Skip to main content

Methodology

How Titanos Security scans external attack surfaces. No exploits. No auth attempts. Banner-grade evidence only.

WHAT WE SCAN · WHAT WE DON’T DO

External, publicly-reachable network surfaces only. We probe what the open internet can already see — nothing private, nothing authenticated.

WHAT WE SCAN

  • Open ports on the customer’s domain (standard 15-port sweep)
  • Service banners (returned voluntarily by your services on connect)
  • TLS / SSL certificate validity, expiry, signature
  • HTTP security headers (HSTS, CSP, X-Frame-Options)
  • DNS records (publicly resolvable subdomains via standard zone walks)
  • Known CVEs matching reported service versions

WHAT WE DON’T DO

  • Authentication attempts (no password guessing, no credential stuffing)
  • Exploit attempts (we never try to use a vulnerability we find)
  • DoS / DDoS / brute force / aggressive scans
  • Data exfiltration (we never read DB contents, file contents, email contents)
  • Phishing of staff (we don’t email or call your team to test them)
  • Physical / social engineering tests

TOOLS USED

We use industry-standard open-source security tooling — the same tools your auditors and threat-modellers use.

  • nmap with banner detection (-sV) — port + service identification
  • openssl s_client — TLS validation
  • curl with custom headers — HTTP response inspection
  • dig + crt.sh — DNS + certificate-transparency lookups
  • NVD CVE database (publicly licensed) for version → known-vuln mapping

RESPONSIBLE DISCLOSURE

Every Titanos finding ships with a 90-day responsible disclosure window. If a recipient needs more time to remediate, we extend it. We do not publish, sell, or share findings with third parties during that window.

This is the same practice followed by national CERTs (AustCERT, CERT NZ, CSA Singapore) and by responsible security researchers. The window exists so the affected business has time to act.

SCOPE

We scan organisations across Australia, New Zealand, and Singapore — typically B2B SaaS, mid-market commercial, and listed companies. We do not scan:

  • Government domains (.gov.au, .gov.nz, .gov.sg, .govt.nz, .edu.au)
  • Critical infrastructure operators
  • Companies that have asked to be removed (suppression list honoured forever)
  • Domains that don’t resolve or have no public services

WHAT YOU GET

Our standard external scan output:

  • Findings ranked by severity (Critical, High, Medium, Low, Info)
  • For each finding: the evidence, the affected port/service, and a remediation step
  • For each finding: reproduction command (so your engineering team can verify independently)
  • Summary suitable for sharing with auditors, insurers, or your board

HOW WE DELIVER

Free protective disclosure: a plain-text report emailed direct to your inbox from kyle@titanos.tech within one business day. No signup. No portal to log into. Reply to the email if you need the findings in a different format for your auditor.

Beyond the free scan, Titanos offers two paid engagements: AU Privacy Act + Essential Eight Compliance (done with you) and AI Implementation for Business (project-quoted). Both are listed at titanos.tech.

HOW TO VERIFY US

Three independent ways. Every claim we make is one of these checks away from a third-party audit.

Reproduce with nmap

Every finding ships with the exact nmap -sV {target} -p {port} command. Verify any claim in 30 seconds.

Email Kyle directly

Email kyle@titanos.tech directly to confirm any communication is genuine.

REMOVAL

Reply remove to any email from us and your domain is suppressed permanently. We honour the request immediately.