Passive attack surface analysis for any domain. SSL, headers, email security, tech stack, CVEs, and subdomains — all from public data. Nothing uploaded.
Passive scan only — uses public data sources. No attack traffic sent. Takes 10-20 seconds.
All checks use public data only — nothing is uploaded, no attack traffic is sent.
No. This is a passive reconnaissance tool that reads publicly available information only. It does not probe for vulnerabilities, send attack payloads, or interact with your systems beyond making a standard HTTP request. It is equivalent to what any browser or search engine crawler does.
The report runs 7+ checks in parallel against external services (crt.sh, NVD, RDAP, DNS servers, and your domain itself). Each check has its own network latency. The longest checks are typically the NVD CVE lookup and the CT log search.
Not necessarily. CVEs are matched by technology name and version where available. You should verify each CVE against your specific configuration. This tool helps you identify what to investigate, not replace a security assessment.
Technology fingerprinting reads public HTTP headers and HTML source. Many modern sites obfuscate or remove server headers for security. If your site does not expose technology information (which is good practice), the tool will not detect it.
All data collected is publicly available — DNS records, CT logs, and HTTP headers are accessible to anyone on the internet. However, use this tool responsibly and in accordance with applicable laws and terms of service.