Attack Simulation & Vulnerability Scanning

Find your vulnerabilities
before attackers do.

Vulnus runs automated attack simulations against your web apps and AI systems, and delivers plain-English reports your team can act on — within 48 hours.

No installation required
Results in 48 hours
EU AI Act ready
vulnus — scan engine
$ vulnus scan --target https://target.example.com
Trusted methodology: OWASP Top 10 · 10,000+ attack templates · AI/LLM security testing · EU AI Act compliance checks · Delivered as branded PDF reports
How it works

From target to report in 48 hours.

01
You share your domain
Tell us what to test. We handle scoping, rules of engagement, and legal documentation before anything runs.
No setup needed
02
We run the simulation
Our engine fires 10,000+ attack templates against your target — the same techniques real attackers use, without the damage.
~5 minute scan
03
You get a clear report
Every finding explained in plain English, prioritised by risk, with exact fix recommendations your developers can act on immediately.
PDF + summary
Coverage

What Vulnus tests.

🌐
Web Application Security
HTTP headers, authentication, session management, injection vulnerabilities, exposed APIs, server fingerprinting, and more.
🤖
AI & LLM Systems
Prompt injection, jailbreaking, data leakage, model manipulation, and compliance with the EU AI Act high-risk requirements.
🔒
TLS & Certificate Health
Expired certificates, weak cipher suites, deprecated TLS versions, mismatched domains, and HSTS configuration.
📧
DNS & Email Security
SPF, DMARC, DKIM configuration, DNS spoofing exposure, nameserver security, and domain expiry monitoring.
Regulatory deadline
The EU AI Act enforcement
starts August 2026.
Companies deploying high-risk AI systems in the EU must demonstrate security testing and risk assessment. Vulnus provides the documentation trail you need — before regulators come asking.
AUG
2026
Enforcement begins
Pricing

Cheaper than a breach.

Starter
€1,499 / engagement
A full attack simulation with a branded PDF report. Perfect for your first security assessment.
  • Full automated scan (10,000+ templates)
  • Plain-English findings report
  • Prioritised fix recommendations
  • PDF delivered within 48 hours
  • Rules of engagement included
Get started →
Retainer
€4,999 / month
Continuous attack simulation. Know your security posture at all times, not just once a year.
  • Everything in Professional
  • Weekly automated rescans
  • New vulnerability alerts
  • Monthly trend report
  • Dedicated point of contact
  • Remediation partner referrals
Get started →

All engagements include signed NDA and Rules of Engagement documentation. No hidden fees.

FAQ

Common questions.

Is this a real penetration test?
Vulnus runs automated attack simulations using the same tools and techniques as manual pentesters — but at a fraction of the cost and time. For most businesses, this covers the critical attack surface. Manual pentests (which cost €5,000–€15,000) remain useful for complex, bespoke applications.
Will the scan affect my live website?
Our scans are designed to be non-destructive. We test for vulnerabilities without exploiting them — meaning we probe for weaknesses but never execute attacks that would damage, modify, or take down your systems. All activity is agreed upfront in the Rules of Engagement.
Do you fix the vulnerabilities you find?
Vulnus is a pure red team tool — we find and document vulnerabilities with clear fix guidance. Remediation is the responsibility of your development team. If you need support, we can refer you to vetted remediation partners.
How do you handle my data and confidentiality?
Every engagement starts with a signed NDA. Scan results are delivered only to you and never stored longer than necessary. Vulnus is registered in the Netherlands and operates under EU GDPR.
We're not technical — can we still use Vulnus?
Yes. Our reports are written in plain English specifically for non-technical stakeholders. Every finding includes a business-risk explanation alongside the technical detail. Your team doesn't need to understand hacking to act on the results.

Ready to find your
blind spots?

Leave your email and we'll reach out within 24 hours to scope your engagement.