Map your attack surface
before attackers do
Automatically discover subdomains, detect cloud exposure, check for subdomain takeover, and fingerprint technologies across your entire external perimeter.
No credit card required. Free plan available forever.
You cannot protect what you do not know exists
Attack surface management starts with discovery. Organisations routinely underestimate their external footprint — forgotten subdomains, exposed cloud storage, legacy applications, and test environments all create entry points that attackers actively exploit. SecPortal automates the discovery process using the same techniques used in professional penetration tests.
By combining subdomain enumeration, cloud exposure detection, subdomain takeover checks, and technology fingerprinting into a single automated workflow, SecPortal gives you a comprehensive map of your external attack surface. Run discovery scans on demand or schedule them to maintain continuous visibility as your infrastructure evolves.
Five discovery modules
Subdomain Enumeration
Discover subdomains through DNS brute-force with a curated wordlist and certificate transparency log analysis. Map your full subdomain tree automatically.
Cloud Exposure Detection
Identify publicly accessible Amazon S3 buckets, Azure Blob Storage containers, and Google Cloud Storage buckets associated with your domains.
Subdomain Takeover
Detect dangling DNS records pointing to unclaimed cloud resources — a critical vulnerability that lets attackers host content on your subdomain.
Technology Fingerprinting
Identify web servers, frameworks, CMS platforms, JavaScript libraries, CDN providers, and analytics tools across all discovered assets.
WHOIS & DNS Analysis
Pull registration details, nameserver configuration, SPF/DKIM/DMARC records, and domain expiry dates for complete DNS visibility.
Discovery methodology
SecPortal's discovery engine combines multiple data sources and enumeration techniques to build the most complete picture possible of your external perimeter. Each technique catches assets the others miss.
- DNS brute-force enumeration using a curated wordlist of over 10,000 common subdomain names
- Certificate transparency log queries to find subdomains from issued TLS certificates
- Recursive enumeration to discover nested subdomains (e.g., dev.api.example.com)
- Cloud resource pattern matching to detect S3 buckets, Azure Blob, and GCP storage linked to your domain
- CNAME chain analysis to detect dangling records vulnerable to subdomain takeover
- Technology fingerprinting across all discovered hosts using response headers, HTML content, and JavaScript signatures
Real-world use cases
Shadow IT Discovery
Find forgotten subdomains, test environments, and developer sandboxes that were never decommissioned
M&A Due Diligence
Map the external attack surface of acquisition targets to assess security risk before closing
Compliance Evidence
Demonstrate complete asset inventory coverage for ISO 27001, SOC 2, and regulatory audits
Continuous Visibility
Combine with scheduled scans to maintain an always-current view of your exposed assets
Related use cases
Know what you expose
Discover assets you did not know existed and close gaps before they are exploited.
No credit card required. Free plan available forever.