Free Tool · Discovery

Attack Surface Scanner

Inventory every internet-facing asset you forgot you owned

A multi-domain rollup of your external footprint, including subsidiaries, cloud tenants and SaaS apps that expose your brand. Use it once for a snapshot or subscribe to weekly drift to see what changed without rerunning a scan.

Discovery scope

Brand-linked domains via WHOIS pivots and certificate transparency · cloud asset enumeration via TLS SAN matching · SaaS tenant detection via DNS records.

Drift detection

Subscribe to weekly drift to see what changed: new domains, new cloud assets, expired certs, removed services. Useful during M&A, divestitures and reorgs.

Limits

Free version limited to 25 brand-linked domains and a single cloud account per tenant family. The full platform removes both limits.

← All free tools

FAQ

Frequently asked questions

How do you discover related domains?

We pivot from your primary domain via WHOIS/Org records, certificate transparency and known DNS relationships — strictly using public data.

Will it find my forgotten S3 buckets?

It surfaces public-facing buckets associated with your TLS SAN graph. For private misconfigurations or IAM-level findings you need the full platform.

Can I export the inventory?

Yes — the email report includes a CSV.

Get Started

Ready for the full picture?

Free tools surface the obvious. KeenSafe proves the rest — continuously, with reproducible adversary evidence and one evidence model.

Get a Demo Talk to an Expert