Complete coverage of your external attack surface

Full EASM solution

Small attack surface

Customized, scalable, and flexible External Attack Surface Management

Talk to us to learn more about how Surface Monitoring and Application Scanning give broader and deeper coverage of your attack surface. Our team will set you up with a customized 2-week free trial to help you get the most out of our External Attack Surface Management platform.

Talk to us for a free trial

How we calculate prices

Benefit from:

Continuous and automated

discovery, inventory, and monitoring of all Internet-facing assets.

Set custom policies

on your attack surface and get alerted when changes are identified.

Unique crawling and fuzzing engine

optimized for security testing of modern web applications.

99.7% accuracy rate

of vulnerability assessments through payload-based testing.

Enrich assets with critical information

such as open ports, DNS record types, and technologies hosted on each asset.

Monitor enterprise products

and prevent malicious hackers from accessing business data stored on your systems.

For small attack surfaces, we offer a self-serve option

We recommend combining Surface Monitoring and Application Scanning for the most comprehensive external attack surface coverage. After your trial is over, you can buy directly in tool.

Start 2-week free trial

Included in a 2-week free trial:

  • Surface Monitoring: 2 apex domains with continuous monitoring for the whole trial period.
  • Application Scanning: 5 scan profiles (domains or subdomains), with unlimited scans per scan profile.
  • No card needed to get started.
Start 2-week free trial


Surface monitoring

from $289 /month

Includes up to 25 subdomains, billed annually.

Continuously monitor and secure known and unknown internet-facing assets.

Learn more


Application Scanning

from $89 /month

Per scan profile, billed annualy.

Run in-depth and unlimited scans against your web apps with targeted scan profiles.

Learn more

This page is for informational purposes only and is subject to change. For detailed pricing, contact sales.


See what our customers think

Don't just take our word for it. We've helped several of the world's most popular digital product companies, organizations with many subsidiaries, and those with issues in third-party software and supply chains stay secure.

Read case studies

Marcin Hoppe



“There are a lot of extremely noisy tools, and they generate a lot of findings, but to get to the true positives, you have to spend a lot of time analyzing the results. So we were very happy with the low rate of Detectify's false positives.”

Michelle Tolmay



“With Surface Monitoring, we found subdomains we didn’t know we had. Not only would we likely not have found these subdomains, but we also wouldn’t have known about them until someone did something really nasty on one of them and held us to ransom over it.”

Catalin Curelaru



“We used other tools before, but we chose Detectify because it helps us reduce false positives and gets much information from the availability perspective.”

Certification and awards

G2 Badge Leader 2022
G2 Badge Easiest To Do Business With 2022
G2 Badge High Performer 2022
G2 Badge Users Love Us

Frequently asked questions

Here are some of the most frequently asked questions we receive and their answers, all gathered in one place.

  • Why do you recommend your full EASM solution?

    Our full External Attack Surface Management solution offers complete coverage of your entire attack surface. Although Surface Monitoring and Application Scanning can be used separately, we recommend using them together to ensure you don't miss anything on your external attack surface.

    Both products complement each other - Surface Monitoring gives you a comprehensive view of your attack surface, while Application Scanning gives you deeper insights on custom-built applications.

  • Why should I pick Detectify to help me with External Attack Surface Management?

    Detectify was founded by ethical hackers and continues to work closely with the ethical hacking community - Crowdsource is one of the things that makes us unique, after all. Research from our community of ethical hackers helps us build new tests and continuously add them to the Detectify platform daily. This ensures that our customers constantly monitor and scan their growing attack surface for the latest, previously unknown vulnerabilities. External Attack Surface Management has been on our radar for several years, and we're working hard to continue developing Detectify and offer our customers the best attack surface coverage.

  • How do I get started? (Full EASM solution)

    Scheduling a short demo is the best way to get started if you have multiple domains, subdomains, and web applications you want to monitor. Our sales team will help you get the most out of your trial with a customized set-up based on your attack surface needs.

  • How do I get started? (For small attack surfaces)

    For small attack surfaces, a 2-week free trial is the easiest way to get started. When you sign up for a trial, you'll have to add and verify ownership of the domains you would like to test to confirm that you're authorized to run security tests on them. Once your domains are verified, you're ready to start using Detectify. Simply 'toggle on' Surface Monitoring to begin continuous monitoring and run your first scan with Application Scanning.

    Read more about getting started and domain verification.

  • What’s included in a 2-week free trial?

    You’ll get access to both Surface Monitoring and Application Scanning during your 2-week free trial.

    Surface Monitoring: During your free trial, you can add up to 2 apex domains and will get continuous monitoring of these for the whole trial period.

    Application Scanning: During your free trial, you can add up to 5 domains or subdomains as separate scan profiles, with an unlimited number of scans per scan profile.

    This ensures that you can explore both the breadth and depth of your attack surface and maximize product use during the trial.

  • What happens after my trial has ended?

    You’ll still be able to log in to the tool and access old results, but you’ll no longer be able to monitor your assets or run new scans. If you delete your Team, this will remove any data. To continue using either or both products, you need to become a paying customer.

  • What are Scan Profiles and Assets?

    A Scan Profile can be a domain, subdomain, or IP address you own, which can be configured and customized to suit your needs. It represents the application or part of the application you would like to run in-depth scans on.

    Assets are domains that you want to monitor or scan. We recommend adding apex or root level domains to get maximum coverage of your attack surface when adding assets.

  • Does Detectify integrate with my existing workflow?

    Yes! We believe security should be part of your everyday workflow, which is why we love integrations that allow us to push Detectify notifications to the channels you're using.

    Don't see a service you utilize among our integrations? We work with our customers to continuously update the list of integrations. Reach out to us.

  • What forms of payment do you accept?

    We accept credit cards (Visa, MasterCard, American Express, Diners Club) and annual invoices (The minimum order value for an invoice is $1650/€1500).

  • I still have questions; who can I reach out to?

    You can contact us if you need further help, or check out Knowledge Base for tips on getting started, configurations, settings, and more.