Nairobi · Offensive Security & Education

We Find The Cracks Before They Do

VUNVAULT runs penetration tests and vulnerability assessments for SMEs, SACCOs and fintechs across Kenya — then teaches your team how to close the gaps for good.

Try the Scanner Demo Explore the Academy
OWASPTop 10 aligned testing
NDAConfidential by default
KESLocal, transparent pricing
Attack Surface Mapping

Every login page, API and subdomain is a door. We map them all.

Before a single test runs, we build a live picture of your exposed assets — the same view an attacker builds during reconnaissance.

  • 01 Domains, subdomains and exposed services are enumerated and scored by exposure.
  • 02 Each node is cross-referenced against known CVEs and misconfiguration patterns.
  • 03 You receive a prioritized map — not a 40-page PDF nobody reads.
Services & Pricing

Built for Nairobi's SMEs, SACCOs & fintechs

Four tiers, transparent KES pricing, no hidden scoping calls. Every engagement ends with a retest.

Starter Scan

Automated vulnerability scan for a single website or landing page.
From KES 15,000
One-time
  • Automated OWASP Top 10 scan
  • SSL/TLS & header review
  • Plain-English summary report
  • 48-hour turnaround
Get Started

SME Shield

Manual + automated testing for a live business web app.
From KES 60,000
Per engagement
  • Manual web app penetration test
  • Authentication & access-control review
  • Technical + executive report
  • One free retest included
Get Started

SACCO & Fintech Pro

Full-scope pentest with compliance mapping for regulated platforms.
From KES 220,000
Per engagement
  • Web, API & infrastructure testing
  • Kenya Data Protection Act mapping
  • Board-ready compliance report
  • Two free retests included
Get Started

Enterprise Retainer

Continuous testing and monitoring for growing platforms.
Custom Quote
Quarterly
  • Quarterly penetration tests
  • Dedicated security analyst
  • Priority response SLA
  • Staff security training included
Talk to Us

Prices shown are starting estimates. Final scope and quote are confirmed after a short discovery call.

See It In Action

What a VUNVAULT report looks like

This is an illustrative demo — enter any domain to watch a sample scan sequence and a mock finding set, so you know exactly what a real engagement delivers.

Demo Scanner

Run a sample scan

This demo does not test real infrastructure. To scan an actual website or account, book a real engagement below.

Illustrative simulation only. Real assessments involve manual testing performed only on assets you own or are authorized to test, under signed engagement terms.

Book a Real Scan
// Waiting for target — enter a domain and press Run Demo

Sample Findings — Illustrative

Outdated TLS configuration (TLS 1.0 enabled)Critical
Missing Content-Security-Policy headerHigh
Verbose server error messagesMedium
Missing SPF / DMARC email recordsLow
Blog & Academy

Learn cybersecurity in plain English

Practical writing and short courses for founders, IT teams and beginners who want to actually understand their risk — not just read jargon.

Mobile Money

Phishing and M-Pesa: how attackers target Kenyan mobile money users

The social-engineering scripts behind SIM-swap and fake agent scams — and how to train staff to spot them.

Compliance

OWASP Top 10 for SACCOs: a practical checklist

A walkthrough of the most common web risks mapped to what regulators actually expect to see.

Fundamentals

Password hygiene for teams that hate changing passwords

How to roll out a password manager and MFA without an IT department revolt.

Beginner

Cybersecurity Foundations

Core concepts, threats and safe habits for anyone starting out — no coding required.

Founders & Managers

Security for Founders

What to ask your developer, what to budget for, and how to read a pentest report.

Intermediate

Practical Penetration Testing

Hands-on web app testing methodology, aligned to OWASP, for aspiring analysts.

Why VUNVAULT

"We'd rather hand you an uncomfortable report than let someone else hand you a breach notice."

VUNVAULT was founded in Nairobi by a security practitioner who combines offensive testing, software engineering and plain-spoken communication — because a report no one understands doesn't make anyone safer.

We work with small businesses, SACCOs and fintechs who are too often told that security is either irrelevant to them or impossibly expensive. We built VUNVAULT to prove both of those wrong: real testing, real findings, explained in language your whole team can act on.

Get in touch
Start an Engagement

Tell us what you need tested

Based In

Nairobi, Kenya — working with clients across East Africa.

Engagements

All testing is performed only on assets you own or are authorized to assess, under a signed agreement.

Follow VUNVAULT