Built for SMBs · No agent · No integration

Map your attack surface like an attacker would.

From a single domain. No login. No agent. No integration. Get an AI-prioritized security brief — quick wins, 30/60/90 plan, and the shadow IT you forgot about.

Get the full audit — $249See what a report looks like

~60 seconds to scan once you sign up. Read-only and non-intrusive.

One free sampleSingle use per visitor

Try a real partial scan on your domain.

Email security, DNS, certificate-transparency subdomains. Top findings shown — full report behind purchase. One preview per visitor.

https://
Or try a demo:
Read-only, non-intrusiveReal data, partial coverageOne preview per visitor
The killer feature

What you actually read in the morning.

Most scanners give you a JSON dump. We hand a written brief to your CTO: TL;DR, top 3 priorities with effort tags, quick wins, 30/60/90-day plan, and a score commentary grounded in the actual findings — never invented.

  • Generated for every scan, included on every paid plan.
  • Built on a frontier-class AI engine. No hallucinated findings.
  • Copy-paste ready commands and DNS records.
AI Security Brief
stripe.com · 87/100 · AI-generated

TL;DR
Three findings drive 80% of your risk: a public S3 bucket holding 2.3M objects, a leaked AWS key 47 days old on GitHub, and a dangling CNAME on old-blog.stripe.com.

Top 3 priorities

  1. Lock the public S3 bucketEffort: 1h
  2. Revoke the leaked AWS keyEffort: 5min
  3. Take ownership of the dangling CNAMEEffort: 1h
…4 more sections in the full brief: quick wins, 30/60/90 plan, score commentary.
Hacker-mode reconnaissance

What we find that others miss.

Not "12 scanners". Real passive recon — the same playbook a SMB pentester runs by hand, executed in 60 seconds and folded into one report your CFO and your sysadmin can both read. One score, one PDF, plain English remediations.

🕰️

Wayback Machine archives

That admin panel you took offline three years ago? It's still indexed. We replay every URL the internet remembers about your domain — and flag the ones leaking config files, .env, or staging endpoints.

🔑

Public GitHub leak hunting

22 secret patterns scanned across public repos linked to your team: AWS keys, Stripe tokens, JWTs, database URIs. We tell you which file leaked it — before it is exploited.

🎭

Origin IPs behind Cloudflare

Your CDN hides your servers. Sometimes. We compute favicon hashes and pivot through Shodan's public InternetDB to surface the real IPs — the ones attackers will target to bypass your WAF.

🌐

Subdomain enum at hacker scale

34-word wordlists are why your last auditor missed half your subdomains. We probe 10,000 entries from SecLists in parallel — staging, dev, vpn, git, jenkins, the works.

73
Cloud providers probed
10k
Subdomain wordlist
22
Secret patterns
<60s
Average scan duration
How it works

Three steps. One report.

01

You give us a domain

No login, no agent, no DNS change. Just type your company domain.

02

We scan it like an attacker

12 passive scanners + Shadow IT discovery + Wayback + GitHub dorks + favicon fingerprint. ~60 seconds end-to-end.

03

You get an AI brief, not a wall of JSON

Our AI engine drafts a CTO-friendly report: top 3 priorities with effort tags, quick wins, 30/60/90-day plan, score commentary.

~/cyberscore — scan stripe.com
$ cyberscore scan stripe.com
# Phase 1 — passive recon (parallel)
[+] subdomain enum — 287 hosts (10k wordlist + crt.sh)
[+] cloud-bucket sweep — 3 buckets across 73 providers
[+] wayback machine — 18 archived URLs flagged
[+] github dorks — 0 leaks (good!)
[+] favicon hash → tech: Cloudflare + Stripe.js + React
# Phase 2 — AI brief
[~] generating CTO brief…
✓ scan complete in 56s · score 87/100
$
Pricing

Two ways in. Three ways to scale.

Start free, upgrade when the report is worth it. No surprise overages.

Sample preview
$0one preview, ever
  • Illustrative report on a demo target
  • Shows the structure: score, top findings, AI brief
  • Run the real scan once you have an account
  • No card required
See a sample report
One-Shot Audit
$249one-time, 1 domain
  • Full multi-page PDF report
  • Every Wave 1 capability included
  • Audit-ready PDF + CSV exports for your DPO
  • Renewable manually anytime
Buy report
or subscribe
Starter
$99per month
  • 10 scans / month
  • 1 monitored domain
  • Full report: ports, TLS, headers, CVEs, OSINT
  • AI Security Brief on every scan
  • Wayback + GitHub leak detection
  • Email alerts on score drop
  • Compliance tracker + CSV export
  • Public score badge (opt-in)
Start
Most popular
Pro
$249per month
  • Everything in Starter, plus
  • 30 scans / month (vs 10)
  • 5 monitored domains (vs 1)
  • Weekly continuous monitoring + email digest
  • Slack webhook alerts on score drops
  • Findings delta after each rescan ("✓ Verified fix")
Start 14-day trial
Always-On
$799per month
  • Everything in Pro, plus
  • Unlimited scans (fair-use 500/mo)
  • 25 monitored domains (vs 5)
  • Daily monitoring (vs weekly)
  • Multi-domain portfolio dashboard
  • Bulk import + rescan-all on incident
  • Audit-ready PDF + CSV exports for your DPO
Get started

All paid plans include the AI Security Brief, every Wave 1 capability, PDF export, and email support. Annual saves 20%. Cancel anytime.

Built in France
CS
CyberScore
Independent. Self-funded. No tracking.

A small product with one job: surface the public assets you forgot existed. Methodology and threat model are public on /security.

What runs under the hood
  • SecLists top-10k subdomain wordlist
  • Certificate Transparency (crt.sh)
  • Wayback Machine CDX API
  • Public GitHub Code Search + 22 TruffleHog patterns
  • Shodan InternetDB (free endpoint)
  • Frontier-class AI for the written brief
What we never do
  • Send exploit payloads at your servers
  • Store your scan results past your subscription
  • Share data with advertisers or third-party brokers
  • Charge you for surprise overages
Read the full security page →

FAQ

Stop guessing what is exposed. Get the report.

$249 for the full audit, $249/mo for continuous monitoring. Skip months of pen-test scoping.

Buy the audit — $249Subscribe to Pro — $249/mo