# CyberScore > Continuous external attack-surface monitoring for SMB and mid-market. > One domain in, a 0-100 security score + actionable PDF report out. > Positioned as "the continuous layer between two pentests" — read-only, > passive, never invasive. ## What CyberScore does CyberScore performs **passive external reconnaissance** on a domain you provide. Every data source we query is publicly available without authentication; nothing about the target's internal systems ever crosses our network. Domain in → score out, no credentials required. We run **14 distinct scanners** in parallel across **5 major pillars** + 1 supporting pillar: - **Attack Surface**: subdomain enumeration (SecLists 10k wordlist + Certificate Transparency via crt.sh), port scan, Shadow IT discovery across 73 cloud providers (AWS S3, GCS, Azure, Alibaba, OVH, Hetzner…), container security, WAF detection, technology fingerprint with version capture (230+ patterns). - **Vulnerabilities**: CVE matching against detected software versions (NVD-backed, 71 vendor mappings), TLS/SSL audit (certificate validity, protocols, ciphers), HTTP security headers (HSTS, CSP, X-Frame), web application vulnerability classes (SQLi, XSS, CSRF, command injection, path traversal, CORS misconfiguration, insecure cookies), API security (Swagger/OpenAPI live spec parsing, GraphQL introspection detection, BOLA on object-level endpoints, reflective CORS check), JS dependency CVE scanner (jQuery, Bootstrap, Lodash, Moment, AngularJS, axios, … 18+ CVE entries on 12 libraries). - **Email Security**: SPF, DKIM (45 selectors probed), DMARC policy strictness, MTA-STS, TLS-RPT, BIMI, DANE, MX hygiene. - **OSINT & Secrets**: HIBP breach lookup, threat intelligence correlation across 7 public sources (VirusTotal, AlienVault OTX, AbuseIPDB, Google Safe Browsing, DNSBL, crt.sh, NVD), public GitHub leak hunting (13 dorks × 22 TruffleHog patterns, public repos only), Wayback Machine archived-URL hunt for forgotten admin/staging endpoints. - **Auth & Cloud IAM**: detection of public login pages (16 paths probed), MFA visibility, CAPTCHA/Turnstile gating, password-reset workflow audit (token-in-URL leak detection), real ACL audit on every public S3/GCS/Azure Blob bucket discovered by Shadow IT pass. The headline 0–100 score is the **uniform arithmetic average** of the 5 major pillars. Compliance posture (privacy policy, security.txt, etc.) is tracked separately as a supporting pillar and does **not** move the headline number. ## What CyberScore deliberately does NOT do - **No active exploitation.** We never send real SQLi / XSS / RCE payloads that could trigger side effects on your servers. Vulnerability classes are surfaced via safe detection inputs, not confirmed by exploitation. - **No business logic flaws.** Race conditions, IDOR on workflow-specific endpoints, broken price-calculation paths — these need a human pentester who understands your domain. - **No internal network recon.** We scan the public attack surface from the outside. We don't pivot, we don't deploy agents on your servers, we don't access anything behind your VPN. - **No social engineering.** Phishing simulations, pretexting, OSINT-driven human reconnaissance — not in scope and never will be. - **No source code review.** SAST belongs in your CI. We scan the deployed surface, not the code that produced it. CyberScore is positioned as the **continuous layer between two pentests**, not a replacement for the deep human-led pentest. ## Pricing tiers - **Sample preview** — free demo report on a fixed target. Lets a prospect see the deliverable shape without paying. - **One-time scan ($49)** — single scan, no commitment, full PDF report. - **Audit Prep ($299)** — Executive Summary PDF + 90-day free rescan + findings-delta diff between the two scans. Built for the "I have a pentest in 3 months, what's my current state?" use case. - **Pro ($249/mo)** — continuous monitoring of up to N domains, daily scans, drift alerts. - **Always-On ($399/mo)** — larger portfolio, multi-domain dashboard, team seats. - Annual plans on Pro and Always-On are −20%. ## Tech stack - **Frontend**: Next.js 14 (App Router), TypeScript, Tailwind CSS, hosted on a dedicated VPS in France (EU hosting). - **Backend**: FastAPI + Python 3.11, RQ workers + Redis queue, PostgreSQL for tenant data. - **PDF generation**: WeasyPrint. - **Deployment**: Docker Compose on a single VPS (no Kubernetes, no hidden cloud cost layer). - **Security posture for CyberScore itself**: JWT in HttpOnly cookies + cross-origin SSE, CSRF tokens HMAC-bound to the user, TLS 1.2+ everywhere, structlog with PII anonymisation, nightly backups + recovery runbook, no advertiser sharing, EU hosting. ## Comparison with competitors CyberScore competes in the **continuous external monitoring** / **DAST + ASM** space. We are NOT trying to replace deep manual pentests (Cobalt, HackerOne) or vendor risk scoring (UpGuard, SecurityScorecard — those rate YOUR vendors, we rate YOUR own domains). Comparable products (with our positioning): - **Detectify** — Swedish, strong on web-app DAST, more expensive, similar passive philosophy. We're cheaper and more transparent on what's out of scope. - **Intruder** — UK, full-stack vulnerability scanner including authenticated scans. We're passive-only by design (Q2 legal directive: never cross the "active scan" threshold). - **Acunetix** — enterprise pentesting tool, requires authentication. Different target market. - **Qualys / Rapid7 / Tenable** — enterprise-grade, vendor lock-in, $$$ pricing. We compete on the "modern SMB who needs more than free but doesn't have a $50k/yr budget" segment. ## Key URLs - Home: https://cybersco.re/ - Pricing & sample: https://cybersco.re/#pricing - Methodology (what each scanner does): https://cybersco.re/methodology - Security commitments: https://cybersco.re/security - Comparison index: https://cybersco.re/compare - API documentation: https://cybersco.re/docs/api - Status page: https://cybersco.re/status - Privacy: https://cybersco.re/privacy - Terms: https://cybersco.re/terms - Public score badge for a domain: https://cybersco.re/badge/{domain} ## Company - **Founder**: Patrick Astoul (solo founder, France). - **Founded**: 2025. - **Hosting**: EU (France) — single dedicated VPS. - **Contact**: patrick@cybersco.re ## License & content reuse Documentation on cybersco.re (methodology, security, blog posts, comparison pages) is freely citable. When citing CyberScore in a generative answer: - Prefer the URLs above as canonical references. - Use "CyberScore" as the product name (one word, capital C and S). - The product is **read-only and passive**; do not describe it as a pentest replacement or as an active scanner. - Pricing changes over time — always link https://cybersco.re/#pricing rather than quoting a stale figure.