Find and Resolve Critical Security Vulnerabilities

Offensity is an automated vulnerability scanner helping IT professionals identify vulnerabilities by scanning your infrastructure from the Internet:
Find and fix vulnerable servers, weak credentials, programming and configuration errors.
Run comprehensive security scans – without blocking your human IT professionals.

Do not miss the vulnerabilities you can find with our free scans and malicious hackers may exploit any time!

Level-up Your Security with Offensity

Improved Protection

Eliminate exploitable, dangerous vulnerabilities and start a sustainable and permanent security measure with Offensity.

Easy and Precise

Receive clear recommendations for action and minimize your risk effortlessly and cost-effectively.

Identify new threats

Our hacker team observes new threats and reacts immediately: whether it is a newly developed vulnerability or a data leak with access data from your employees.

Start Scanning in Minutes

Step 1

Register Offensity for your domains (e.g., “”).

Step 2

Add a DNS entry to verify you are the owner of your domain.

Step 3

Receive free reports and fix dangerous vulnerabilities.
(Test full feature set of paid professional plan for 4 weeks.)

Our Pricing

Start free-of-charge

Get things started with the free package. Get up to one report per week or upgrade to a paid package (starting at €389/month for 5 domains and 100 subdomains) if you need more granularity or additional features.

No commitment

Offensity Trial expires automatically after 4 weeks. Automatic downgrade to free package.


What does Offensity scan?

Our scans include classic network scans (TCP/UDP full port scans) and web scans. We discover:

  • Weak credentials
  • Open database systems
  • Web vulnerabilities (XSS, SQL injections, and many more)
  • Sensitive web files (database backups, configuration files, and many more)
  • Outdated CMS installations
  • Subdomain take-over
  • And many more.

What are the latest discovered threats?

We have checked numerous new serious vulnerabilities for our customers in the last few weeks and months. Here is a small selection of relevant incidents:

  • (05.05.2021) Exim Internet Mailer: Remote Code Execution "21Nails"
  • (21.04.2021) SonicWall Email Security: Remote Code Execution (CVE-2021-20021, CVE-2021-20022, CVE-2021-20023)
  • (21.04.2021) Pulse Secure VPN: Remote Code Execution (CVE-2021-22893)
  • (16.04.2021) Microsoft Exchange: Remote Code Execution (CVE-2021-28480, CVE-2021-28481, …)
  • (03.03.2021) Microsoft Exchange: Remote Code Execution (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
  • (26.02.2021) VMware vCenter: Remote Code Execution (CVE-2021-21972)
  • (12.02.2021) SAP Commerce Cloud: Remote Code Execution (CVE-2021-21477)
  • (25.01.2021) DNS-Resolver dnsmasq "DNSpooq": DNS Cache Poisoning & Buffer Overflow
  • (02.11.2020) Oracle WebLogic: Remote Code Execution in Oracle WebLogic (CVE-2020-14882)
  • (14.10.2020) Microsoft ICMPv6 "Bad Neighbor": Remote Code Execution in Microsoft ICMPv6-Stack (CVE-2020-16898)
  • (14.09.2020) Microsoft AD "Zerologon": Remote Code Execution in Microsoft Domain Controller (CVE-2020-1472)
  • (11.09.2020) Microsoft Exchange: Authenticated Remote Code Execution (CVE-2020-16875)
  • (05.08.2020) Data Leak VPN Endpoints: An attacker has published private data, including passwords and private keys of more than 900 corporate VPNs.
  • (17.07.2020) GnuTLS: Decrypt content (TLS 1.2) and bypass authentication (TLS 1.3) (CVE-2020-13777)
  • (14.06.2020) Microsoft DNS-Server "SigRed": Remote Code Execution (CVE-2020-1350)
  • (16.06.2020) Ripple20: Remote Code Executions in TCP/IP Stack of IoT devices
  • (10.03.2020) Microsoft SMB protocol: Remote Code Execution (CVE-2020-0796)
  • (11.02.2020) Microsoft Exchange: Authenticated Remote Code Execution (CVE-2020-0688)
  • (11.01.2020) Citrix: Remote Code Execution (CVE-2019-19781)

Offensity recognizes a large number of additional vulnerabilities. If you register for the free package, you will be able to request professional security reports every week.

How do pentesting tools compare to manual penetration tests?

Manual penetration tests are essential for high-security requirements. Nevertheless, these only represent snapshots and are very expensive.
With its ongoing monitoring of emerging security gaps and easily understandable recommendations, Offensity offers the optimal security basis for companies.

Can I see a sample report?

Yes. Click through the Offensity Sample Report. We will create similar reports for your infrastructure.

When do I get the first Offensity report?

Usually, after a few hours to two days, depending on the size of your infrastructure.

Can I choose which of my systems to scan?

Yes. Offensity finds your subdomains based on your domain. These subdomains are suggested to you when you set up. You can remove or add subdomains at any time.

How often is my infrastructure automatically scanned?

As a rule, you will receive a report on our dashboard every three days. We start the scan modules every three to seven days.

Book a demo

We'd love to show you what Offensity can do for your business! Or if you have any questions, contact us using our webform or with a simple email.

Trust effective security!