Every finding ships with a decision: act today, wait a week, or call a specialist. No CVEs, no jargon, no "contact sales".
Пассивный анализ · Без установки · Без доступа к серверу
You pay for monitoring. A specialist is called only when we find a real risk.
A security specialist isn't needed every month.
What we typically find online.
Accidentally uploaded .env files with passwords.
AWS, Google, Azure — sitting in a public repo.
An old database copy still reachable by direct link.
Secrets that let anyone sign in as your company.
Drive files with "anyone with link" turning up in search.
Your company posted on a ransomware group's page.
All five every day. In parallel.
When passwords end up in public code by accident.
When forgotten files stay in the internet archive.
When attackers see all your hidden subdomains.
When people talk about your company on hacker forums.
When your name shows up on a breach list.
You give us your company domain. No agent install, no system access, no credentials. We only inspect what is already public.
We scan GitHub, paste sites, the Wayback archive, public forums and ransomware leak sites. Every finding carries a hash, timestamp and source link.
A PDF with findings ranked by risk. The decision on what to do is yours — we provide evidence, we do not act on your behalf.
We do not invent figures — every amount references a law article and publication date.
The boundary is explicit. For what is outside it, we will point you to a licensed contractor.
Start with a free scan. Decide on monitoring once you see what we find.
Deep scan plus a specialist walkthrough.
1 domain. 24/7.
5 domains. Priority.
No. GitHub is one of five sources. We also monitor the Wayback Machine archive, Certificate Transparency logs (crt.sh), public paste sites and ransomware leak sites — every source runs on every scan and on every Watch/Pro monitoring cycle. GitHub is the most famous source; it is not the most common one for finding leaks.
No. Sycrion Reveal monitors public sources and delivers evidence. Strategy, security policies, incident response — those stay with a human. We take the routine "who watches five sources every day" off your desk.
No. We only inspect public sources: GitHub, paste sites, Wayback Machine, certificate transparency, ransomware leak sites. No agent installed, no credentials taken, no entry into your infrastructure. By design — it shrinks the trust surface.
A standard Data Processing Agreement is available on request. Scan data is retained per the policy described in the Terms of Service. Specific hosting region and applicable data-protection regime are disclosed in the DPA on a per-engagement basis.
Every 24 hours we run an automated sweep across all five sources, indexed against your company keywords (domain, email patterns, project names). Email alert fires within 1 hour (Watch) or 15 minutes (Pro) of detection.
Good. But it is important to keep checking — leaks are published every week. Watch subscription pays for itself the first month something appears. Annual contract: –20%.
Yes. Monthly subscription — cancel before the end of the billing period. Annual — 30-day notice before renewal. No penalties, no hidden terms.
No. Sycrion Reveal is an information service — it does not replace an audit, legal opinion or the decision of a qualified specialist. We provide evidence and context; final judgement stays with the recipient.