External Attack Surface Management

Know your
exposure.
Before they do.

Resensor maps your entire digital footprint — domains, email, TLS, open ports, DNS — and delivers a scored risk report in under 5 minutes. No agents. No install.

Get started How it works
MR
JS
AK
TL
2,400+ security teams
2.4M+ assets scanned
resensor — scan report
Live scan
acme-corp.io
Live scan
4
Critical
11
High
23
Medium
61
Assets
RDP port 3389 exposed publicly on dev.acme-corp.io
Network
No DMARC policy — domain is fully spoofable
Email
TLS 1.0 active on api.acme-corp.io
TLS
Certificate expires in 8 days — renewal overdue
Certificate
Dangling DNS record — legacy.acme-corp.io unclaimed
DNS
Capabilities

Every angle of your
attack surface. Covered.

From stale DNS records to spoofable email infrastructure — Resensor surfaces what attackers see when they look at your company.

Continuous asset discovery

Automatically enumerate subdomains, IP ranges, cloud assets, and exposed services. Resensor watches for changes and alerts the moment something new appears on your perimeter.

Subdomain enumIP attributionChange detectionCloud assets
dev.acme.io — RDP 3389 open
Network
mail.acme.io — No DMARC enforcement
Email
api.acme.io — TLS 1.0 active
TLS
acme.io — Certificate expiry in 8 days
Certificate
legacy.acme.io — Dangling DNS record
DNS
www.acme.io — SPF valid, HSTS active
OK

Email security posture

Full SPF, DKIM, DMARC, and MTA-STS analysis. Detect permissive records and spoofable policies before attackers exploit them.

SPFDKIMDMARCMTA-STS

TLS & certificate intel

Expiry alerts, cipher grading, chain validation, and deprecated protocol detection across every discovered hostname.

Expiry trackingCT logsCipher grade

Open port exposure

Identify RDP, SMB, SSH, admin panels, and database ports mapped to your asset inventory with geo-attribution.

Port fingerprintGeolocation

Risk trend & history

Track posture improvement with historical scoring, audit-ready exports, and Board-level reporting built in.

PDF/JSON/CSVWebhooksSIEM-ready
How it works

From domain to full report
in under 5 minutes.

No agents. No integrations. No complex onboarding. Enter your domain and Resensor handles the rest.

01

Enter your domain

Provide your primary domain. Resensor automatically discovers subdomains, IP ranges, MX records, and all internet-visible assets tied to your organisation — no configuration needed.

02

Passive reconnaissance

Non-intrusive scanning across DNS, email headers, TLS certificates, open ports, and certificate transparency logs — building a complete external picture without touching your infrastructure.

03

Prioritised risk report

Findings scored by severity and real-world exploitability. A single grade, per-category breakdown, and step-by-step remediation — ready to share with leadership the same day.

Risk scoring

A grade, not just
a list of CVEs.

Every scan produces a single, Board-reportable score with category breakdowns. Built for engineers, readable by executives.

Weighted by exploitability

Scores reflect real-world weaponisability — a misconfigured DMARC record ranks higher than a theoretical banner grab.

Trend over time

Historical scoring gives your team a clear narrative for risk reviews, compliance evidence, and security roadmap conversations.

Exportable everywhere

PDF, JSON, or CSV. Share a read-only link with stakeholders. Pipe findings into your SIEM or ticketing system via webhook.

acme-corp.io — updated 2 minutes ago
62
/100
GRADE C
4 critical · 11 high · 23 medium issues found
DNS security
58
Email posture
34
TLS / certificates
71
Network exposure
41
Web headers
83
Subdomain hygiene
66
Pricing

Simple. Transparent.
No surprises.

Start with Starter to prove value on your primary domain. Upgrade to Pro when you need full perimeter coverage, deeper findings, and proactive alerting.

Starter
$100/mo
The essentials. See what's exposed on your primary domain and stay on top of critical risks.
  • 2 scans per month
  • 1 domain
  • Full asset discovery
  • Critical & high findings only
  • Risk score & grade
  • PDF report export
Get started
Most popular
Pro
$350/mo
Everything in Starter, plus the depth and coverage to manage your full perimeter.
  • 7 scans per month
  • Multiple domains
  • Full severity breakdown — including medium findings
  • Remediation guidance per finding
  • Trend & history view
  • Email alerts on new findings
  • JSON / CSV export
Get started
Enterprise
Coming Soon
Unlimited domains, full API, SIEM integration, and a dedicated analyst. Reach out to join the waitlist.
  • Unlimited domains
  • Real-time change detection
  • Full REST API access
  • SIEM / SOAR integration
  • Custom SLAs
  • Dedicated analyst
  • SSO & RBAC
Join the waitlist
Get started — plans from $150/mo

See your attack surface
right now.

Enter your domain and get a full external security assessment — domains, email, TLS, open ports, DNS — all surfaced in a single prioritised report.

Scan
Passive recon only. No intrusive or destructive testing, ever.