What can an attacker see about your company?

Every attack starts with reconnaissance. Before anyone sends a phishing email or probes a port, they read what's publicly published about you: your DNS, your subdomains, your email setup. This is a 30-second scan that shows you a small slice of what they find.

DNS queries run from your browser via Cloudflare DoH. Certificate Transparency lookups are proxied through our server with a 24-hour cache; we store the domain you scanned and the public cert data returned, nothing else. No personal information collected.

Enter the root domain only. For example, acme.com, not www.acme.com.

What this tool checks

Email spoofability (SPF / DKIM / DMARC)

If your email domain doesn't enforce DMARC, attackers can send email as anyone at your company. We query your DNS and grade the three records that determine whether they can.

  • SPF: which servers are allowed to send from your domain
  • DKIM: cryptographic signature on your outbound mail
  • DMARC: what to do when SPF or DKIM fails

Public subdomains

Every TLS certificate ever issued for your domain is logged publicly in Certificate Transparency. Attackers scrape those logs to find forgotten staging servers, admin panels, and dev environments. We query crt.sh with Certspotter as a fallback and show you what's listed.

What this isn't

No port scanning, no credential testing, no active probing. Everything here is public data your DNS operator and certificate authority have already published. The full /Recon assessment goes much deeper, with your authorization.