⬡
Subdomain Discovery
Find every public-facing host — not just the ones you know about. crt.sh and threat intel feeds enumerate subdomains; HTTP probing confirms which are live.
◉
Technology Fingerprinting
Know exactly what software is running and at what version. Header, cookie, and script-src analysis covers every live host automatically.
▲
CVE Exposure
Find out which installed versions have known exploits. Detected versions are matched against NVD and OSV — only version-accurate CVEs, no noise.
◌
Port & Service Scan
See every exposed port across the attack surface. TCP scanning maps running services on every discovered subdomain — automatically.