Getting Started

What is Discovery?

Nimbusec Discovery's Mission

Nimbusec Discovery aims to identify all websites related to your organization and perform a passive security analysis by simulating one single website visitor per domain.

A Nimbusec Discovery report is an objective, external overview of your organization's global web presences with an IT-security focus. Such a report can be used for:

Contrary to penetration testing tools, Nimbusec Discovery does not simulate attacks or any kind of brute force scans and does not represent a risk to live web-applications.

How is it done?

Nimbusec Discovery finds domains based on public WHOIS information and public search engine results. After Discovery discovered all domains, a passive security analysis is performed. This analysis includes actual security incidents like malware distribution, defacements and reputation issues. However, Nimbusec Discovery also detects preventive risk factors like outdated and vulnerable applications and problems with your website encryption.

Nimbusec Discovery only focuses on the initial landing page and does not analyze the entire website.

Tech talk.

Technical speaking, Nimbusec Discovery transmits 3 HTTP requests per FQDN (fully qualified domain name) to the webserver.


Very often an identified domain redirects to another (sub)domain. Nimbusec Discovery follows such redirects and eventually only scans the final redirect-chain target.


Example redirects to

input is

  1. 1st req. --> try (connection fail)
  2. 2nd req. --> try (connection success, status 301 redirect
  3. 3rd req. --> try (connection success, status 200)
  4. 4th req. --> scan (connection success, status 200).

The first 3 requests are comparable to a ping and do not download any additional resources or scripts. They only check whether the request is successful or not.

The 4th request then simulates one real website visitor and performs the analysis.


What is Nimbusec?

Nimbusec is a website security monitoring tool that notifies you, when your website was hacked or is in danger.

It allows you to react before your customers or your reputation are harmed.

Nimbusec also features: