StratQuad External Attack Surface Platform

Assess your external security posture. OSINT analysis, active scanning, and framework alignment in one platform. Without the fuss.

Start a scan

Built by operators. Supported by AI.

ReconAnalyseReport
Scan

Map your external perimeter the way an attacker would. Passive intelligence, DNS enumeration, subdomain discovery, and vulnerability scanning.

Identify

Turn recon data into something you can act on. Posture scores, severity grading, and remediation in plain English.

Report

Findings mapped to CAF 4.0, ISO 27001, and Cyber Essentials. Export what you need, how you need it.

Powered by intelligence

Open source intelligence, active scanning, and breach monitoring. Every source runs on every scan, all results feed one posture score.

Active Scanning

Vulnerability detectionTemplate based scanning across web, network, and cloud surfaces.
Web server analysisConfiguration scanning for known misconfigurations and exposures.
TLS and cipher analysisCertificate chain validation and protocol downgrade checks.
Content discoveryURL fuzzing with response baseline fingerprinting.
Port scanningFast port scanning for exposed services on discovered hosts.

Passive Intelligence

Internet wide scanningHost and certificate data for passive port and service discovery.
Asset searchNetwork asset search across global infrastructure for passive fingerprinting.
Service enumerationIP and domain intelligence with banner data.
Certificate transparencyCT log queries for subdomain enumeration.
Subdomain discoveryPassive subdomain discovery across public DNS and archive sources.
OSINT correlationCross referencing across 200+ public data sources in a sandboxed environment.
Credential exposureInfostealer credential checks without requiring domain ownership.
URL reputationDomain reputation checks against recent scan history.

All tools run server side. No agent, no install, nothing to deploy on your infrastructure.

Governance, Risk and Compliance

One assessment.
Ten frameworks.

StratQuad helps you assess your security posture and strengthen your control set to manage risk. Every control maps once against the Secure Controls Framework, then surfaces coverage across supported frameworks and regulations.

Tailor your assessment against the NCSC Cyber Assessment Framework or any of the other assessable frameworks. Scope in or out by control, assign evidence, and export for audits.

Rapid posture assessment:

46

Assessment questions across four CAF objectives A, B, C and D.

Assessable

NCSC Cyber Assessment Framework
v4.0
ASSESSABLE
ISO/IEC 27001
2022
ASSESSABLE
Cyber Essentials
 
ASSESSABLE
NIST SP 800-53
Rev 5
ASSESSABLE
PCI DSS
v4.0
ASSESSABLE

Controls Mapped

NIST Cybersecurity Framework
2.0
MAPPED
NIS2 Directive
EU 2022/2555
MAPPED
UK Cyber Governance Code
2024
MAPPED
DSPT
NHS/DHSC toolkit
MAPPED
Defence Cyber Certification
DefStan 05-138
MAPPED

Daily intelligence briefings

A curated cyber threat intelligence digest, sent to every StratQuad account.

Every weekday StratQuad reviews sources across government advisories, media, vendor threat intelligence, and regulatory announcements, then publishes a curated brief to your inbox. Giving security professionals what they need to know to stay in the loop and get ahead of the adversary.

Over 50 sourcesIncluding NCSC, CISA, NIST, NCA, vendor threat intelligence, regulatory bodies.
Daily cadencePublished at 07:00 UTC on a 24 hour rolling window.
Signal over noiseConsolidated news, no fluff, just what you need to know.