The next genera­tion
IT security tool

Cyber security is essential for companies to position themselves for the future and to benefit from global digitalization.
But where exactly are the vulnerabilities in IT infrastructures and software systems that serve as gateways for cyber criminals?

Our IT security tool® provides you with this information – up-to-date and based on a variety of renowned sources.
This allows you to continuously monitor your system landscape and quickly close security gaps.

Added value of® at a glance

current cyber risks

Use the more than 130® integrated sources from diverse security tools to identify your own cyber risks. Our self-learning database (Big Data Repository) already contains over seven million bulletins, which will be matched with your data at the push of a button.

Minimize the impact of IT vulnerabilities

Accelerate your responsiveness with automated scans of your internal and external IT infrastructure – and minimize the impact of vulnerabilities. Depending on the demands,® repeats the security tests daily, weekly or even monthly.

Constantly keep an eye on systems and vulnerabilities

Whether on local servers or in the cloud: Centralize your security data and infrastructure with the help of® to always be informed about the current system status and to be able to effectively protect your own IT landscape against hackers and other cyber criminals.

flexibly as a service

Relieve your IT team and use our powerful vulnerability and port scanner as a service. Without infrastructure costs and maintenance effort. We provide continuous updates so that your company is also protected against upcoming threats and you can focus on your core business.

How the IT Security Tool works® is a portal designed for security measures, combining functions of vulnerability scanner, penetration tool and open source intelligence tool. In just a few steps you get a comprehensive vulnerability view of your systems.

All IP addresses and sub-domains of a domain are identified and searched for vulnerabilities. After scanning your information, it is compared with a variety of reputable sources for threat analysis. The results, including risk classification, are clearly displayed in our dashboard and can be archived as a report for further processing.® is a business solution for the IT sector and was specially developed by our security experts in Germany. The IT security tool empowers professionals to efficiently perform key tasks such as alert management, vulnerability scanning, analysis and reporting.

Features at a glance

Incident Alert Engine

Automated notification of new vulnerabilities and security risks.

Management Portal

A clear all-in-one dashboard that allows to keep an eye on all your domains and IP addresses.

Automated Reporting

Automated and clear documentation of all key figures from®.

Data Leak Monitoring

More than 15 million data leaks/data breaches in an integrated database for checking your own company email accounts.

Real Time Internet Monitoring

Continuous scanning and consolidation of more than 130 internet sources (including Shodan).

Networks & Organizations

Overview of the number of vulnerabilities within the networks to which your server belongs.

Big Data Repository

More than 7 million bulletins in our self-learning database – including 160.000 vulnerabilities included in the Public Vulnerabilities and Exposures (CVE) list.

Artificial Intelligence

AI-based vulnerability analysis and mapping in our database.

The most important questions & answers

What does® do?

We are a company that pursues the goal of managing the risks of the digital transformation of companies. For this purpose, among other things, we regularly scan the domains of companies and government institutions for vulnerabilities in IT security with our self-developed external vulnerability scanner® and create a vulnerability overview. The outer areas of the systems are checked via “portscan”, i.e. by scanning these systems for open ports. These ports are analyzed and the results are documented – but not used to penetrate the systems. There is no outflow, access or even modification of data.

With the help of the vulnerability overview, companies, authorities and courts can react better to dangers that arise from incomplete cyber security and thus protect themselves, their secrets and their own company data as well as the (personal) data of their customers, employees, users, members, etc. from hacker attacks.

Why am I being scanned?

This could be due to a number of factors, as vulnerability scanning is becoming more common in organizations for a variety of reasons. We have compiled the most common reasons for you:

Self-interest – Often security-conscious companies, such as our customers, initiate the scans themselves and repeat them at regular intervals. Are you already a customer? Then you can check your contract to see at what intervals your domain will be scanned. It could also be, for example, that one of your employees has registered on® and activated the free trial package.

Shared servers – Often several domains are located on one and the same server. So it could well be that another customer of your hoster, whose domain is on the same server and thus has the same I.P. address, has initiated a scan.

Business partner monitoring – Due to the ever-increasing cyberattacks on supply chains, security-conscious companies not only monitor their own IT infrastructure, but also that of their business partners. So, as part of supply chain monitoring, one of your business partners may scan and check your domain for IT security.

Research – IT security companies and federal authorities (for example, the BSI) continuously investigate the IT security situation in Germany to produce studies and statistics. The DGC AG also uses spare capacity to generate valuable knowledge about the current threat situation.

How long does a scan take?

The duration of the scan of an IP depends on the services found, since each service found is scanned for vulnerabilities. As a consequence, many services lead to a longer scan duration. Another parameter is the number of IPs belonging to a domain. The interaction between the number of IPs and the number of services found can mean a scan duration of a few hours up to several days.

The actual scan time is influenced by the size of the system and the running services. First the port scan is performed and then the further queries for discovered open ports. This can take a few minutes, but also a few days.

Who can see the scan results?

Only a registered, authenticated and verified user can view detailed scan results. If a demo user requests scan results, only vulnerability totals are displayed. These vulnerability totals do not allow any conclusions to be drawn about the structure of the IT infrastructure or the cyber security status of a scanned domain owner. Only a user who has registered with DGC AG, whose identity has been confirmed and whose right of access has been proven beyond doubt, is given the opportunity to view detailed scan results. For this purpose, we maintain a complex process that establishes the identity of the person requesting access to the scan results.

What does DGC AG use this content for?

The scan results of an individual domain owner are not used by DGC AG outside of a customer relationship. Due to the large number of generated scan results, we are able to map the current state of cyber security within the address ranges scanned by DGC AG. With the help of the results generated by the DGC’s AG vulnerability scanner, DGC AG has succeeded in the past in uncovering widespread, critical vulnerabilities and saving the affected companies from significant damage free of charge by means of information campaigns in the media or social networks set up at their own expense. Vulnerabilities discovered in the past include, for example:

Data Leak – Huge Data Scandal discovered in Germany
Open Git Directories compromise over 40,000 Websites in Germany

Do institutions other than DGC AG have access to detailed scan results?

No, we do not grant other institutions access to detailed scan results.

Is it possible for scans to burden my IT infrastructure?

An infrastructure that is equipped with the latest updates and has been configured correctly from a technical point of view is not significantly burdened by the scans. Nevertheless, it may happen that the configuration of the monitoring solution on the web server triggers computationally intensive processes as soon as several requests are classified as failed. You can submit a request at the email address to have your IP ranges excluded from our scans in the future.

What can I do myself if vulnerability scans cause problems for my infrastructure?

Use the configuration options provided by the web server, firewall or other devices you use. Depending on the manufacturer and provider, it can be configured to block or ignore requests that meet certain parameters. Limit incorrect login attempts. These configurations also contribute to the increased security of your business. For in-depth advice, feel free to contact us via email.

How can I access the results of my scan?

The scan results are only viewable by DGC AG or the user account registered with DGC AG. First register on® and go through the verification and authentication process to view your detailed scan results. The results will remain visible for 14 days in the trial version. You have the option to purchase an account for 12 months with a Partnership Light, in which you can view the results for your domain with monthly, weekly or daily updates.

Do the scan results remain in Germany?

Yes, we keep the data in Germany. The servers hosting® are located in a data center in Frankfurt am Main, Germany. The data center has obtained the following certifications and compliance standards and has them independently audited on a regular basis.

Certifications: BSI C5, ISO 27001 family, SOC, PCI DSS, FedRAMP.
Compliance standards: HIPAA, DSGVO, CCPA

How can I prevent being scanned again?

By sending a support request to, domains and IP addresses that have already been scanned can be excluded from being rescanned. Blocking a domain also includes blocking the display of that domain.

Where can I get advice on my security risks and vulnerabilities?

We offer prospects and customers to guide them through the vulnerabilities found and explain them in an understandable way. In addition, you will also receive suggestions for prioritization in the elimination of the vulnerabilities. Contact us now.

Am I being hacked right now? Is malicious code being transmitted/infiltrated?

No, you will not be hacked or attacked. We do not run malicious code or download data from you at any time.

Is scanning legal?

Our software meets all compliance requirements.® was developed in Germany and is also managed from there. The functionality of our software has been legally reviewed and confirmed by the law firm Heuking Kühn Lüer Wojtek. The result is as follows:

  • According to our findings, the® software does not penetrate third-party IT systems, but determines the necessary findings by scanning open ports and running applications from the outside (portscan), analyzing the response behavior and comparing it with freely available and internal databases.
  • In our view, there is therefore no violation of criminal law. The data obtained is not “specially protected against unauthorized access”, nor is any “unauthorized access protection overcome” (§ 202a StGB). Nor does the software “intercept data” (§ 202b StGB) or “alter data” (§ 303a StGB).
  • We cannot identify any violation of competition law. The data that the® software determines through port scans are, in our view, not business and trade secrets within the meaning of Section 17 UWG. They only contain general system information and are provided quasi “voluntarily” by the server in question.
  • As a result, the® software we viewed can be used in compliance with the law in the area of the Federal Republic of Germany.
  •® thus meets all compliance requirements in Germany and the EU – in contrast to many international competitors.®:
The backbone of holistic Cyber Security® constitutes the technical backbone of our holistic cyber security approach and is therefore included in every version of our Cyber Security Partnerships. Our services are cloud-based and do not require any special system requirements.

Regardless of the type of use, the security tool offers maximum flexibility: If your organization grows or changes in the course of digital transformation, – like other DGC AG solutions – can be easily expanded. Without disturbing the ongoing operation.

Would you like to learn more about the benefits of® for your vulnerability analysis?

We look forward to hearing from you and will be happy to advise you.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.