Subdomains
Shadow subdomains surfaced from passive sources and certificate transparency.
Subdomain enumeration across 45+ passive sources plus certificate transparency, and takeover detection on a continuous schedule across all paid tiers. Every discovered asset lands in the same workflow as your scan results, so shadow IT shows up before an attacker finds it.
Read-only access · Working scan data deleted after each scan · EU-hosted
Attackers enumerate your subdomains whether or not you do. The only question is who finds the forgotten staging box first.
The daily monitor runs across every target without a manual trigger and keeps each of these current. No order here, just breadth: this is the full picture of what faces the internet.
Shadow subdomains surfaced from passive sources and certificate transparency.
Exposed services, versions, and admin interfaces facing the internet.
Expiring, mismatched, and weak certificates and where they are bound.
SPF, DKIM, DMARC, DNSSEC, and zone-transfer gaps that enable spoofing.
The stack running on each host, so a new CVE maps straight to what is affected.
Dangling CNAMEs pointing at de-provisioned cloud services, ready to be claimed.
Every discovered asset carries a 0 to 100 risk score so you can sort the inventory by where to look first. The score is a signal, not a ruling, and discovery never acts on its own.
Discovered assets feed the same dedup, SLA, and compliance pipeline as the rest of your findings. See how that lifecycle works on the vulnerability management page.
Add a domain and the daily monitor maps what it can reach.
Read-only access · Working scan data deleted after each scan · EU-hosted