Exposure intelligence

Know what your public web assets expose, and what to fix first.

Start with a read-only exposure review for TLS, headers, DNS, and visible infrastructure. Sign in to turn the snapshot into verified assets, exposure history, and monitoring.

Scope

Public web assets

Input

One domain

Output

Ranked findings

Start A Public Exposure Review

Enter a public domain for a fast external exposure snapshot. No login needed.

Try an example

Public domains only. Read-only analysis. Free exposure reviews are rate-limited per IP and domain.

Result format

38High Risk
01Weighted exposure score
02Top findings with evidence
03Workspace path for history
01
Weighted score

Exposure score

A single number that summarizes externally visible risk across the review.

02
Risk-ranked results

Attack-path ranked

The issues most likely to be exploited surface first. The rest do not bury what matters.

03
Persistent workspace

Continuous history

A one-time review is a snapshot. The workspace keeps the record so changes stay visible over time.

What it proves

The first pass stays narrow, external, and verifiable.

We only surface signals that can be verified without credentials or assumptions. That keeps the result useful instead of noisy.

External only · No auth
TLS configuration

Expired certificates break trusted delivery

A lapsed certificate can interrupt secure access and expose users to browser trust warnings.

Security headers

Missing headers weaken browser-side protections

Missing security headers reduce the browser controls that help prevent framing and script abuse.

DNS exposure

Stale DNS records weaken domain trust

Misconfigured SPF, DKIM, DMARC, MX, or CAA records can weaken email trust and leave old dependencies behind.

Subdomain signals

Visible stack signals reduce attacker effort

Visible routing, redirect, and server signals make it easier to map your public footprint.

Findings specimen

A result should read like an instrument, not a checklist.

The score reflects exploitability weight, not a flat count of issues. Findings are ordered by the risk they create, not just the control they touch.

Security score

Current result
Security score gauge
74

Score / 100

Needs review

Weighted across TLS, headers, DNS, and infrastructure signals.

Validated findings

Representative issues from a public exposure review

  • highEvidence-backed

    Missing content security policy

    Without CSP, the browser has fewer controls to limit injected or untrusted script execution.

  • mediumEvidence-backed

    Certificate renewal window is narrowing

    If the certificate expires, users will see trust warnings and secure connections can fail.

  • lowEvidence-backed

    Edge stack is externally fingerprintable

    Visible server and routing hints make external reconnaissance easier than it needs to be.

Weighted score

Reflects exploitability weight, not a flat count of findings.

Risk ordering

Entry-point risks surface first. Do not bury what an attacker would use first.

Workspace history

A score trending down is a perimeter opening. Track it before it becomes noise.

Workspace record

The workspace is the record, not just another screen.

An exposure review is a snapshot. The workspace keeps ownership, history, and drift in the same place so you can act on the change, not the noise.

AssetsVerified domains tied to ownership, not guesswork.

FindingsIssues ranked by what matters first.

TrendScore drift over time, so change stays visible.

example.com

Last reviewed 2h ago

82
StatusStrong

shop.example.com

Last reviewed 2h ago

61
StatusReview

api.example.com

Last reviewed 2h ago

44
StatusAttention

2

Critical

7

High

14

Medium

Boundary rules

Read-only, public-only, and rate-limited by default.

No surprises
Public domains only

Public domains only

Validates internet-facing targets and blocks internal or private addresses.

Read-only analysis

Read-only analysis

The exposure review inspects externally visible signals without logging in, submitting forms, or making state-changing requests.

Rate-limited

Rate-limited by design

Built-in limits keep free discovery safe, predictable, and resistant to abuse.

Get started

Move from a one-time review to a system of record.

Start with a public exposure review. Keep the result in a workspace that knows what is owned, what is changing, and what needs attention first.

Start exposure reviewSign inCreate workspace
01Run a public exposure review without logging in.
02Keep verified assets and score history in the workspace.
03Track drift before it turns into repeated exposure or broken trust.
Back to top