What we scan
External, publicly-reachable network surfaces only. We probe what the open internet can already see — nothing private, nothing authenticated.
- Open ports on the customer's domain (standard 15-port sweep)
- Service banners (returned voluntarily by your services on connect)
- TLS / SSL certificate validity, expiry, signature
- HTTP security headers (HSTS, CSP, X-Frame-Options)
- DNS records (publicly resolvable subdomains via standard zone walks)
- Known CVEs matching reported service versions
What we don't do
If a tool would require permission, we don't use it. Period.
- No authentication attempts (no password guessing, no credential stuffing)
- No exploit attempts (we never try to use a vulnerability we find)
- No DoS / DDoS / brute force / aggressive scans
- No data exfiltration (we never read DB contents, file contents, email contents)
- No phishing of staff (we don't email or call your team to test them)
- No physical / social engineering tests
Tools used
We use industry-standard open-source security tooling — the same tools your auditors and threat-modellers use.
- nmap with banner detection (-sV) — port + service identification
- openssl s_client — TLS validation
- curl with custom headers — HTTP response inspection
- dig + crt.sh — DNS + certificate-transparency lookups
- NVD CVE database (publicly licensed) for version → known-vuln mapping
Responsible disclosure
Every Titanos finding ships with a 90-day responsible disclosure window. If a recipient needs more time to remediate, we extend it. We do not publish, sell, or share findings with third parties during that window.
This is the same practice followed by national CERTs (AustCERT, CERT NZ, CSA Singapore) and by responsible security researchers. The window exists so the affected business has time to act.
Scope
We scan organisations across Australia, New Zealand, and Singapore — typically B2B SaaS, mid-market commercial, and listed companies. We do not scan:
- Government domains (.gov.au, .gov.nz, .gov.sg, .govt.nz, .edu.au)
- Critical infrastructure operators
- Companies that have asked to be removed (suppression list honoured forever)
- Domains that don't resolve or have no public services
What you get
Our standard external scan output:
- Findings ranked by severity (Critical, High, Medium, Low, Info)
- For each finding: the evidence, the affected port/service, and a remediation step
- For each finding: reproduction command (so your engineering team can verify independently)
- Summary suitable for sharing with auditors, insurers, or your board
How we deliver
Free protective disclosure: a hosted HTML report at api.titanos.tech/r/{slug}/ for each affected organisation. No signup required. Each URL is unique to the recipient and includes a robots-noindex tag so the report is not search-indexed.
Beyond the free scan, Titanos offers two paid engagements: AU Privacy Act + Essential Eight Compliance (done with you) and AI Implementation for Business (project-quoted). Both are listed at titanos.tech.
How to verify us
Three independent ways:
- Verify the ABN below at abr.business.gov.au
- Reproduce any finding using the nmap -sV {target} -p {port} command included in the report
- Email [email protected] directly to confirm any communication is genuine
Removal
Reply remove to any email from us and your domain is suppressed permanently. We honour the request immediately.