Attack Surface Mapping
Subdomains, DNS records, exposed services, historical clues, Cloudflare leakage, and host enumeration.
Passive External Security Reviews
Website security scanning that looks sharp, reads clearly, and gives clients evidence.
Tutelis Aegis chains modern reconnaissance, exposure validation, SSL and email checks, GDPR review, and professional PDF reporting into one disciplined passive scanning workflow.
Passive
No exploit-driven activity. Reviews are built around observation, validation, and evidence capture.
Each engagement closes with a professional report suitable for technical teams and stakeholders.
GDPR
Privacy, cookie, policy, and external data handling checks sit alongside the security review.
What Sets This Apart
Three reasons clients choose a chained passive review over running a single free tool.
Chained Tooling
subfinder, dnsx, httpx, nuclei, ZAP, and more are run in a structured sequence — each tool feeding the next — so nothing is missed and results are cross-verified.
Verified Findings
Raw scanner output is filtered before it reaches a report. Only credible, reproducible findings make the cut — no false-positive noise handed to a client as fact.
Professional PDF Output
Every engagement ends with a report a client can share with their team, their board, or their insurer — not a raw export from a tool dashboard.
What The Service Covers
Security visibility for the risks clients actually miss.
The offer is not just “we run tools.” It is a structured review of external attack surface, web exposure, privacy posture, and the quality of the evidence you hand to a client afterward.
Web Security Review
Headers, SSL posture, reachable assets, template exposures, reflected input checks, and passive issue validation.
Email And Domain Hygiene
SPF, DKIM, DMARC, MX configuration, mail exposure, and common trust signals that impact reputation.
GDPR And Privacy Checks
Cookie handling, policy visibility, consent patterns, third-party embeds, and external data risk indicators.
Process
A clean four-step engagement model.
01
Scope the target
Define the domain, confirm the passive-only approach, and set the reporting expectations.
02
Chain the scans
Run recon, web validation, SSL, email, privacy, and issue-detection workflows in sequence.
03
Verify the findings
Filter noise, keep the credible signals, and score the issues by business relevance.
04
Deliver the report
Package the output into a professional PDF with priorities, notes, screenshots, and remediation guidance.
What Clients Receive
Executive Summary
A non-technical overview that explains the business risk in plain language.
Technical Findings
Structured issue entries with evidence, severity, and suggested remediation.
Asset Inventory
A clearer picture of domains, hosts, reachable services, and external dependencies.
Remediation Order
An action list that tells teams what to address first instead of burying them in noise.
No Access Required
Every scan runs entirely from the outside. We need only the domain name — no credentials, no agents, no changes to your infrastructure. That makes the review safe to commission at any stage.
Find out what your website exposes before someone else does.
A complete passive review — surface mapping, web security, SSL, email hygiene, and GDPR posture — delivered as a professional PDF report.
No agents installed. No dangerous activity. No access to your systems required. We work entirely from the outside, the same way an attacker would look — and hand you the evidence in a format you can act on.