Free, no commitment

See what an attacker sees.

A free, passive external exposure snapshot for your domain. We run the same public-source checks an attacker would — DNS posture, TLS, public services, email security, and obvious misconfigurations — and email you a plain-English report within one business day.

External attack surface mapping illustration.

What we check

All passive — we only touch what's already publicly visible. No login, no agent, no scanning of internal systems.

DNS posture

Authoritative records, subdomain enumeration via certificate transparency logs, exposed admin subdomains (cpanel, webmail, vpn, etc.), and stale or orphaned records.

TLS & certificates

Cert chain validity, expiry windows, weak ciphers, mismatched names, and certificate-transparency history that often reveals shadow infrastructure.

Email security

SPF, DKIM, and DMARC policy strength — the three records that determine whether attackers can spoof your domain in phishing campaigns.

Public services

HTTP headers, server banners, exposed admin panels, and obvious externally-reachable services that shouldn't be on the public internet.

AI & SaaS leakage hints

Public references to unsanctioned AI tools, exposed S3 buckets or storage URLs in indexed content, and AI vendor exposure visible from outside.

Plain-English prioritization

Findings ranked Critical / High / Medium / Low with the first three fixes called out clearly. Read it in 10 minutes. Hand it to your IT contact.

Request your free exposure scan

One domain per scan. Results emailed within one business day.

We only use this to send your report. No newsletter signup, no sales call unless you ask.

Authorization: By submitting, you confirm you own or are authorized to test the domain entered.

What this is — and isn't. This is a passive external snapshot built from publicly-available data. It is not a vulnerability scan, a penetration test, or an audit. We do not log into any of your systems, do not scan internal networks, and do not generate traffic against your origin servers. For a full review with read-only access to your cloud and identity environment, see the AI & Cloud Security Review.

Why we offer this for free

Most external-exposure tools either charge $500-$5,000 for a one-shot report or trap you in a SaaS contract for monthly dashboards you'll never read. We do this for free because (a) the data is public, (b) the tools are open-source, and (c) if you like how we communicate findings, we'd like to be the people you call when something looks off.

If we find something serious, we'll say so plainly in the report — and if you want help fixing it, the next step is a Free 30-min call. No obligation either way.

Already know you need the full review?

The flagship AI & Cloud Security Review covers identity, public cloud, AI usage, and external exposure with read-only access to your environment. $3,500-$5,500, 5-7 business days.

Book a 30-min call