External Pentest
Firewall, WAF, VPN, Cloud – everything configured properly? Maybe. But what happens when someone actually attacks from the outside? That’s exactly what we test with an external penetration test. Hackeroo thinks like real attackers. No checkbox audits. No “run a scan and ship a PDF”. We test manually, realistically, and with a clear focus on impact.
An external penetration test simulates an attacker without internal knowledge and without privileged access. We start where real attackers start: on the internet. We assess your publicly reachable:
- Domains and subdomains
- IP addresses
- Web applications
- APIs
- VPN gateways
- Mail servers
- Cloud services
- Remote access endpoints
How do we approach it?
Our external penetration test follows a clearly structured, offensively oriented methodology. Each phase builds on the previous one – with the goal of exposing real-world risks.
Reconnaissance & OSINT: We identify your attack surface and systematically evaluate publicly accessible data.
- Collection of publicly available information (domains, subdomains, IP ranges)
- Analysis of DNS records and certificates
- Identification of exposed systems and cloud resources
- Assessment of potentially leaked data
- Mapping of the externally visible infrastructure
Scanning & Enumeration: We identify reachable services and analyze their technical details.
- Port scanning over TCP and UDP
- Identification of running services and version information
- Detection of exposed endpoints
- Analysis of web paths and API endpoints
Vulnerability Assessment: Identified services and applications are manually reviewed. Not only for known CVEs – but also for misconfigurations and insecure default settings.
- Analysis for known vulnerabilities
- Review of misconfigurations
- Assessment of insecure default settings
- Validation of authentication and access controls
Exploitation & Proof of Concept: If permitted within the agreed scope, we attempt to exploit identified vulnerabilities in a controlled manner.
Post-Exploitation / Privilege Escalation (optional)
- Assessment of whether initial access can lead to further compromise
- Evaluation of possible lateral movement
- Analysis of privilege escalation and potential data exfiltration
- Only within the agreed scope
Qualifications
The testers at Hackeroo know what they are doing and they can prove it. Our team consists of experienced ethical hackers with hands-on certifications such as the OSCP (Offensive Security Certified Professional) or the BACPP (Binsec Academy Certified Pentest Professional). Both stand for real attacks against real systems under realistic conditions and not for theory or multiple choice exams.
For our customers this means manual security testing on eye level with real attackers. No pure tool scans and no checklist audits but in depth analysis with technical depth experience and clear results. We think like attackers and that is exactly how we test.
Your provider for external pentest
Hackeroo is a young, dynamic team of ethical hackers with a clear focus on professional pentest. Our approach: technically in-depth, manual testing – without unnecessary overhead, without buzzword bingo, and without inflated daily rates. Hackeroo is the specialized provider in Germany for professional yet competitively priced external penetration test. Through lean processes and an efficient project structure, we are able to offer external pentests with an outstanding price-performance ratio. Ideal for startups, SaaS providers, and companies preparing for a product release, audit, or investor round. We are happy to provide you with a tailored offer for a professional external penetration test.
Our daily rate starts at €1,200 per day. The total cost of a project depends on the actual time required as well as the scope and complexity of the systems to be tested. Hackeroo deliberately positions itself as a competitively priced provider of professional penetration testing in Germany. Despite the attractive daily rate, we exclusively conduct manual and technically in-depth tests and deliver clearly prioritized and easy-to-understand results. At Hackeroo, lower pricing does not mean lower quality, but more efficient processes and a strong focus on what truly matters: real security.
Typical Questions
The Hackeroo team consists of young, highly motivated ethical hackers with a strong technical background and high personal standards. We are driven by the ambition to uncover vulnerabilities that others overlook and to clearly demonstrate real attack paths.
The Hackeroo team is part of the Pentest Collective and operates within this network according to shared quality standards and proven methodologies. At the same time, we act as an independent, focused team with short decision paths and direct execution.
We work hands on, with deep technical focus and a strong emphasis on manual analysis. Rather than relying solely on tool output, we analyze applications, infrastructures, and processes in detail and challenge assumptions like a real attacker would.
Through clear structures, an efficient way of working, and the targeted use of PTDoc, we are able to test in a focused manner while offering an attractive daily rate.
The Pentest Collective is an alliance of experienced ethical hackers and penetration testers who work according to shared quality standards and openly share their know how. Instead of relying on rigid teams or traditional consulting structures, the Pentest Collective brings together specialized expertise exactly where it is needed.
Hackeroo is the young team within the Pentest Collective. Driven by ambition and strong technical standards, we aim to identify vulnerabilities that often remain undiscovered in conventional tests. Our motivation is to make real attack paths visible and deliver measurable security improvements.
Hackeroo specifically works with price sensitive customers such as startups and public sector organizations. Through a lean structure, focused testing approaches, and the use of structured processes and tools such as PTDoc from binsec systems GmbH, the German pentesting system provider, we are able to offer an attractive daily rate while maintaining a high level of technical depth.
The results are comparable to those of significantly more expensive providers because methodology, testing depth, and reporting standards are identical. The difference lies not in the quality of the tests, but in the avoidance of unnecessary overhead. Our time is invested in analysis, manual testing, and high quality documentation rather than internal coordination or sales processes.
Our daily rate is 1.160€ net.
Based on that, we agree on a fixed package price upfront, derived from the scope we define together. No surprise invoices, no last-minute renegotiation.
Then the total cost depends on what we’re testing and how deep we go. A lean web app is very different from a complex platform with APIs, authentication flows, role models, and a cloud setup. Black box vs. grey box, one target vs. ten, a few days vs. multiple weeks — that’s what drives the effort.
We price by time, not by findings. Automated tools are the starting point, not the deliverable. The meaningful findings come from manual analysis, experience, and thinking like a real attacker.
Bottom line: A clear scope, transparent effort, a fixed price and results that are more than a compliance checkbox.
Yes. Hackeroo uses selected tools and platforms from binsec systems GmbH as a technical service provider. This includes structured processes and systems such as PTDoc, which enable efficient, consistent, and traceable penetration testing.
The operational execution of penetration tests is carried out entirely by the Hackeroo team. Planning, test execution, analysis, and evaluation of the results are fully handled by Hackeroo. The collaboration with binsec systems GmbH is limited to technical support and the use of proven systems and tools.
This clear division of responsibilities and the use of efficient, proven platforms allow Hackeroo to operate with lean processes and offer an attractive daily rate. Customers benefit from the fact that the majority of the effort is invested directly in analysis, manual testing, and meaningful results.
PTDoc is a structured platform for penetration testing documentation and reporting. It was developed from real world practice to make the entire pentest process efficient, transparent, and consistent.
PTDoc supports methodical test planning, clean result capture, and standardized risk rating. This ensures clear structures, reproducible quality, and reports that are understandable for technical teams as well as management and decision makers.
For customers, using PTDoc means less overhead and a stronger focus on what matters most. Instead of spending time on manual documentation or post processing, the effort goes directly into analysis, manual testing, and identifying real attack paths. This results in high quality outcomes that are comparable to those of significantly more expensive providers while maintaining attractive pricing.
PenPI stands for Pentesting Physical Interface. It is a dedicated pentesting system that is deployed directly within the customer’s internal network for internal penetration tests. It serves as a controlled attack point and enables realistic testing from the perspective of an internal attacker. Using PenPI allows Hackeroo to conduct internal tests remotely, eliminating on site visits and travel costs without compromising test depth or realism.
With PenPI, internal networks, Active Directory environments, and connected systems can be tested efficiently and transparently. Unlike traditional VPN access, PenPI is located directly inside the internal network. VPN based testing is technically limited, as it does not allow certain attack techniques such as man in the middle attacks.
