Skip to main content
Legba Adversary

See your external attack surfacebefore attackers do.

Adversary maps your external attack surface and validates real exposures. Exposed API keys, subdomain takeover, leaked secrets. You get a client-ready report in minutes, not weeks.

See sample report
  1. map
  2. validate
  3. evidence
  4. report
SPEED

Minutes

not weeks

First-pass attack surface scan delivered in minutes.

PROOF

Validated

not scanner noise

Every finding is probed and confirmed, not just enumerated.

SCALE

Portfolio

or one target

Run one attack surface scan or a hundred.

What goes in. What comes out.

Hand Adversary a target. It runs the first pass end to end: map, validate, capture evidence, prioritize. Built by people who broke detection vendors for a living.

Three-stage Adversary pipeline: external surface map at the top, a network of locked nodes traced by a red dashed validation route in the middle, and a structured report on a red-trimmed base at the bottom.
Adversary pipeline · 3 stages
INExternal surface
  • Root domain
  • Subdomains and exposed services
  • Login portals, admin consoles, APIs
  • Public cloud assets and storage
OUTValidated report
  • Attack paths across exposed assets
  • Validated findings with evidence and severity
  • Remediation guidance and an executive summary
Expert review handoff
Why teams run it

Built to clear the work, not replace the judgment.

01

Less manual recon

Automate the repetitive mapping, probing, and evidence-gathering work that slows down assessments.

02

Validated findings only

Ship confirmed exposures, not another noisy scanner report. Every finding is probed before it lands.

03

More assessment capacity

Run more targets, serve more clients, and scale external attack surface management without adding headcount linearly.

04

Cleaner client deliverables

Hand clients a structured, client-ready report your team edits and sends, instead of reformatting raw scanner output.

05

Human review stays intact

Experts still review, interpret, and sign off. Nothing reaches a client without a human in the loop.

06

Built for startups and MSSPs

Run an attack surface scan for startups, recurring portfolio reviews, or pre-engagement recon.

The report

What Legba returns.

Validated findings in a client-ready report your team can review, edit, and send.

adversary.run · scopedReady
  1. target loaded
  2. external surface mapped
  3. exposed services identified
  4. subdomain takeover validated
  5. exposed API key confirmed
  6. attack path assembled
  7. evidence captured
  8. severity assigned
  9. remediation drafted
  10. report ready for review

elapsed

08m 14s

findings

46

validated

11

[01]

Attack paths

How exposed assets and weaknesses connect into real risk.

[02]

Validated findings

Confirmed exposures with evidence: exposed API keys, subdomain takeover, leaked secrets. No scanner noise.

[03]

Evidence capture

Screenshots, request and response detail, affected assets, and reproduction notes where applicable.

[04]

Severity and priority

Clear ranking so teams know what to fix first.

[05]

Remediation guidance

Plain-English next steps for closing the exposure.

[06]

Executive summary

A readable overview for clients, operators, and non-technical stakeholders.

What Legba does
  • Automates first-pass external attack surface management.
  • Validates real exposures where scoped, instead of just listing them.
  • Maps attack paths across exposed assets.
  • Returns validated findings with evidence.
  • Lets teams move faster across many targets.
What Legba does not do
  • It does not replace senior security judgment.
  • It does not remove the need for authorization and scope.
  • It does not replace formal compliance sign-off by itself.
  • It does not fix issues without human remediation.
  • It does not turn scanner output into truth without review.

Legba does not replace the expert. It removes the repetitive work before the expert steps in.

Go deeper on what Adversary finds

Related surfaces

Adversary is one Legba surface, not the whole engine.

Adversary is the assessment-automation surface inside the broader Legba family. Use the related pages below to evaluate browser isolation, isolated agent execution, and the research that supports the engine.

Chrome plugin01

Browser isolation for everyday workflows

Same disposable browser engine, shipped as a Chrome extension for individual users and teams who want isolation without changing how they browse.

Explore
OpenClaw02

Run autonomous AI agents in an isolated sandbox

Evaluate coding agents in a one-click cloud environment that has zero access to your real machine and is destroyed on close.

Explore
Research03

Read the engine and isolation explainers

Browser isolation, AI security, and threat explainers that support the commercial product story with practical detail.

Explore

Access anything.
Expose nothing.

Legba is a disposable real browser: it spawns a clean session, does the work, and destroys itself on close.

Read the docs

chromium / real fingerprint · residential ip · burn on close

Real browser. Real IP. Real page. Spawn a session. Do the work. Destroy it. Off your device. Off your stack. Gone on close.