What We Check — From the Outside
- Your websiteExposed versions, missing security headers and configurations that make break-ins easier.
- DNS & domainMisconfigured records that allow subdomain takeover or spoofing.
- Email (SPF, DKIM, DMARC)Whether criminals can send emails impersonating your company.
- Exposed ports & servicesWhat's open to the internet without need — the classic way in.
- Leaked credentialsYour team's passwords circulating in public breaches and on the dark web.
A Plain-Language Report
Within 3–5 business days you get a clear report, prioritized by real risk — written for business owners, not engineers.
- Non-intrusiveWe only analyze what's already publicly visible. Nothing installed, nothing breached, nothing stops working.
- Prioritized by real riskWhat to fix first, what can wait, and what's just noise.
- No strings attachedThe report is yours — fix things in-house, with another partner, or with us.
What If We Find Something Critical?
- Honestly: if we find critical flaws — the kind that lets hackers steal your customers' card data — we'll tell you immediately
- In that case, we offer a paid deep analysis: we trace the root cause, fix it and retest
- No obligation whatsoever — the decision to proceed is always yours
Request Free Pentest
Fill this in and our team starts the external scan of your domain.
How the Free Pentest Works
Sign Up
You fill in the form and confirm you own or are authorized for the domain.
External Scan
We analyze your attack surface from the outside — non-intrusive, nothing installed.
Report in 3–5 Days
A plain-language report, prioritized by real risk, straight to your inbox.
If It's Critical
We offer a paid deep analysis: root cause, fix and retest. No obligation.
Prefer to Talk First?
Our team is ready in English, Portuguese and Spanish.