The whole external footprint — including the parts nobody wrote down
One agentless scan maps every internet-facing asset a client owns and everything an attacker can already see, then watches it for change. No software to install, no credentials to hand over, no reach inside the network.
Subdomains & forgotten hosts
Enumerate every subdomain — live, offline, unverified and dangling — so the assets a client forgot they owned surface before an attacker finds them first.
Exposed services & ports
A live port and service inventory across every discovered host. Internet-reachable RDP, SSH and SMB are automatically upgraded in severity — the exact ports behind most ransomware and initial-access cases.
DNS, TLS & domain hygiene
Certificate grade and expiry, DNS records, email authentication and WHOIS registration dates — flagged when a certificate is weak or a domain is weeks away from lapsing.
Technology fingerprint
Detect the server, CDN, CMS and framework behind each site, and flag end-of-life components that are quietly running past their support date.
Shadow IT & third parties
Surface cloud-hosted assets nobody registered and every external script or vendor each site loads — the supply chain riding along on your client's domain.
Subdomain takeover risk
Catch subdomains pointing at unclaimed cloud resources and flag them as takeover candidates before someone else claims the endpoint they resolve to.