> loading…
> loading…
The quiet tool that does the work nobody sees.
Most tools make noise. We built one that doesn't. sub.md handles the groundwork - reconnaissance, enumeration, persistence - so when you execute, you're already inside.
$ target subdomain enumeration...
→ [+] 312 subdomains discovered
→ [+] 47 exposed services catalogued
0
detectable signatures
100%
stealth mode
47
integrated modules
∞
possibilities
“The best exploit is the one that never gets detected. The best penetration test is the one where the client asks 'did you even test anything?' - because we were in and out without a single log entry.”
— Founding principle, 2019
Not flashy. Just effective. Every module built for operators who value results over applause.
Passive enumeration that leaves no footprint. We see everything; they see nothing.
Find what's already exposed before you ever send a single packet.
Know every door before you knock. Map the entire perimeter silently.
They think they're hidden. We find everything in S3 buckets, storage accounts, and more.
Detect typosquatting, fake domains, and brand impersonation before they weaponize it.
Run entire recon workflows in minutes. Let the machine do the boring work.
Before we touch anything, we know everything. Subdomains, emails, tech stack, exposed services - all collected through passive channels that never trigger an alert.
A forgotten S3 bucket here. A GitHub token there. A misconfigured firewall rule there. Alone they're noise. Together they're attack paths.
Most tools drown you in findings. sub.md ranks by exploitability so you know exactly where to spend your time.
By the time they know you're there, you're already done. Clean exit. No logs. No evidence. No drama.
We don't believe in noisy scanners that trigger every alarm in the SOC. We believe in quiet, methodical preparation that pays off when it counts.
If you can get the intelligence without touching the target, why would you ever make noise?
Data is cheap. Intelligence is knowing what matters. We help you see the signal in the noise.
The landscape changes daily. What was safe yesterday is exposed today. We keep watch so you don't have to.
Pre-engagement reconnaissance for red team exercise
→ Entry points identified before day one. Faster access. More realistic attack paths.
Continuous attack surface monitoring for blue team
→ Know your exposure before they do. Close the gaps. Sleep better at night.
Supply chain risk assessment
→ Your vendors' exposed credentials are your problem. We find them before someone else does.
Incident response preparation
→ When the breach happens, you already have the context. Faster containment. smarter decisions.
We don't sell tools. We sell outcomes. sub.md comes with the same expertise that made Neo Security's red team operations legendary.
what sub.md represents
$ cat philosophy.txt
We've been on both sides of the keyboard. As operators who've breached Fortune 500s and government agencies, we know what information would have made our jobs harder. Now we build those tools. sub.md isn't about showing off cool animations. It's about giving defenders the same intelligence that attackers have - but faster. Because the best defense isn't a bigger firewall. It's knowing what they know before they strike. Stay quiet. Stay ahead. - Neo Security
Most organizations don't know their full exposure until it's too late. sub.md gives you the view from the outside - before someone uses it against you.
Phone
+31 20 716 5487