Olimpio is an automated external security scanner. It checks what's visible and reachable from the public internet — the same view an attacker gets before they target your business.
Port scanning
We scan your domain's open TCP ports. Standard scans cover the 1,000 most common ports; Professional scans cover the top 5,000. We identify which ports are open and what services are running on them, then check those services for known misconfigurations and vulnerabilities.
We do not scan UDP ports.
Subdomain discovery
We discover subdomains automatically using three sources: a wordlist of common prefixes (www, api, app, mail, admin, and others), passive enumeration from public certificate and DNS databases, and certificate transparency logs. We scan up to 20 subdomains per target.
Large organisations with many subdomains may see partial coverage — we scan the first 20 discovered, not every subdomain that exists.
Web security headers
We check every web service we find for the security headers browsers expect:
- HSTS and whether subdomains are included
- X-Content-Type-Options
- X-Frame-Options
- Content Security Policy — including unsafe-inline and unsafe-eval directives
- Referrer-Policy
- Permissions-Policy
- Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy
- Cookie flags: Secure, HttpOnly, and SameSite
Email security (DNS hygiene)
We check the DNS records that protect your domain from email spoofing and phishing:
- SPF — presence, strength, and whether the lookup limit is exceeded
- DMARC — presence, enforcement policy, and partial enforcement
- DKIM — tested across 44 known email provider selectors, with key strength checked
- CAA records — whether unauthorised certificate authorities are blocked
- DNSSEC — whether DNS records are cryptographically signed
- MX records — whether email infrastructure exists
SSL/TLS certificates
We check every HTTPS service for certificate expiry. Certificates expiring within 30 days are flagged as Medium severity; expired certificates are flagged as High. We also check for self-signed certificates and hostname mismatches.
We do not perform full cipher suite enumeration. For a complete TLS configuration audit, a dedicated tool such as testssl.sh is recommended.
Known vulnerabilities and misconfigurations
We run a curated set of checks against all discovered services, including:
- Exposed sensitive files (.env, .git/config, database dumps, backup archives)
- Exposed admin panels (WordPress, phpMyAdmin, Jenkins, Grafana, and others)
- Default credentials on common services
- Unauthenticated databases (Redis, MongoDB, MySQL)
- Insecure network services (FTP anonymous login, Telnet, VNC, RDP without NLA, SMB guest access)
- CVE-tagged vulnerabilities on Professional/Deep scans
IP scanning vs domain scanning
Scanning a domain gives you the full picture: subdomains, DNS hygiene, email security, web checks, and vulnerability templates.
Scanning a bare IP address gives you port and service coverage only. DNS hygiene checks (SPF, DMARC, DKIM) are skipped for IP targets because they require a domain name to run. If you manage infrastructure by IP, scan the associated domain for complete results.
What Olimpio does not do
- No authenticated scanning — we cannot test behind login walls or check internal-only routes
- No internal network scanning — private IP ranges are blocked; we only scan publicly routable addresses
- No penetration testing — Olimpio is automated misconfiguration detection, not a substitute for a manual pen test
- No code scanning — we do not analyse source code, dependencies, or container images
- No active exploitation — we detect vulnerabilities but do not attempt to exploit them
- No WAF bypass — targets with aggressive firewalls or rate limiting may return fewer findings
- No remediation verification — fixing an issue requires running a new scan to confirm it's resolved