Discover what attackers see when they look at your domain or IP address. Open ports, subdomains, TLS configuration, DNS records, WHOIS data, and known vulnerabilities -- all from passive reconnaissance.
This tool queries 10 intelligence sources in parallel -- including certificate transparency logs, Shodan, Censys, SSL Labs, Criminal IP, SecurityTrails, and others -- to produce a unified exposure report:
All data is gathered passively -- no traffic is sent to the target.
Audit your organization's external attack surface. Find forgotten subdomains, exposed services, and weak TLS configurations.
Kickstart reconnaissance with a comprehensive passive scan. Gather subdomains, open ports, and CVEs in one sweep.
Verify your infrastructure is configured correctly. Check DNS records, certificate expiry, and exposed services.
Expand your scope with subdomain enumeration and service discovery. Identify targets for deeper investigation.
Type any domain name (e.g., example.com) or IP address. The scanner auto-detects the target type.
We query multiple threat intelligence providers simultaneously -- certificate transparency logs, DNS resolvers, WHOIS databases, and vulnerability feeds.
Review your exposure across 7 categories. Each finding includes context about what it means and why it matters for security.