How SurfaceMapper Works
External-only scanning designed to be safe and non-disruptive.
Scope and Safety
- external-only scanning
- no intrusive testing
- no credentials required
- safe and non-disruptive
Turnaround
Typical turnaround is 24–48 hours from confirmed scope.
Delivery includes an executive summary and technical remediation detail.
What Happens During a Scan
1. Subdomain Discovery
Passive and active DNS enumeration identifies every subdomain in scope. Third-party delegated services (Microsoft 365, Google Workspace) are automatically filtered out — no false positives from infrastructure you don't control.
2. Port & Service Scanning
All resolved IP addresses are scanned for open ports and running services. Risky exposures — databases, RDP, management APIs — are flagged by severity. Service version data is retained for CVE correlation.
3. Web Probing
Every discovered endpoint is probed for admin interfaces, exposed login panels, TLS weaknesses, expiring certificates, and sensitive files. Screenshots are captured for high-risk interfaces.
4. Email Security
SPF, DMARC, and DKIM records are evaluated for the root domain. Absent or permissive configurations that allow email spoofing and BEC attacks are surfaced as findings.
5. Vulnerability & Reputation Checks
Service fingerprints are correlated against the NVD CVE database. Discovered IPs are checked against Spamhaus RBL and AbuseIPDB for evidence of compromise, botnet activity, or sustained abuse.
6. Reporting
All data is compiled into a risk-scored PDF report with an executive summary, full asset inventory, prioritised findings with evidence, remediation guidance, and optional drift tracking against a prior scan.