Free · No call required · 24-hour delivery

See your attack surface
before attackers do

Email us your domain. We'll send you a free external recon report within 24 hours — subdomains, DNS config, SSL, security headers, exposed paths, and tech fingerprinting. No sales call, no form, no strings.

Get my free recon report
Book a call instead

what's included

What's in the free report

The same first step we run before every paid engagement — your full external attack surface, packaged into a clean PDF.

Subdomain Enumeration

Discover staging, dev, admin, and API subdomains exposed publicly via certificate transparency logs. Risky subdomains flagged separately.

DNS Configuration Audit

A, MX, NS, TXT, and CAA records reviewed. Dangling DNS entries and zone transfer misconfigurations flagged.

SSL / TLS Analysis

Certificate validity, expiry, issuer, HSTS, protocol version, and cipher suite reviewed. Weak or expired configs highlighted.

HTTP Security Headers

CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy checked. Missing headers are the most common quick win.

Email Security (SPF / DMARC / DKIM)

Missing or misconfigured SPF and DMARC means your domain can be spoofed in phishing emails. We check and flag gaps immediately.

Technology Fingerprinting

Detect your web server, frameworks, CDN, and CMS via response headers and meta tags. Outdated versions with known CVEs are highlighted.

Sensitive Path Probes

HEAD requests to common sensitive paths: /.env, /admin, /.git, /api/v1, /phpinfo.php, /wp-admin. Exposed paths flagged with severity.

Clean PDF Report

Every finding packaged into a professionally formatted PDF — Executive Summary, severity-rated findings table, and specific recommendations.

three steps

How it works

No meetings, no lengthy intake forms. Just email us your domain.

Step 1: Email us your domain

Send an email to contact@vuldesk.com with your domain. That's it. No form to fill, no call to book, no credit card.

Step 2: We run the recon

We run our full external reconnaissance toolchain against your domain — passive only, no active exploitation, completely safe. Takes about 30 minutes.

Step 3: Receive your PDF report within 24 hours

We review the findings, remove false positives, and send you a clean PDF with an Executive Summary and prioritized recommendations. Yours to keep.

Security analysis process

no hourly rates

Simple, fixed pricing

Know the exact cost before we start. No overruns, no surprises — built for founders who run lean.

Bootstrap Pentest

For SaaS teams handling user accounts and payment data

$ 3,500
fixed price
  • Web application pentest (OWASP Top 10 + business logic)
  • 1 application, up to 10 API endpoints
  • 10 business day turnaround
  • Executive summary + technical findings report
  • Remediation guidance per finding
  • 30-day async remediation support
  • Certificate of completion
Get started
Most popular

Growth Pentest

For teams with OAuth integrations, APIs, and enterprise customers asking questions

$ 7,500
fixed price
  • Web app + API penetration test
  • Up to 25 API endpoints, authenticated + unauthenticated
  • Authentication and authorization deep-dive
  • 10 business day turnaround
  • Full technical report + executive summary
  • 60-day async remediation support
  • Retest of critical findings included
  • SOC 2 readiness callouts
Get started

Compliance Pentest

For teams in regulated niches — telehealth, fintech, edtech, HR tech

$ 15,000
fixed price
  • Everything in Growth Pentest
  • HIPAA / GDPR technical safeguards assessment
  • Report structured for audit defensibility
  • Written attestation letter for partners
  • Priority 7 business day turnaround
  • Compliance gap analysis vs relevant framework
Get started

faq

Common questions

Is the free recon report actually free? What's the catch?

Yes, fully free. No credit card, no trial period. We run this as a goodwill offer — the report is useful to you regardless of whether you become a customer. If it surfaces something serious, you'll likely want to talk to us. If it doesn't, you still got a useful snapshot of your attack surface.

Is it safe? Will you break anything on my site?

Completely safe. The free recon report is entirely passive — we use certificate transparency logs, DNS lookups, and HTTP header checks. We do not exploit anything, run automated attack tools, or touch your application in any intrusive way. It's the same as what any researcher could do from a browser.

How is this different from a full penetration test?

The free recon covers your external attack surface only — what's visible from the outside without any credentials. A full pentest goes much deeper: authenticated user flows, business logic flaws, IDOR/BOLA in your API, authorization bypass, injection vulnerabilities in your application code. The recon is a starting point, not a substitute.

Who is this for?

Bootstrapped and growth-stage SaaS founders who handle real customer data but haven't had a formal security review done. If you're between $30K and $500K MRR, managing user accounts or payment data, and the thought "we should probably get our security tested" has crossed your mind — this is for you.

How long does delivery take?

Within 24 hours of receiving your domain. Usually faster. We'll reply to confirm receipt, and you'll have the PDF in your inbox the same day or next morning.

Can I use the report with customers or investors?

The free recon report is a diagnostic, not a formal audit. For a document you can share in an enterprise sales process, due diligence data room, or compliance questionnaire, you need a full pentest report. Our paid packages include a certificate of completion and a formatted report built for exactly that purpose.

Get your free recon report

Email us your domain. We'll have your external attack surface report in your inbox within 24 hours.

Email us your domain