HOW IT WORKS
From one domain to your whole footprint.
We turn a single web address into a continuously-updated map of everything your company exposes to the internet — and keep watch so you don't have to. Whether you're an IT director trying to understand your exposure, a consultant compressing passive recon, or a CISO tracking subsidiaries across an acquisition — this is how it works.
01_DISCOVER
We map your public footprint
Give us a domain and we go to work — pulling from certificate transparency logs, passive DNS, and active enumeration to find every subdomain, live host, and open port. Then we fingerprint the technologies running on each one, right down to the version number.
- Subdomain & host discovery from certificate logs, passive DNS, and active enumeration
- Technology and version fingerprinting
- Open port and service detection
- Works across multiple domains — map subsidiaries and acquired brands in one pass
02_ENRICH
We match it to real-world risk
Knowing you run a certain version of a web framework only matters if you know what's wrong with it. We cross-reference detected versions against known CVEs, so every finding comes with the vulnerabilities that actually apply — not a generic checklist.
- Version-matched CVE correlation — no manual NVD lookups per tech stack
- Plain-English risk grade (A–F) with the context to act on it
- Relationship mapping across hosts, IPs, and brands
- For pentesters: replaces the manual CVE cross-reference phase of a passive recon engagement
03_MONITOR
We keep watching — and tell you when it changes
Your footprint isn't static, so neither are we. Continuous rescans track what's new, what moved, and what just became vulnerable. When something worth knowing about appears, you get an alert in plain language with the context to act on it.
- Continuous, scheduled rescans — no annual audit blind spots
- Timestamped change history for board reporting and incident response
- Alerts for new critical CVEs and unknown hosts appearing under your name
- Multi-client view for consultants managing ongoing engagements
04_WHERE_TO_START
DomRecon Report
An instant, on-demand snapshot of any domain's attack surface. Free for everyone, no signup required. Ideal for a first look at your own exposure or a client's scope before an engagement.
Run a free report →Graph Explorer
The full picture: every domain mapped as a living graph, monitored continuously. Built for IT teams who need ongoing watch, consultants managing multiple clients, and CISOs who need audit-ready change history across their full brand portfolio.
Explore the live graph →