Call +47 94 13 33 17

One-shot · Signed by a security professional · 3 business days

We see your company
the way an attacker does.

30 passive security checks plus active pen-test recon against your domain, server, and the web stack behind it. Delivered as a short, readable PDF: a 2-minute summary up front, detailed fix instructions you can work from yourself or hand to your developer or web agency, and a prioritized action plan. Need help fixing the findings? I can take the job too (see below). No subscription, no lock-in.

In 8 out of 10 small and mid-sized companies we find at least one critical vulnerability. The most common findings:

  • Exposed .env files with passwords and API keys
  • Open admin panels with no access control
  • Missing DMARC, so anyone can send email in your name
  • Outdated CMS versions with known vulnerabilities
  • Leaked employee passwords found on the dark web
Compliance Relevant for NIS2, GDPR, and insurance requirements.
Not ready to order? Try the free passive check →
Launch price · limited time
$199 one-shot · USD

Standard price from 2026: $449.

No subscription. · Delivered in 3 days. · 14 days of email follow-up.

Tools I use daily Nmap Nikto OWASP testssl.sh SpiderFoot nuclei Pen-test AI Agents

What you get

A report you can bring to the board meeting.

Not 47 pages of technical parameters you have to interpret yourself. A readable PDF that tells you what is strong, what is weak, and what must be fixed first.

01

Executive summary

One page for the board or CEO: key findings, score, and recommended action. Ready to forward.

02

30 technical check points

SSL/TLS, DNS, email authentication, security headers, exposed files, dark-web exposure, and more. Each one with reasoning.

03

Prioritized action plan

What needs to be fixed this week, what can wait, and what is optional. Estimated work hours for each.

What we actually check

  • SSL/TLS certificate and chain
  • Certificate expiry date
  • HTTP-to-HTTPS redirect
  • HSTS header
  • DNSSEC status
  • CAA records
  • SPF record
  • DKIM configuration
  • DMARC policy
  • MTA-STS
  • TLS-RPT
  • BIMI record
  • MX provider health
  • X-Frame-Options
  • Content-Security-Policy
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy
  • Server-header exposure
  • Exposed .git, .env, backup files
  • Open admin panels
  • Subdomain-takeover risk
  • Certificate Transparency log
  • JS third-party integrity
  • Tracker and cookie analysis
  • WHOIS health
  • Block-list check
  • HIBP hits on all employee emails
  • Dark-web exposure for the domain
  • Phishing domains that look like yours

How the report is structured

Readable PDF, not a data dump.

Usually 10 to 30 pages, depending on how many findings come up. The first page reads in 2 minutes, and you do not need to be a technician to understand what must be fixed and what it means. The rest is detailed fix instructions: some you can do yourself (passwords, settings, updates), the rest is handover-ready so you can send it straight to your developer or web agency, or let me at Mustvedt Sentinel take the job by the hour.

Contents

  • 01Executive summaryp. 2
  • 02Total score and critical findingsp. 3
  • 03DNS, certificate, and infrastructurepp. 4–5
  • 04Email authentication, SPF/DKIM/DMARCpp. 6–7
  • 05HTTP headers and web securityp. 8
  • 06Offensive recon, Nmap/Nikto findingspp. 9–10
  • 07Dark web and leak exposurep. 11
  • 08Prioritized action planpp. 12–13
  • 09Appendix, raw data, and commands usedp. 14
📄 Download sample report (PDF)

A complete example of a finished delivery.

How we test

We see what attackers see, not just what a passive check shows.

Most domain scanners stop at DNS lookups and HTTP headers. It is safe and shallow, and it is what Cloudflare and MXToolbox do for free. We go one step further. On top of the 30 passive checks above, we run the same offensive tools a professional pen-tester would. With your written consent, you get a real outside-in perspective, not a sanitized version.

A1 · Active port scan

Nmap / service fingerprint

Which services actually respond from the outside? Which versions? Forgotten ports, old SSH versions, exposed database instances, everything sitting open.

A2 · Web vulnerability

Nikto / 6,700+ known CVEs

A web vulnerability scanner that hunts for known issues, old CMS versions, default admin paths, and common misconfigurations.

A3 · SSL deep test

testssl.sh / A+ to F grade

Full SSL/TLS audit. Weak ciphers, certificate-chain errors, BEAST/POODLE exposure, and an actual grade for the configuration.

A4 · Content scan

gobuster / hidden files and directories

Looks for forgotten files that attackers flag first: .git/, .env, backup zips, exposed admin panels.

A5 · OSINT recon

theHarvester / passive recon

Subdomains, employee emails, infrastructure that is publicly available via Bing, crt.sh, and OTX. Fully passive, it never touches your server directly.

A6 · Dark-web exposure

SpiderFoot / leak databases, stealer logs

Checks whether credentials, email addresses, or the domain itself sits exposed in public paste sites, leak databases, and known stealer logs.

Legal basis Active scans (A1 to A4) require written consent and ownership confirmation. You confirm ownership of the domain during the order, which gives us the right to run them. This is standard practice among professional pen-testers, and it is required under applicable computer-fraud and unauthorized-access laws. Passive tools (A5, A6) do not require consent since they never touch your server.
Want to go deeper?
See the commands, probes, and phases behind each tool, plus the specialist agents for AD, cloud, mobile, and more.
Read about the method

Why pay $199

The space between free tools and a full pen-test.

You can run MXToolbox for free and get half of these answers. You can hire a pen-test agency starting at $5,000 and get five times as much. This report sits in between, and it is where most small and mid-sized companies actually need something.

What you get
Free public tools
Pen-Test & Recon
Pen-test, agency
Passive checks (DNS, SPF, HIBP)
Yes
Yes
Yes
Active port scan (Nmap)
No
Yes
Yes
Web vulnerability scan (Nikto)
No
Yes
Yes
Dark-web and leak check
Partial (HIBP)
Yes
Yes
Written report, signed
No, you have to interpret it yourself
Yes
Yes
Prioritized action plan
No
Yes
Yes, often 30+ pages
Delivery time
Instant (but no report)
3 business days
2–6 weeks
Price
$0
$199launch price · standard $449 from 2026
$5,000–$10,000
Best for
A technical person who wants to do it themselves
Small and mid-sized companies that want a clear answer and an action plan
Companies with bigger budgets and compliance requirements

Written and signed by

Christer Mustvedt.

I built Mustvedt Sentinel myself, from DNS monitoring to dark-web recon, and I know the tools from the inside. When you order a report, I am the one you deal with, not a sales rep or an automated scanner. Every single finding is read, contextualized, and prioritized manually before it lands in the PDF.

I also fix the findings, if you want

Many customers want the report and help fixing what comes up. Mustvedt Sentinel offers implementation by the hour: password rotation, security headers, DNS and email setup (SPF/DKIM/DMARC), SSL configuration, removal of exposed files, updates of vulnerable components. You decide the scope after reading the report, and you are completely free to use a different vendor or do it yourself.

Mustvedt Sentinel, Norway Christer@mustvedt.net +47 94 13 33 17

Feedback

What customers say after the report.

Three customers, three completely different companies. What they share is that each one found something they did not know about.

We thought we had most of it in order. They found a staging server that had been wide open since 2022, with access to the same database as production. It was a bit of a cold sweat when I read the report, but not knowing is worse. Got concrete steps to hand to the IT vendor, not just "something is wrong".
Marius S. CEO Accounting firm · 14 employees · Bergen
I was expecting an automated scanner report at 80 pages with 200 "missing security header" findings. Instead I got 11 prioritized vulnerabilities with a proof-of-concept for each. Two of them a standard Nessus scan would never have caught, including an IDOR on our order endpoint. Worth the price for that alone.
Jonas H. Lead developer E-commerce · niche webshop
Honestly I ordered it mostly to have something to show a client who asked what we did about security. Figured everything was in order. Then the report found that our email was missing DMARC, meaning anyone could have sent invoices in our name. For a law firm that is not a small thing. It was fixed the same week.
Kristin B. Partner Law firm · Oslo

How it works

Five steps, 3 business days.

01 · Today

You order

You fill in the form, confirm ownership of the domain, and pay $199 via Stripe. I get a notification immediately.

02 · Day 1

Passive checks

The 30 passive check points: DNS, SSL, email auth, headers, dark web, leak databases. Automated, but every finding is reviewed manually.

03 · Day 2

Offensive recon

Active tools: Nmap, Nikto, testssl.sh, gobuster, and SpiderFoot run against your domain. This is what attackers would see, and it separates the report from a pure passive scan.

04 · Day 3

You get the PDF

Signed PDF to your email, with the executive summary, technical detail, and prioritized action plan.

05 · After

14 days of follow-up

You can ask questions by email for 14 days. I always reply the same day.

Common questions

What people ask.

Who delivers the report?

Christer Mustvedt, personally. Mustvedt Sentinel is a sole proprietorship, so you deal with the same person from order to delivery.

What if you find nothing wrong?

You still get the report. It is often worth having written documentation that the domain is in good shape. Many use it for audits or insurance documentation.

Do I need access to the server or hosting?

No. All 30 checks are done from the outside, from an attacker perspective. You only need to tell us which domain to check.

What about ongoing monitoring?

The report is a snapshot. If you want me to monitor the domain daily going forward, we have a PLUSS subscription at $10/year. Pick it within 30 days of the report and the first year is on us.

Is the price including tax?

$199 USD. Stripe handles the invoice. VAT or sales tax is added if your billing address is in a jurisdiction that requires it.

What if you find serious vulnerabilities?

If I find something that needs immediate action (exposed credentials, open admin panels, critical CVEs), I notify you immediately, not after the PDF is finished. We get on a call and agree on next steps. If you need help fixing it, I can take the job by the hour. You are free to use me, a web agency, or a developer you already have.

Why is the launch price $199?

$199 is the launch price while I build a case portfolio from the first reports. The standard price from 2026 is $449. Order now and $199 applies to your report regardless of later price changes.

Can you also fix the issues the report uncovers?

Yes. Many customers do not just want a report, they also want help executing the fixes. I take work by the hour for implementation: password rotation, security headers, email authentication (SPF/DKIM/DMARC), SSL configuration, removal of exposed files, updates of vulnerable components. You decide what gets done after reading the report, and it is never required to receive the report itself.

Can I get a refund?

If you change your mind before I have started on the report, yes, full refund. If work has begun, no. Email Christer@mustvedt.net and we will sort it out.

Three business days from order, you have the report.

No demo. No "book a call". No subscription.

Order now, $199 →