Spectre
External Attack Surface Management

Know your exposure
before they do.

Spectre maps, scores and monitors your entire external attack surface — from DNS to credentials to cloud infrastructure. AI-augmented. Compliance-ready.

Start scanningSee it live

Used by security teams across Spain and Europe

spectre — scan
0+
Scanner modules
A–F
Security grade
0
Compliance frameworks
<10min
Time to first scan
What Spectre detects

Your entire perimeter,
mapped automatically.

Domains
TLS certificates
Open ports
Exposed credentials
Subdomain takeover
Cloud storage
DMARC misconfiguration
Admin panels
JavaScript secrets
WAF presence
DNSSEC
CORS policy
Cookie compliance
Threat intelligence
Google Safe Browsing
AI endpoint exposure
Domains
TLS certificates
Open ports
Exposed credentials
Subdomain takeover
Cloud storage
DMARC misconfiguration
Admin panels
JavaScript secrets
WAF presence
DNSSEC
CORS policy
Cookie compliance
Threat intelligence
Google Safe Browsing
AI endpoint exposure
Platform

Built for security teams
that need signal, not noise.

External attack surface

35 base modules. Wave architecture. Every public-facing asset, scored and ranked by exploitability.

All plans

AI kill chain

Claude agent chains findings into real attack scenarios. Understands context, not just CVEs.

Pro

Compliance by default

NIS2, SOC2, Cyber Essentials. Automatic mapping from every scan. Audit-ready exports.

Pro

Internal connectors

M365, Google Workspace, GitHub, AWS, Slack. Correlate internal posture with external exposure.

Enterprise

Security certificate

Verifiable SPT-CERT with embeddable trust badge. Show clients and partners you take security seriously.

Pro

Security timeline

Continuous improvement record for auditors and boards. Every finding, every fix, every score change.

Pro
How it works

From domain to insight
in under ten minutes.

01

Add your domain

Verify ownership and connect in under 60 seconds. No agent installation. No network changes.

02

Scan runs automatically

55+ modules execute in parallel. AI agent analyses findings, chains attack paths, estimates financial exposure.

03

Act on what matters

Prioritised findings, EUR impact, compliance status, PDF report. Everything your team and board need.

Advanced security testing — by request

Human-grade pentest
with AI precision.

Our security engineers conduct targeted penetration tests against your infrastructure — guided by Spectre's attack surface data. Every engagement is scoped, authorised, and documented to audit standard.

  • Scoped to your verified domains
  • Full written report with exploit proofs
  • Mapped to NIS2 / SOC2 controls
  • Re-test included
Test vectorCoverage
SQLi time & error based
Confirmed
SSRF cloud metadata
Confirmed
XSS reflection & stored
Confirmed
JWT algorithm confusion
Confirmed
Password reset poisoning
Confirmed
CSRF token validation
Likely
Business logic tampering
Confirmed
Rate limiting bypass
Manual review

Scope and test vectors are confirmed during intake. All engagements require written authorisation.

Compliance

Three frameworks.
Mapped automatically from every scan.

NIS2

EU Directive · Article 21 measures

  • Risk analysis & information security policies
  • Incident handling & business continuity
  • Supply chain security assessment

Automatically mapped from every scan

SOC 2

Trust Service Criteria · AICPA

  • CC6 — Logical & physical access controls
  • CC7 — System operations & monitoring
  • A1 — Availability & infrastructure

Automatically mapped from every scan

Cyber Essentials

UK Government scheme · NCSC

  • Boundary firewalls & internet gateways
  • Secure configuration of devices
  • Patch management & vulnerability control

Automatically mapped from every scan

Pricing

Simple, transparent
pricing that scales with you.

Essential

€49one-time

Single domain report for teams that need answers now.

  • 1 on-demand scan
  • Full PDF security report
  • Security score & grade
  • 35+ check modules
  • Email findings summary
Get started
Most popular

Pro

€89/month

Continuous monitoring and compliance for growing security teams.

  • Unlimited scans
  • Continuous monitoring
  • AI kill chain narrative
  • NIS2 / SOC2 / Cyber Essentials
  • Security certificate (SPT-CERT)
  • Security timeline
  • Slack & email alerts
  • PDF report on demand
Start Pro

Enterprise

€349/month

Advanced connectors and priority support for larger organisations.

  • Everything in Pro
  • M365, G Workspace, GitHub, AWS
  • Slack connector
  • Threat intelligence (CISA KEV)
  • Business risk analysis (EUR)
  • Dedicated support
  • Custom scan frequency
  • SLA guarantee
Contact us

Need a full penetration test?

Scoped engagements for teams that need human-grade offensive testing.

Built on enterprise-grade infrastructure

RailwaySupabaseStripeAnthropic

Your attack surface
is already being mapped.

The question is whether you see it first.

Start your first scanor talk to us about enterprise →