runZero
By runZero
An asset discovery and exposure management platform co-created by Metasploit author HD Moore, using unusually careful unauthenticated scanning plus passive discovery to find the unmanaged, OT, and IoT devices agent-based tools can't see — inside the network as well as on its internet edge. Accenture announced an agreement to acquire the company in 2026.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaSAgent
- Organization size
- SMBMid-marketEnterprise
- Pricing tier
- Freemium
Capability checklist
ASM/BASHow runZero measures up against the full Attack Surface Management & Breach/Attack Simulation taxonomy.
- External attack surface discovery — supported
- Continuously finds internet-facing assets, domains, and shadow IT before attackers do.
- Exposure prioritization — supported
- Ranks discovered exposures using adversary and exploitability context.
- Breach and attack simulation — not supported
- Safely simulates real attack techniques against live defenses to test control effectiveness.
- Security control validation — not supported
- Measures whether existing tools actually detect or block the simulated attacks.
- Attack path mapping — not supported
- Shows the chained steps an attacker could take from an exposure to real impact.
- Continuous testing — not supported
- Re-runs simulations on a schedule to catch drift and regressions over time.
Alternatives
Other Attack Surface Management & Breach/Attack Simulation tools with overlapping capabilities, sized for similar teams.