WYRMCYBER
Enterprise-grade cyber security for small and mid-sized businesses that can't justify a six-figure IT team. Sixteen tools plus always-on agentic monitoring that hunts for breaches, exposed assets and exploitable CVEs while you run the rest of the business.
What you can do
Sixteen tools, one console
Every tool below is included on Cyber Pro. No upsells, no add-ons. Pro is for solo operators and small teams; Enterprise adds seats, SSO, API and an SLA when you're ready.
Identity & OSINT
Find people, profiles, and the trail they leave
Username, phone, email, image — pivot from one fragment to the full picture.
Username Search
Map a handle to every social, forum, and dev account it lives on. 3,000+ sites in a single sweep.
Phone OSINT
Validate a number, identify carrier and region, and surface the public footprint tied to it.
Email Breach
Check an address against known breaches — passwords, sessions, PII exposure dates, breach source.
Image OSINT
Reverse-image search, EXIF metadata extraction, and provenance hints. See where a photo lived and when it was shot.
Threat Intelligence
Know what's targeting your sector before it lands
Curated IOC feeds, real-world CVE triage, and entity sanctions in one screen.
Threat Intel
Aggregated feeds from CISA KEV, abuse.ch, AlienVault and 20+ sources — scored, deduped, correlated.
CVE Monitor
Live NVD + EPSS exploit-probability + CISA KEV. Triage actual risk, not raw CVSS. Watchlists by vendor or CPE.
Threat Feeds
Curated IOC streams — malware hashes, C2 infrastructure, phishing kits, ransomware claims. Webhook-ready.
Sanctions
OFAC, UK HMT, EU consolidated, OpenSanctions. Screen entities against every major regime in one query.
Recon & Attack Surface
Map what's exposed before someone else does
Subdomain discovery, port scans, light stress probing, dorking, and historical snapshots.
Recon
Subdomain enumeration, certificate transparency, tech fingerprinting. Full external footprint in seconds.
Network Scanner
Port scans, service detection, banner grabs, and light stress probing. See what's open and how it holds up under load.
Attack Surface
Continuous monitoring of exposed assets, scored by criticality. Catches new shadow IT before attackers do.
Google Dorking
Pre-built advanced operators for finding exposed docs, configs, panels, and forgotten subdomains.
Wayback
Historical site snapshots. See what was live, when it changed, and what got quietly removed.
Dark Web & Forensics
Search the corners search engines won't reach
Onion crawlers, paste-site mentions, IP attribution, and a full data-transformation toolkit.
Dark Web
Onion sites, paste sites, ransomware leak forums. Search for your domain, staff, or clients in the underground.
IP Lookup
ASN, geolocation, hosting reputation, abuse history. Residential proxy? VPN exit? Datacenter? Known C2?
Data Toolkit
Decode, transform, extract, hash, encode, decrypt. The CyberChef-style swiss-army knife for evidence work.
See it in action
Two illustrative outputs from the toolkit
Username Search shows how identity OSINT consolidates 3,000+ sites into a single sweep. CVE Monitor shows the predictive layer — EPSS exploit probability and KEV status alongside CVSS, so you triage by what's actually being exploited.
Mapped one handle across 3,142 sites. 7 confirmed accounts, 2 inferred via metadata, 3,133 negative — typical signal density for an active dev / OSINT analyst.
Confirmed accounts (7)
Public profile · 412 posts · cyber-security focus
Public profile · 89 posts · DFIR / threat-hunting
Rate-limited (1)
Login wall — handle reserved but content not public.
Negative — top excerpts (2 shown)
- TikTok
- + 3,132 more sites returned no result
Premises Presence
See the room — without watching anyone in it
Camera-free, wearable-free occupancy intelligence. Your premises' Wi-Fi sensing mesh detects how people move through the building from the way bodies disturb radio signals; WYRM turns that stream into anonymous, alertable presence intelligence. Enterprise-tier.
Drag a figure to pick it up · hover a room for occupancy stats · toggle Health Watch to preview the Phase 3 medical-alert demo. Illustrative simulation — not a live feed. People settle at desks and pause to talk, but only anonymous skeletal pose (arm and hand kinematics, gait, gesture) is reconstructed from Wi-Fi signal disturbance — never camera images, never audio, and never identity. No cameras, no wearables. Health Watch is opt-in roadmap (Phase 3) with per-subject consent — it is not enabled today.
Why Wi-Fi sensing
Cameras vs Wi-Fi sensing
Two ways to know a room is occupied. Only one of them is private by default.
The old way
Cameras & Wearables
- Captures faces and identity — every frame is personal data
- GDPR / HIPAA exposure by default; DPIAs, retention and access controls on every feed
- Dead zones behind walls, partitions and furniture
- Fails in smoke, dust, glare and darkness
- Wearables assume willing, charged, correctly-worn users
The WYRM approach
Radio, not pixels
- Radio signals only — no images are ever captured
- Physics-based: reads Fresnel-zone and multipath disturbance, not pixels
- Works through walls, furniture, smoke and total darkness
- Zero user compliance — ambient by design, nothing to wear or charge
- Privacy-preserving and consent-gated from the first byte
The roadmap
Three phases, each separately consented
The capability ladder is additive — and that's the point. You enable each phase deliberately, with its own consent. Nothing escalates silently from a headcount to a heartbeat.
Phase 1
Presence & Occupancy
Anonymous headcount per zone with roster-baseline anomaly detection. Identify additional personnel in the building without identifying anyone in it.
- Anonymous headcount per zone
- Roster-baseline anomaly detection
- After-hours presence
- Unexpected occupancy
- Headcount-over-roster
- Restricted-zone access
- Sensor-offline detection
Phase 2
Activity
Movement and activity patterns — dwell time and flow between zones. No identity from the signal itself; behaviour in aggregate, never a named individual.
- Movement and activity patterns
- Dwell-time analysis per zone
- Flow between zones
- Optional employee identification via consented badge / access tags — never from the radio signal itself
Phase 3
Health module
A wellbeing feature, separately consented. Coarse vital signs from Wi-Fi CSI for lone-worker safety and fall / distress detection — opt-in by deployment, never on by default.
- Vital signs (heart rate, respiration) via Wi-Fi CSI
- Lone-worker safety monitoring
- Fall and distress detection
- Opt-in / separately consented — wellbeing, not surveillance
How it actually works
You own the sensing. We own the intelligence.
You own the mesh
The Wi-Fi sensing hardware (ESP32 / RuView-class nodes) lives on your premises and stays yours. WYRM never touches the radio layer.
We turn signal into intelligence
WYRM is cloud / analytics-only. We ingest your mesh's MQTT stream and turn raw disturbance into structured, alertable occupancy intelligence.
Ed25519-attested end-to-end
Every event is cryptographically signed from the sensor edge through to the dashboard, so the occupancy record is tamper-evident.
Enterprise-tier, consent-gated
Premises Presence is an Enterprise feature. Each phase above is additive and separately consented — you enable only what you've signed off.
Who it's for
Built for the people doing the work
If you've been paying for five overlapping tools and stitching results together by hand, this is for you.
SMEs without an in-house security team
Get the protection a CISO would specify, at a fraction of the cost of hiring one. Agentic monitoring runs the routine checks; you only get pinged when something needs a human.
Owner-operators and founders
Domain hygiene, leaked-credential alerts, exposed-service warnings — without learning what a CVE is. Plain-English findings, prioritised by what attackers actually exploit.
MSPs and outsourced IT
Drop client domains in, get monthly or weekly automated security sweeps, and ship a branded report. One subscription replaces five tools your clients can't afford.
In-house analysts, DFIR and bug-bounty
Username, image, dark-web, breach data, Wayback, EXIF, IP attribution and a CyberChef-style toolkit — evidence-grade pivots in one console.
Always-on agentic monitoring
Your security analyst, on a schedule
Every WYRM Cyber plan runs an autonomous security agent against your assets — domains, IPs, exposed services, employee emails, breach feeds — and only pings a human when something genuinely needs attention. Set it up once; the work happens while you run the business.
Pro · £19/mo
Monthly sweep
Full automated check of your monitored assets on the first of every month. Catches the slow-burn issues — expiring certs, new CVEs against your stack, leaked credentials, lapsed sanctions screening — before they become incidents.
Enterprise · £49/mo
Weekly sweep + priority alerts
Same agent, four times the frequency, plus same-day alerts on KEV-listed CVEs and active dark-web mentions of your domain or staff. For SMEs and MSPs that can't afford to miss a week.
Exposed asset sweep
Subdomain discovery, port scan, TLS and cert hygiene against every domain you monitor. New shadow IT flagged the moment it appears.
CVE × KEV × EPSS triage
Detected stack matched against live CVE feeds. Prioritised by KEV listing and EPSS exploit-probability, not raw CVSS.
Breach & dark-web watch
Monitored employee emails and domain checked against breach corpora and ransomware leak forums. Same-day alerts on Enterprise.
Plain-English report
Findings ranked by real-world risk, written so a non-security owner can action them. Optional PDF export for board or insurer.
Pricing
Two tiers. No surprises.
Same toolkit on both. Enterprise adds team seats, SSO, API access, custom feeds, and an SLA.
Cyber Pro
Full toolkit + monthly agentic sweep
Every WYRM cyber tool under one subscription, plus an autonomous security agent that sweeps your monitored assets once a month. For SMEs and solo operators who need the protection without the in-house team.
- All 16 cyber tools (threat intel, OSINT, CVE, recon…)
- Monthly agentic security sweep of your monitored assets
- Dark web monitoring + breach alerts
- Attack-surface snapshots
- Plain-English findings report
- Single-operator usage
- Standard rate limits
- Email support
Cyber Enterprise
Weekly sweeps · seats · SSO · API · SLA
Cyber Pro plus weekly agentic sweeps, same-day alerts on KEV-listed CVEs and dark-web mentions, team seats, SSO, REST API, custom threat feeds, Premises Presence (camera-free Wi-Fi-sensing occupancy intelligence) and an SLA. For growing SMEs, MSPs and CISO offices that can't afford to miss a week.
- Everything in Cyber Pro
- Weekly agentic security sweep (4× Pro cadence)
- Same-day alerts on KEV CVEs + dark-web mentions
- Premises Presence — camera-free Wi-Fi-sensing occupancy intelligence (requires your own sensing mesh)
- Team seats (5+) with role-based access
- SSO (Google / Microsoft / Okta)
- REST API + webhooks
- Custom threat-feed ingestion
- 99.9% SLA
- Priority support
WYRM Cyber is a separate product line from WYRM Procure. Existing Procure customers can add Cyber to their plan; Cyber-only customers don't pay for procurement features they won't use.