External Attack Surface Management

Your Attack Surface
Never Sleeps.
Neither Does Surfbot.

Continuous exposure management that discovers assets, finds vulnerabilities, and detects leaked secrets — before attackers do. Differential scanning shows you exactly what changed, like git diff for your attack surface.

Start Scanning Free See How It Works

surfbot — scan results

$ # Scan results — example.com (standard profile)

[surfbot] Scan completed in 7m 23s

✓ Discovery: 47 subdomains, 12 IPs, 89 open ports

✓ Assessment: 8,247 templates checked

▲ CVE-2024-3400 on vpn.example.com:443 [CRITICAL]

✗ AWS_ACCESS_KEY exposed in /assets/config.js [HIGH]

▲ Missing HSTS header on 12 subdomains [MEDIUM]

▲ .env file exposed on staging.example.com [HIGH]

△ Diff: +4 new findings, 1 resolved since last scan

✓ Notifications sent — 2 critical alerts

Features

Everything you need to own your attack surface

Six integrated capabilities. One platform. Zero gaps.

Attack Surface Discovery

See Everything. Miss Nothing.

Surfbot maps your entire external attack surface — domains, subdomains, IPs, open ports, running services, technologies, and web applications. On-demand discovery means you scan when you need to, not on someone else’s schedule.

Subdomain enumeration at scale
Port scanning & service fingerprinting
Technology detection (frameworks, CMS, CDNs, WAFs)
Automated asset classification & tagging

Vulnerability Assessment

8,000+ Checks. Zero Noise.

Every asset gets scanned against 8,000+ Nuclei vulnerability templates — from critical CVEs to misconfigurations to default credentials. Three scan profiles (passive, standard, deep) let you choose the right level of intensity for each target.

CVE detection with severity scoring
Misconfiguration checks
Default credential testing
3 scan profiles (passive → deep)

Secret Exposure Detection

Your Secrets Aren’t Secret If They’re on the Internet.

Surfbot scans for leaked API keys, credentials, tokens, and sensitive data across your exposed surface. Find secrets in JavaScript files, config endpoints, error pages, and public repositories before they become breach headlines.

API key & token detection
Credential exposure scanning
Sensitive file discovery (.env, .git, backups)
Cloud storage misconfiguration checks

Differential Scanning

Git Diff for Your Attack Surface.

Traditional scanners dump the same 500-finding report every week. Surfbot shows you what changed. New assets, new vulnerabilities, resolved issues — all tracked automatically. Focus on what matters: the delta.

New finding alerts (what appeared since last scan)
Resolved finding tracking (what got fixed)
Asset change detection (new ports, new services, new tech)
Timeline view of your attack surface evolution

Smart Notifications

Know the Moment Something Changes.

Surfbot notifies you the instant new critical findings appear. Email alerts for completed scans and critical findings, plus webhooks to integrate with your existing stack.

Email alerts on scan completion
Critical finding notifications
Webhook integration
Change detection alerts

Zero-Friction Onboarding

From Signup to First Scan in 60 Seconds.

No DNS records, no complex configuration. If your email is @yourcompany.com, Surfbot verifies your domain automatically. Business email = instant access. Start scanning before you finish your coffee.

Business email auto-verification
No DNS configuration required
Guided onboarding wizard
Results in minutes — not hours

Pricing

Simple Pricing. No Surprises.

Start free. Scale when you're ready.

Free

$0/month

For individuals and security practitioners.

Start Free

1 root domain
Weekly on-demand scans
Standard scan profile (8,000+ templates)
Email alerts

Pro

$49/month

For professionals managing multiple targets.

Start Pro Trial

10 root domains
Daily scans
All scan profiles (passive, standard, deep)
Secret exposure detection
Differential scanning
Webhook integrations
API access

Enterprise

Custom

For teams and organizations with complex needs.

Unlimited domains
Priority support
Custom scan profiles
Dedicated onboarding
Coming soon: SSO, team workspaces, compliance reporting

FAQ

Frequently Asked Questions

It's the practice of continuously discovering, assessing, and prioritizing vulnerabilities across your entire external attack surface — not just during annual pentests, but every day.

Surfbot handles the entire pipeline — asset discovery, port scanning, vulnerability assessment, and change tracking — as a managed service. Plus, scan profiles let you choose between passive recon, standard assessment, or deep scanning. Differential scanning shows you what changed, not the same 500-finding report every week.

Think git diff for your attack surface. Instead of getting the same massive report every scan, Surfbot shows you only what changed — new findings, resolved issues, and asset mutations. You focus on the delta.

Surfbot offers three scan profiles: Passive (safe recon — tech fingerprinting, SSL, DNS), Standard (balanced — misconfigs, exposures, CVEs), and Deep (comprehensive — everything except DoS). Choose based on your risk tolerance and domain consent level.

Currently Surfbot focuses on external attack surface. Internal scanning is on the roadmap for Enterprise customers.

8,000+ official templates from ProjectDiscovery, plus 19 custom Surfbot templates. Updated regularly with version-pinned releases.

Yes. We support email notifications, webhooks, and a REST API. More integrations (Slack, JIRA) are on the roadmap.

We only scan assets you authorize. All data is encrypted at rest and in transit. We never share scan results.

Most scans complete within minutes depending on the size of the target surface. You'll start seeing results as discovery runs.

The Free tier is permanent — 1 domain, no expiration, no credit card. Pro pricing will be available when we launch publicly. During the private beta, all features are accessible.

Your Attack Surface Is Exposed Right Now.

Find out what attackers already know. Add your domain, verify with your business email, get results in minutes.