// EXTERNAL ATTACK SURFACE RECONNAISSANCE

Discover Your
Exposed Cyber Assets

Real-time subdomain discovery, DNS intelligence, certificate transparency, WHOIS/RDAP, and IP geolocation — powered by live public APIs. Free. No signup. No tracking.

ENTER TARGET DOMAIN (must be authorized)
Ready — enter an authorized domain to begin reconnaissance
// AUTHORIZED USE POLICY

✓ Permitted

  • Your own domains & infrastructure
  • Authorized penetration testing
  • Bug bounty (within scope)
  • Security research & education

✗ Prohibited

  • Unauthorized scanning of any system
  • Planning or executing cyberattacks
  • Violations of CFAA / CMA / EU law
  • Any illegal or harmful activity

⚡ Data Sources

  • crt.sh — Certificate transparency
  • Cloudflare DoH — DNS resolution
  • rdap.org — WHOIS / RDAP
  • ip-api.com — IP geolocation

🔒 Privacy

  • No data stored server-side
  • No cookies or tracking
  • All API calls from your browser
  • Results stay in your session only
Certificate Transparency (crt.sh)
DNS via Cloudflare DoH
WHOIS via RDAP
IP Geo via ip-api.com
Subdomain Enumeration
Risk Scoring
CSV & JSON Export
Zero Tracking