AC-2Account management

AC-3Access enforcement

AU-3Content of audit records

AU-12Audit record generation

IA-5Authenticator management

SC-7Boundary protection

SI-2Flaw remediation

CM-7Least functionality

…73 more controls

Figure 4.7 — Network topologyp. 56

Legend: ◉ host · — link · see app. B for IPs

Section 4.3.2 — SSH Configurationp. 89

# /etc/ssh/sshd_config (excerpt)

PermitRootLogin yes no

PasswordAuthentication no

…

Volume 1 of 3 · Internal use only

Annual Penetration Test Report 2024

Prepared by Acme Pentest Consulting · Jan 12, 2024

Page 1 / 187Last opened: Feb 14, 2024

Before187 pages · 3 volumes · last opened 11 months ago

/100

AI Security Brief

stripe.com

Good practice

TL;DR
Three findings drive 80% of your risk: a public S3 bucket holding 2.3M objects, a leaked AWS key 47 days old on GitHub, and a dangling CNAME on old-blog.stripe.com.

Top 3 priorities

Lock the public S3 bucket — Effort: 1h
Revoke the leaked AWS key — Effort: 5min
Take ownership of the dangling CNAME — Effort: 1h

…4 more sections in the full brief: quick wins, 30/60/90 plan, score commentary.

Today1 brief · 3 actions · grounded in this scan

One free sampleSingle use per visitor

Try a real partial scan on your domain.

Email security, DNS, certificate-transparency subdomains. Top findings shown — full report behind purchase. One preview per visitor.

The cost of inaction

Public breaches an external scanner would have caught

Three real, documented incidents from the past 18 months. Each one started with an externally visible weak signal — exactly the kind we surface on every scan.

October 2023Okta~$1B market cap
Customer support portal compromise via leaked session token.
With CyberScore: A continuous secret scan flags GitHub-leaked tokens within hours.
May 2024Snowflake customers165+ companies, hundreds of millions in damages
Credential stuffing against accounts without MFA, leaked passwords from old breaches.
With CyberScore: HIBP-style breach lookup catches the credentials before exploitation.
April 2024AT&T73M records exposed
Customer data leaked via dark-web post; traced back to a third-party cloud storage exposure.
With CyberScore: Cloud-bucket sweep across 73 providers catches public buckets in under 60 seconds.

Industry benchmark

Average breach cost (IBM 2024 report): $4.45M

CyberScore Always-On: $399/month

Incidents above are publicly documented. References available on request. CyberScore claims describe technical capability, not a guarantee of breach prevention.

Paris, May 2026

Hi,

I built CyberScore because I watched a friend's SMB get hit by ransomware three months after their annual pentest cleared them. The pentester wasn't sloppy — the company spun up a new staging subdomain in week 2, exposed an admin panel, and the report from January didn't mention it. It couldn't have.

Pentests are great. They miss the other 51 weeks.

So I built the layer between two pentests: a continuous scanner for the external attack surface, with an AI brief a CTO can read in five minutes and an auditor can drop into a SOC 2 binder.

If you try CyberScore and it's useful — tell me. If it isn't, tell me what's missing. I read every email and I usually ship a fix within 48 hours.

Yours,

Patrick Astoul

Founder, CyberScore

patrick@cybersco.re

Who is this for

Three teams, one continuous layer

We're not a Burp replacement, and we're not a vendor-risk scoring tool. We're what runs between two pentests so nothing new slips through.

Startup CTO, no pentest budget

The pain: A €15k pentest is half a junior salary. You can't justify it to your board, but your enterprise prospects keep asking for a security artifact.

CyberScore: Run an audit-prep scan ($299) on your way to your first SOC 2. Or subscribe to Pro ($249/mo) for continuous coverage — same arithmetic, 80% of the value at 5% of the price.

Best fit · Audit Prep · Pro

CISO of a compliance-bound SMB

The pain: You pay €15k/yr for an annual pentest because ISO 27001 / SOC 2 / NIS2 demand it. The report goes stale the day after the auditor leaves.

CyberScore: CyberScore is the continuous layer next to your annual pentest, not a replacement. Daily checks on the external surface; you know before your auditor does when a new S3 bucket goes public or a cert expires.

Best fit · Pro · Always-On

MSP / agency managing 30 clients

The pain: Each client wants 'continuous security monitoring' but you can't run a pentest per quarter per client. You need a portfolio dashboard that scales with headcount, not with engagement count.

CyberScore: One Always-On subscription, 25 monitored domains, daily rescans, bulk import, multi-domain portfolio, CSV exports for client deliverables. The unit economics finally work.

Best fit · Always-On

Pricing