11 passive scans, zero exploitation
Exactly the recon an attacker runs before touching your stack — condensed into a dashboard you can act on.
DNS & records
Authoritative A / AAAA / MX / NS / TXT / SOA / CAA inventory with issuer and policy gaps flagged.
Subdomain discovery
Certificate Transparency log mining — the full subdomain footprint you've shipped over time.
TLS & certificates
Protocol versions, cipher strength, chain validity, expiry windows — graded per host.
HTTP security headers
HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy — present vs. missing, per host.
Email security
SPF · DKIM · DMARC · MTA-STS · TLS-RPT posture with actionable deliverability & spoofing risks.
Tech stack & CVEs
Frameworks, CMSs, JS libraries fingerprinted and cross-checked against retire.js + EOL data.
OWASP Top 10 (2021)
Passive-applicable categories mapped against live evidence — no guesswork, no padding.
Subdomain takeover
Dangling CNAMEs scored against a fingerprint library of vulnerable SaaS services.
Compliance snapshot
ISO 27001 · PCI-DSS · NIST CSF · CIS Controls rollup — where you stand before the auditor arrives.
OSINT & exposure
Wayback, GitHub leaks, search-engine dorks — what's already public about your perimeter.
Top priorities
An auto-generated, action-ready backlog ranked by severity × exploitability — not alphabetized junk.
From domain to dashboard in under a minute
No agents to install, no API keys to trade — just the domain you're authorized to assess.
-
1
Enter your domain
Drop in the domain you own. We verify authorization via a company email on the same domain — no gmail / yahoo / free providers.
-
2
Passive scan runs live
Public sources only — DNS, CT logs, TLS handshakes, HTTP surface, Wayback. No traffic that trips a WAF or generates alerts.
-
3
Dashboard + PDF
13 sections, severity-ranked findings, downloadable report. Share with your team, vendors, or auditors.
Run your first scan now.
Free · ~30 seconds · no credit card. One scan per company per 24 hours.
Start scan