Free attack surface scan

Map everything you expose to the internet — assets, open ports, services and known CVEs — from one domain.

Free · no account · instant.

What it checks

Subdomain & asset discovery

We enumerate the domains, subdomains and IPs reachable from the public internet.

Open ports & live services

Every responding port is tested and the service behind it is fingerprinted.

Known vulnerabilities (CVEs)

Detected software versions are matched against known CVEs, with KEV flags.

TLS, DNS & email posture

Certificate health, DNS hygiene and SPF/DKIM/DMARC are checked along the way.

Frequently asked

Is the attack surface scan really free?

Yes — enter a domain and get a full external exposure report in minutes, with no account and no credit card.

Do I need to install anything?

No. The scan is agentless and outside-in — it sees exactly what an external attacker would, using only public signals.

What domains can I scan?

Any domain you want to assess. The scan is non-intrusive reconnaissance; continuous monitoring of a domain requires DNS ownership verification.

Want this continuously, not once?

The free tool is a snapshot. SICenter monitors your whole estate and alerts you the moment something changes.

Start monitoring free