Sysadmins frequently inherit messy networks with unknown configurations, expired licenses, legacy OS (Windows 7, Server 2003), and no documentation — they spend significant time manually auditing and hardening these environments.
An agent-based scanner that maps the inherited network, catalogs all devices/OS versions/firewall states/subscription statuses, flags risks (weak VPN protocols, open ports, EOL software), and generates a prioritized remediation playbook with cost estimates for budget-constrained orgs.
Freemium — free single-network scan, $49/mo for ongoing monitoring and re-scanning across multiple client environments
This is a hair-on-fire problem. Sysadmins inheriting unknown networks face immediate security liability, compliance risk, and pressure to produce results fast. The Reddit pain signals are visceral — Windows Server 2003 still running, no documentation, unknown firewall rules. Every MSP and IT consultant experiences this repeatedly. The pain is acute (day one of a new client) and recurring (every new client engagement). People are currently spending days or weeks doing this manually with Nmap, spreadsheets, and prayer.
The total MSP/IT consultant market is massive, but the addressable slice — freelance sysadmins and small MSPs doing network takeovers — is a niche within a niche. Estimated 40K-100K MSPs globally, maybe 150K-300K freelance IT consultants. If 10% convert at $49/mo, that's $2.4-5.9M ARR ceiling at current pricing. Real TAM is probably $10-30M if you expand to mid-market MSPs and raise pricing for larger deployments. Solid lifestyle/bootstrap business, but not venture-scale without expanding the wedge significantly.
MSPs and IT consultants already pay $100-400/mo for tools like Auvik, Lansweeper, and Network Detective. $49/mo is well within their budget and actually feels cheap — which is both good (low friction) and a risk (may signal low value). The real unlock is that this tool SAVES BILLABLE HOURS: if it saves 8-16 hours per network takeover, it pays for itself on the first engagement. MSPs can also pass the cost through to clients as part of an 'onboarding assessment' fee. Strong willingness to pay exists, but the free tier must be genuinely useful to drive adoption.
This is where it gets hard. The discovery/scanning piece is well-understood (Nmap libraries, SNMP, WMI). But the DIFFERENTIATED features — automated remediation playbooks, cost estimation, risk prioritization with business context — require deep domain expertise to build well. You need a comprehensive EOL/EOS database, vendor pricing data for replacements, firewall rule parsing across multiple vendors (Fortinet, pfSense, SonicWall, Meraki, etc.), and VPN configuration analysis. An MVP scanner is buildable in 4-8 weeks; a scanner that generates genuinely useful remediation playbooks with cost estimates is more like 3-6 months. The agent-based architecture also means cross-platform installer work (Windows services, Linux daemons). A solo dev can build a compelling MVP, but it will need to start narrow — e.g., Windows environments only, top 3 firewall vendors only.
This is the strongest signal. NO existing tool combines unauthenticated discovery + risk scoring + automated remediation playbooks + cost estimation + client-ready deliverables in one workflow. runZero is closest on discovery but has zero remediation features. Network Detective is closest on reports but scanning is shallow. The 'day-one network takeover' workflow is completely unaddressed as a first-class product experience. The gap is real, validated by the fact that sysadmins currently cobble together 3-4 tools plus spreadsheets to do this.
The freemium model works: free single scan gets them hooked, $49/mo for ongoing monitoring across client environments is natural for MSPs managing multiple networks. Re-scanning detects drift, new devices, expiring licenses, and emerging risks. However, the core use case (network takeover) is episodic — MSPs onboard maybe 1-5 new clients/year. Ongoing monitoring adds recurring value but puts you in competition with established RMM/monitoring tools. The subscription works best if positioned as 'continuous compliance documentation' rather than just re-scanning.
- +Clear, validated pain point with visceral user language — sysadmins are begging for this in forums
- +Strong competition gap — no tool delivers the full 'scan → prioritize → remediation playbook → cost estimate' workflow
- +Natural wedge into a $300B+ MSP market via a specific, underserved moment (day-one network takeover)
- +Low price point ($49/mo) removes friction and fits MSP budgets — tool pays for itself on first engagement
- +Remediation playbooks with cost estimates are a defensible moat — requires domain expertise competitors lack motivation to build
- +Every output (reports, playbooks) is a sales tool that the MSP shows to their client, creating organic visibility
- !Technical depth required for quality remediation playbooks is high — bad recommendations destroy trust instantly
- !runZero could add remediation features and crush this with their superior scanning engine and brand credibility
- !Kaseya/ConnectWise could build this as a feature inside their existing MSP platforms (acqui-hire risk or feature absorption)
- !Scanning unknown networks carries liability — crashing a legacy Windows 2003 server during a scan is a real scenario
- !EOL databases, vendor pricing, and firewall rule parsing across dozens of vendors is a long-tail maintenance burden
- !The episodic nature of network takeovers means churn risk if ongoing monitoring value isn't compelling enough
Cyber asset attack surface management — unauthenticated network discovery that finds every device without credentials or agents. Fingerprints OS, services, hardware, and exposed ports. Created by HD Moore
IT assessment and audit platform designed for MSPs. Scans networks and generates client-facing reports on security gaps, compliance posture, and network health.
Agentless IT asset discovery and inventory platform. Builds a comprehensive CMDB of hardware, software, users, and configurations across the network.
Cloud-based network management and monitoring for MSPs. Auto-discovers and maps network topology, monitors device health, backs up configurations.
Nmap is the gold-standard open-source network scanner
Week 1-2: Agentless scanner using Nmap libraries that discovers devices, OS versions, open ports, and running services on a single subnet. Week 3-4: Risk scoring engine that flags EOL operating systems (maintain a curated database of Windows/Linux/macOS EOL dates), open high-risk ports (RDP, SMB, Telnet exposed externally), and missing critical patches. Week 5-6: Auto-generated remediation playbook as a branded PDF — prioritized list of 'fix this first' items with severity ratings and generic cost ranges (e.g., 'Upgrade Server 2003 → Server 2022: ~$800-1200 license + 4-8 hours labor'). Week 7-8: Simple web dashboard, user auth, scan history. Ship with support for Windows/Linux endpoint detection and top 3 firewall vendors (Fortinet, pfSense, SonicWall). Skip VPN analysis and advanced firewall rule parsing for v1.
Free: Single-network scan (up to 50 devices), basic risk report, watermarked PDF → $49/mo Pro: Unlimited networks, re-scanning, branded PDF reports, scan history, remediation playbook with cost estimates → $149/mo Agency: Multi-tenant dashboard, white-label reports, API access, team accounts, priority support → Future upsell: Per-scan assessment fee ($199-499) for consultants who want to charge clients per engagement rather than subscribe → Long-term: Marketplace for remediation services (connect MSPs with vendors for hardware/software purchases, take referral cut)
8-12 weeks to first paying customer. The free scan gets early adopters in 2-4 weeks post-launch (post on r/sysadmin, r/msp, MSP-focused communities). Convert free users to paid within 30-60 days as they onboard their second client network. Target: 10 paying customers ($490 MRR) within 3 months of launch, 50 customers ($2,450 MRR) within 6 months. The MSP community is tight-knit — one enthusiastic user on r/msp or a podcast mention can drive significant organic growth.
- “in the world of a sysadmin, you inherit some situations you don't want to be in”
- “some non-profits I have inherited, or companies that are borderline bankrupt”
- “even some Windows 7, Server 2003/2008 and older stuff was running”
- “I disable older services, use strong passwords, close all ports, only use VPNs”