What can an attacker see about your company?
Every attack starts with reconnaissance. Before anyone sends a phishing email or probes a port, they read what's publicly published about you: your DNS, your subdomains, your email setup. This is a 30-second scan that shows you a small slice of what they find.
DNS queries run from your browser via Cloudflare DoH. Certificate Transparency lookups are proxied through our server with a 24-hour cache; we store the domain you scanned and the public cert data returned, nothing else. No personal information collected.
Overall exposure
Scan running…
Email spoofability
SPF, DKIM, and DMARC tell the world whether your email domain can be impersonated.
Waiting for scan…
Public subdomains
Every TLS certificate your org has ever issued is published in public transparency logs. Attackers read those logs first.
Waiting for scan…
This is two checks. The full Business Attack Surface Assessment runs six.
What you just saw is a small slice of the surface. A full /Recon Business Attack Surface Assessment covers email, DNS, subdomains, TLS, web tech stack and CVEs, site quality, and breach exposure for your corporate email accounts: graded six ways and packaged as a five-document deliverable bundle, including a CISSP-signed attestation.
Self-service from $249 per domain for a single assessment, or $82.50/month annually for continuous monitoring. No consultation required to commission an engagement.
Get the full assessmentOr read more about the Business Attack Surface Assessment, or see all pricing tiers.
What this tool checks
Email spoofability (SPF / DKIM / DMARC)
If your email domain doesn't enforce DMARC, attackers can send email as anyone at your company. We query your DNS and grade the three records that determine whether they can.
- SPF: which servers are allowed to send from your domain
- DKIM: cryptographic signature on your outbound mail
- DMARC: what to do when SPF or DKIM fails
Public subdomains
Every TLS certificate ever issued for your domain is logged publicly in Certificate
Transparency. Attackers scrape those logs to find forgotten staging servers, admin
panels, and dev environments. We query crt.sh with Certspotter
as a fallback and show you what's listed.
What this isn't
No port scanning, no credential testing, no active probing. Everything here is public data your DNS operator and certificate authority have already published. The full /Recon assessment goes much deeper, with your authorization.