External Attack Surface Management

Know your
exposure.
Before they do.

Continuous external attack surface monitoring across DNS, email, TLS, and exposed services. One prioritised report, ready in minutes — no agents, no integrations.

Get started How it works
Authorized scans only
Passive reconnaissance
No intrusive testing
resensor — scan report
Live scan
acme-corp.io
Live scan
4
Critical
11
High
23
Medium
61
Assets
RDP port 3389 exposed publicly on dev.acme-corp.io
Network
No DMARC policy — domain is fully spoofable
Email
TLS 1.0 active on api.acme-corp.io
TLS
Certificate expires in 8 days — renewal overdue
Certificate
Dangling DNS record — legacy.acme-corp.io unclaimed
DNS
Capabilities

Every angle of your
attack surface. Covered.

From stale DNS records to spoofable email infrastructure — Resensor surfaces what attackers see when they look at your company.

Continuous asset discovery

Automatically enumerate subdomains, IP ranges, cloud assets, and exposed services. Resensor watches for changes and alerts the moment something new appears on your perimeter.

Subdomain enumIP attributionChange detectionCloud assets
dev.acme.io — RDP 3389 open
Network
mail.acme.io — No DMARC enforcement
Email
api.acme.io — TLS 1.0 active
TLS
acme.io — Certificate expiry in 8 days
Certificate
legacy.acme.io — Dangling DNS record
DNS
www.acme.io — SPF valid, HSTS active
OK

Email security posture

Full SPF, DKIM, DMARC, and MTA-STS analysis. Detect permissive records and spoofable policies before attackers exploit them.

SPFDKIMDMARCMTA-STS

TLS & certificate intel

Expiry alerts, cipher grading, chain validation, and deprecated protocol detection across every discovered hostname.

Expiry trackingCT logsCipher grade

Open port exposure

Identify RDP, SMB, SSH, admin panels, and database ports mapped to your asset inventory with geo-attribution.

Port fingerprintGeolocation

Risk trend & history

Track posture improvement with historical scoring, audit-ready exports, and Board-level reporting built in.

PDF/JSON/CSVWebhooksSIEM-ready
How it works

From domain to full report
in under 5 minutes.

No agents. No integrations. No complex onboarding. Enter your domain and Resensor handles the rest.

01

Enter your domain

Provide your primary domain. Resensor automatically discovers subdomains, IP ranges, MX records, and all internet-visible assets tied to your organisation — no configuration needed.

02

Passive reconnaissance

Non-intrusive scanning across DNS, email headers, TLS certificates, open ports, and certificate transparency logs — building a complete external picture without touching your infrastructure.

03

Prioritised risk report

Findings scored by severity and real-world exploitability. A single grade, per-category breakdown, and step-by-step remediation — ready to share with leadership the same day.

Risk scoring

A grade, not just
a list of CVEs.

Every scan produces a single, Board-reportable score with category breakdowns. Built for engineers, readable by executives.

Weighted by exploitability

Scores reflect real-world weaponisability — a misconfigured DMARC record ranks higher than a theoretical banner grab.

Trend over time

Historical scoring gives your team a clear narrative for risk reviews, compliance evidence, and security roadmap conversations.

Exportable everywhere

PDF, JSON, or CSV. Share a read-only link with stakeholders. Pipe findings into your SIEM or ticketing system via webhook.

acme-corp.io — updated 2 minutes ago
62
/100
GRADE C
4 critical · 11 high · 23 medium issues found
DNS security
58
Email posture
34
TLS / certificates
71
Network exposure
41
Web headers
83
Subdomain hygiene
66
Pricing

Simple. Transparent.
No surprises.

Pulse covers one primary domain with standard-depth scans. Sentinel adds aggressive scanning, weekly automated re-scans, and coverage for up to five domains.

Pulse
$179/mo
Continuous visibility for your primary domain. Standard-depth scans with monthly re-checks.
  • 1 active target (domain)
  • 15 on-demand scans / month
  • Standard scan depth
  • Monthly automated re-scan
  • PDF report + CSV export
  • Email support
Get started
Most popular
Sentinel
$449/mo
Aggressive-depth scanning across your full perimeter, with cross-target reports and API access.
  • Up to 5 active targets
  • Unlimited on-demand scans*
  • Aggressive depth — Nuclei, deeper enumeration
  • Weekly automated re-scans per target
  • Cross-target comparative reports
  • REST API access
  • Priority support
Get started
*Fair-use soft cap ~80 scans / month.
Enterprise
Custom
For security teams managing a wide perimeter, regulatory obligations, or a portfolio of subsidiaries.
  • Unlimited domains
  • Continuous change detection
  • REST API & SIEM integration
  • SSO, RBAC, audit logging
  • Custom SLAs & data residency
  • Dedicated security analyst
Contact sales
Get started — plans from $179/mo

See your attack surface
the way attackers do.

A full external security assessment across domains, email, TLS, open ports, and DNS — delivered as a single prioritised report.

Start your subscription Talk to sales