Cyber security assessments
automated end-to-end
Run comprehensive cyber security assessments and security risk assessments with automated scanning across 16 modules, AI-powered reporting, and professional client delivery — all in one workflow.
No credit card required. Free plan available forever.
Run external security assessments from domain verification to client delivery
External security assessments are the most common engagement type for security consultancies and internal security teams. They answer a fundamental question: what does this organisation look like to an attacker on the internet? The challenge is that running a thorough external assessment traditionally requires stitching together multiple tools — a subdomain enumerator, a port scanner, an SSL checker, a header analyser — then manually consolidating results into a report. Each tool has its own output format, its own quirks, and its own gaps.
SecPortal replaces that patchwork with a single workflow. Verify domain ownership to ensure you are authorised to scan, launch a comprehensive scan across 16 security modules, review and triage findings by severity, then generate a professional report and deliver it through your branded client portal. The entire process — from domain verification to client-ready deliverable — can be completed in minutes rather than hours.
Domain verification ensures authorised scanning
Before any scan runs, SecPortal requires proof that you control the target domain. This prevents unauthorised scanning and ensures compliance with responsible disclosure practices. Three verification methods are supported to accommodate different levels of access.
- DNS TXT record: add a unique verification token as a TXT record on the target domain to prove administrative control
- Meta tag: place a verification meta tag in the HTML head of the target domain root page for instant browser-based verification
- File upload: host a verification file at a well-known path on the target domain to confirm server-level access
16 scan modules covering the full external attack surface
SSL/TLS Analysis
Certificate validity, protocol versions, cipher strength, HSTS enforcement, and certificate chain verification across all discovered subdomains.
Security Headers
Content-Security-Policy, X-Frame-Options, Permissions-Policy, and 12 other HTTP response headers checked against security best practices.
Port Scanning
TCP port enumeration across common service ports, banner grabbing, service identification, and exposure of unnecessary services to the internet.
Subdomain Discovery
DNS enumeration, certificate transparency log mining, and wordlist-based brute-forcing to map the full external attack surface.
Cloud Exposure
Detection of misconfigured S3 buckets, Azure blobs, GCP storage, and other cloud resources leaking data or accessible without authentication.
Technology Fingerprinting
Identification of web servers, frameworks, CMS platforms, JavaScript libraries, and their versions for known vulnerability correlation.
Report generation and delivery options
- AI-generated executive summary with risk overview, key findings, and prioritised remediation recommendations for non-technical stakeholders
- Technical report with full finding details, CVSS scores, evidence, and step-by-step remediation guidance for engineering teams
- Branded client portal access where clients can review findings, track remediation status, and download reports at any time
- PDF export with professional formatting, severity breakdowns, and appendices for offline distribution and compliance archives
- CSV and Excel export of all findings for integration with ticketing systems, GRC tools, or internal vulnerability databases
- Scheduled recurring scans with automatic comparison against previous results to track remediation progress over time
Whether you are running a one-off assessment for a new client or managing continuous external monitoring across dozens of domains, SecPortal provides the workflow to go from target to deliverable without switching tools. Every scan result, finding, and report lives in one place, giving you a complete audit trail and the efficiency to scale your assessment practice.
How it works in SecPortal
A streamlined workflow from start to finish.
Verify domain ownership
Add the target domain and verify ownership via DNS TXT record, meta tag, or file upload. This ensures only authorised targets are scanned.
Run automated scan
Launch a full scan across 16 modules — SSL, headers, ports, subdomains, cloud exposure, and more. Get Phase 1 results instantly, Phase 2 results from the background worker.
Review and deliver
Triage findings by severity, generate an AI-powered report, and share results through the branded client portal or PDF export.
Run your first assessment
Verify a domain and launch your first scan in under two minutes.
No credit card required. Free plan available forever.