Find and Resolve Critical Security Vulnerabilities
Offensity checks your IT systems accessible from the Internet for security vulnerabilities. We alert you as soon as we discover critical gaps.
Detect SQL injections, weak credentials, outdated software and much more. Enhance manual penetration testing with our trusted automation. Make security measurable.
Level-up Your Security with Offensity
Eliminate exploitable, dangerous weak points and start a sustainable and permanent security measure with Offensity.
Easy and Precise
Receive clear recommendations for action and minimize your risk effortlessly and cost-effectively.
Identify new threats
Our hacker team observes new threats and reacts immediately: whether it is a newly developed vulnerability or a data leak with access data from your employees.
Start Scanning in Minutes
Enter your domains (e.g. "example.com")
We recommend further subdomains.
From now on, we will scan your systems and alert you in case of critical security gaps.
Get things moving with our trial. As soon as you are ready, you can extend to a paid package (starting from € 389,-/month for 5 domains and 100 subdomains).
The Offensity trial expires after 4 weeks. No automated debiting or package extension.
Get Security Reports For Free
Quick and easy setup and 4-weeks of free security reports.
What does Offensity scan?
Our scans include classic network scans (TCP/UDP full port scans) and web scans. We discover:
- Weak credentials
- Open database systems
- Web vulnerabilities (XSS, SQL injections and many more)
- Sensitive web files (database backups, configuration files and many more)
- Outdated CMS installations
- Subdomain take-over
- and many more.
What are the latest discovered threats?
We have checked numerous new serious vulnerabilities for our customers in the last few weeks and months. Here is a small selection of relevant incidents:
- (05.05.2021) Exim Internet Mailer: Remote Code Execution "21Nails"
- (21.04.2021) SonicWall Email Security: Remote Code Execution (CVE-2021-20021, CVE-2021-20022, CVE-2021-20023)
- (21.04.2021) Pulse Secure VPN: Remote Code Execution (CVE-2021-22893)
- (16.04.2021) Microsoft Exchange: Remote Code Execution (CVE-2021-28480, CVE-2021-28481, …)
- (03.03.2021) Microsoft Exchange: Remote Code Execution (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
- (26.02.2021) VMware vCenter: Remote Code Execution (CVE-2021-21972)
- (12.02.2021) SAP Commerce Cloud: Remote Code Execution (CVE-2021-21477)
- (25.01.2021) DNS-Resolver dnsmasq "DNSpooq": DNS Cache Poisoning & Buffer Overflow
- (02.11.2020) Oracle WebLogic: Remote Code Execution in Oracle WebLogic (CVE-2020-14882)
- (14.10.2020) Microsoft ICMPv6 "Bad Neighbor": Remote Code Execution in Microsoft ICMPv6-Stack (CVE-2020-16898)
- (14.09.2020) Microsoft AD "Zerologon": Remote Code Execution in Microsoft Domain Controller (CVE-2020-1472)
- (11.09.2020) Microsoft Exchange: Authenticated Remote Code Execution (CVE-2020-16875)
- (05.08.2020) Data Leak VPN Endpoints: An attacker has published private data including passwords and private keys of more than 900 corporate VPNs.
- (17.07.2020) GnuTLS: Decrypt content (TLS 1.2) and bypass authentication (TLS 1.3) (CVE-2020-13777)
- (14.06.2020) Microsoft DNS-Server "SigRed": Remote Code Execution (CVE-2020-1350)
- (16.06.2020) Ripple20: Remote Code Executions in TCP/IP Stack of IoT devices
- (10.03.2020) Microsoft SMB protocol: Remote Code Execution (CVE-2020-0796)
- (11.02.2020) Microsoft Exchange: Authenticated Remote Code Execution (CVE-2020-0688)
- (11.01.2020) Citrix: Remote Code Execution (CVE-2019-19781)
In addition, Offensity recognizes a large number of additional weak points. If you register for a trial month, you will continue to receive emails with valuable information about new threats after the trial month.
How do pentesting tools compare to manual penetration tests?
Manual penetration tests are essential for high security requirements. Nevertheless, these only represent snapshots and are very expensive.
With its ongoing monitoring of emerging security gaps and easily understandable recommendations, Offensity offers the optimal security basis for companies.
Can I see a sample report?
Yes. Click through the Offensity Sample Report. Similar reports are created for your infrastructure.
When do I get the first Offensity report?
Usually after a few hours to two days, depending on the size of your infrastructure.
Can I choose which of my systems to scan?
Yes. Offensity finds your subdomains based on your domain. These subdomains are suggested to you when you set up. You can remove or add subdomains at any time.
How often is my infrastructure automatically scanned?
As a rule, you will receive a report on our dashboard every two days. We start the scan modules every two to seven days.
Book a demo
We'd love to show you what Offensity can do for your business! Or if you have any questions, contact us using our web form or with a simple email.