Evidence-first vulnerability monitoring powered by OpenKAT

Forensically grounded security monitoring
for your domains and supply chain

Exposentry helps Dutch and European organizations continuously demonstrate what their digital attack surface is, which vulnerabilities are visible, and how suppliers substantiate their baseline security. Transparent pricing from €249/month.

View packages

The NIS2 supply chain obligation affects your organization

Tens of thousands of organizations are affected directly and indirectly by the NIS2 supply chain obligation. Exposentry provides defensible evidence that you continuously monitor your vulnerabilities: a necessary building block for vulnerability management and supply chain duty of care, not a full compliance guarantee.

More on the NIS2 supply chain duty →

Why Exposentry

🛡️

Evidence-first, forensically grounded

OpenKAT records not only vulnerabilities, but also how and when they were found. This gives you demonstrable evidence for clients, auditors and insurers.

🇳🇱

Dutch and sovereign

A Dutch product, built on OpenKAT (LibreKAT Foundation) and hosted in European datacenters. Your data stays in the EU, beyond the reach of the US CLOUD Act.

📊

NIS2 supply chain support

Demonstrably support your vulnerability management and supply chain duty of care. A necessary building block for your obligations: not a full compliance guarantee, but defensible evidence.

From freelancer to enterprise chain

Transparent packages from €249/month for your own domains, plus supplier monitoring for organizations responsible for their chain.

Ready to demonstrably manage your attack surface?

Start today with a one-time €495 baseline scan (fully credited against a yearly subscription), or choose continuous monitoring from €249/month.

Start now

Prefer to run OpenKAT yourself or need custom work? Hasecon provides implementation, management and custom development →

Frequently asked questions

What exactly is Exposentry?

Exposentry is continuous vulnerability monitoring of your external attack surface: every domain, system and service your organisation exposes to the internet. Built on OpenKAT, the open-source scanner that originated in the Dutch government. You receive a periodic, forensically substantiated report in plain language, without installing any hardware or software.

Is a tool like Exposentry or OpenKAT mandatory under NIS2?

No. NIS2 and the Dutch Cybersecurity Act do not mandate any tool by name, including OpenKAT. Anyone telling you otherwise is selling urgency instead of facts. The law requires appropriate measures you can demonstrate; continuous monitoring is a demonstrable building block for that, not a compliance guarantee.

How is this different from a penetration test?

A penetration test is deep manual research at a single point in time, within an agreed scope. Exposentry continuously monitors your entire external attack surface, for the price of one pentest per year. The two complement each other: monitoring keeps the basics demonstrably in order and shows where deep testing is worthwhile.

Why pay when free scans exist?

Free checks such as internet.nl are valuable, but they test standards on the one address you enter yourself. Exposentry first maps your entire attack surface, including forgotten subdomains and shadow IT, scans for actual vulnerabilities and delivers dated, verifiable evidence you can use towards customers and auditors.

How quickly am I up and running?

The same day. You sign up online, verify your domain via a DNS record and the first scan starts automatically. No installation, hardware or software agent is needed; the report arrives by email.

What does Exposentry cost?

Transparent and available online, with no mandatory sales call: a one-time baseline scan for €495 or continuous monitoring from €249 per month. If you upgrade to a yearly subscription within 60 days of the baseline scan, the full amount is credited.

Does this help with my large customer's supplier questionnaire?

Yes, that is exactly what the Ketenpartner plan exists for. Instead of vague answers, you attach a dated, independent report of your external attack surface as evidence. If you are covered by NIS2 yourself, you can also have your own suppliers monitored the other way round.

Where is my data stored and who sees my reports?

Everything runs on European infrastructure, under the GDPR and beyond the reach of the US CLOUD Act. Reports go directly to you and are not shared with third parties; Exposentry does not do remediation itself and therefore has no commercial stake in the outcome. Every report is digitally sealed, so you can always prove its authenticity.

Built on OpenKAT (LibreKAT Foundation)EU-sovereign hostedIndependent reporting, straight to youNIS2-defensible evidenceGDPR-compliant