All features Deep Scan

See what's exploitable, not just what's exposed

Deep Scan takes every live host your external scan discovered and fires ~4,178 CVE and template checks at it — agentless, credential-less, entirely from the outside — then ranks each hit by how likely it is to actually be attacked.

Get started View pricing
4,178CVE & template checks
0agents · credentials
A–Fown exposure grade
deep-scan C
CVESKnown CVEs · KEV-taggedFAIL
PANLExposed admin panelsFAIL
MCFGMisconfigurationsCHECK
CREDDefault credentialsPASS
EOLSEnd-of-life softwareCHECK
What Deep Scan checks

~4,178 checks, matched to what each host is actually running

The surface scan tells you a host exists and what technology sits behind it. Deep Scan takes that fingerprint and fires the exact CVE and misconfiguration templates that apply — the same probes an attacker would try, run safely and entirely from the public internet.

Known CVEs

~4,178 templates covering published CVEs across web servers, frameworks, CMS platforms, VPNs and appliances — each one matched to the exact software version a host is running, so you get real hits, not a generic checklist.

Exposed panels & services

Admin consoles, login portals, dashboards and management interfaces that were never meant to be reachable from the internet — the front doors attackers check first.

Misconfigurations

Server, application and cloud misconfigurations — verbose error pages, open directory listings, exposed config files and debug endpoints that quietly leak how a system is built.

Default & weak credentials

Devices and services still answering to factory-default or well-known logins — the kind an attacker can look up in seconds and walk straight in with.

Known-exploited & end-of-life software

Components listed in CISA's Known Exploited Vulnerabilities catalog and software running past its support date — the exposures already being used in the wild, flagged and pushed to the top.

Information exposure & leaks

Exposed .git directories, backup archives, API keys and other sensitive artifacts inadvertently published to the web where anyone can pull them down.

Ranked, then routed

Every hit is prioritized by real-world risk — and lands in one queue

Thousands of raw CVE matches are useless without an order to work them in. Deep Scan ranks each finding by how likely it is to be exploited, then drops it into the same workflow you already use for every other source.

Ranked by real exploitability

Each CVE is enriched with KEV (CISA's Known Exploited Vulnerabilities) and EPSS (the Exploit Prediction Scoring System), so the finding most likely to be attacked rises to the top — not just the one with the highest CVSS on paper.

One queue, not a second tool

Deep Scan findings flow into the same findings workflow as your external, cloud and agent results — same status, owner assignment, escalation and SLA. A CVE keeps its status across re-scans, so triage work is never lost or duplicated.

Its own A–F exposure grade

Deep Scan produces a standalone score and a letter grade — A through F — for external exploitability, so you can show a client exactly where they stand today and track the number moving as you close findings.

Run it, then keep watching

A deep sweep on demand — and an optional watch for what appears next

Attack surfaces don't hold still. A host that scanned clean last month can pick up a critical CVE the day a new one is published. Deep Scan runs the moment you need it, and can keep an eye on the domains that matter most.

Run it on demand

One click fires the full ~4,178-check sweep against every live host. It's deliberately paced and time-bounded so it probes thoroughly without disrupting the target — and a blocked or unreachable host is reported as exactly that, never as a false "all clear".

Opt-in weekly re-scan

Once a domain has been deep-scanned, an optional weekly sweep can re-run it for you. It stays off until an operator turns it on — the scheduled sweep spends real compute, so there's never a surprise. Only domains already scanned by a person are eligible.

New-exposure diff

Each re-scan is compared against the one before it. Brand-new critical and high exposures are surfaced in your morning alert digest — so a CVE that surfaces weeks later doesn't sit unnoticed until someone remembers to scan again.

Part of one platform

Deep Scan findings don't stop at a list

An external CVE isn't a standalone ticket. SBCMSP folds every Deep Scan result into the same posture picture as your endpoint, cloud and identity data — so the exploit you just found shows up where the rest of your work already lives.

  • Rolls into the security score and A–F grade
  • Feeds compliance and AI vCISO reports
  • Correlated into named attack paths
  • AI remediation guidance on every finding
See the full platform
72
+18 pts
projected after top fixes
How it's different

The free scan finds what's exposed. Deep Scan finds what's exploitable.

They're two stages of the same job. The surface scan maps the footprint and runs free; Deep Scan takes the live hosts it found and actively tests each one for real vulnerabilities.

Free external scan

Maps the footprint every attacker can already see: email authentication, DNS, security headers, TLS, subdomains, open ports and the technology behind each site. Passive, safe, and always available — the free 8-point scan needs no card and no login.

Answers: what's out there, and what's exposed.

Deep Scan

Takes those live hosts and actively probes each against ~4,178 CVE and template checks — the exploit an attacker would actually attempt — then ranks every hit by real-world exploitability. Agentless and from the outside, available on Pro and above.

Answers: what can actually be broken into.

Run a Deep Scan on your riskiest client

See a client's real external exposure in minutes — then fire ~4,178 CVE checks at every live host.