Olimpio scans your external domains and infrastructure, identifies real vulnerabilities, and delivers a plain-English report with step-by-step remediation — no security expertise needed.
// external assessment · olimpio.io
✓ 4 subdomains discovered
✓ 11 services enumerated
⚠ 2 medium severity findings
✗ 1 critical — exposed admin panel (8080/tcp)
→ AI remediation attached
Report ready · Download PDF ↓
For IT consultants & MSPs
Add external vulnerability assessments to your offering in minutes. No specialist knowledge, no expensive tooling — just professional results your clients will trust.
A new revenue line
Bill clients for professional security assessments without hiring a specialist. Starter pays for itself with a single client engagement.
No security expertise needed
Olimpio runs the scan and explains every finding in plain English. You deliver the value — the tool does the heavy lifting.
Reports clients can actually read
Every scan produces a severity-coded PDF with plain-English descriptions and step-by-step remediation. Hand it straight to your client.
olimpio · assessment report
Prepared for: Acme Ltd
acme-ltd.co.uk · 29 May 2026
1
Critical
3
High
5
Medium
8
Low
What Olimpio covers
From subdomain enumeration to AI-interpreted CVE findings — everything you need to understand and communicate your real exposure.
Full enumeration of your external domains, subdomains, DNS records, and associated external IP addresses. Surfaces assets you didn't know were exposed.
Scans open ports and running services on your external domains and IP addresses, flagging anything that shouldn't be internet-facing. External attack surface only — no internal network scanning.
Automated checks against known CVEs and misconfigurations — from outdated TLS to exposed admin interfaces.
Every finding explained in plain English with business context and step-by-step remediation guidance.
Severity-coded findings with an executive summary — ready to share with your IT provider or board.
Email alerts on scan completion are available across all plans. Scheduled scans (1 domain/month) are live on Starter. Flexible recurring scheduling is coming July 2026 with Professional.
Finds exposed or leaked API keys across your domain and linked GitHub repos. Track your keys and get scheduled email reminders when rotation is due — before attackers find them first.
Findings are mapped against Cyber Essentials controls after each scan, showing where you align and what to fix — practical guidance for UK businesses working toward certification.
Pricing
No contracts. Cancel anytime.
Free
Run a scan and see what is exposed — no card needed.
Essential
For small businesses that want simple monthly security checks.
Starter
For growing businesses and consultants that need regular security checks.
No credit card required on Free · Cancel Essential or Starter anytime · Payments processed by Stripe
Need multi-client workspaces, white-label reports or API access? Consultant plans are available on request.
External IPs / domains
External scans
Scan type
AI plain-English explanations
Executive PDF reports
Scheduled scan
Cyber Essentials mapping
Secrets detection
Email alerts on scan completion
Support
| Feature | Free | Essential | Starter |
|---|---|---|---|
| External IPs / domains | 1 | 1 domain | Unlimited |
| External scans | 2 scans | 4 / month | Unlimited |
| Scan type | Standard | Standard | Standard + Deep |
| AI plain-English explanations | Top findings | Critical, High, Medium & Low | All findings |
| Executive PDF reports | 1 (watermarked) | 2 / month | 4 / month |
| Scheduled scan | Monthly | Weekly + monthly | |
| Cyber Essentials mapping | |||
| Secrets detection | |||
| Email alerts on scan completion | |||
| Support | — | Priority email |
Get started free
See exactly what attackers see — in minutes. No setup, no credit card, no jargon.
Start your free scan →Takes 30 seconds to sign up · Standard results in ~20 minutes · No credit card required
Questions? Email us at joe@olimpio.io
Blog
A practical 15-point security checklist for UK small business websites — covering the most common vulnerabilities, what to check, and how to fix each one without needing a dedicated IT team.
Read more →A leaked API key can give attackers full access to your cloud services, payment processor, or email platform within minutes of being exposed — here is how it happens and what to do if it happens to you.
Read more →DMARC, SPF, and DKIM are three DNS records that protect your email domain from being spoofed by attackers — and missing even one of them leaves your business and your customers exposed.
Read more →