Getting Started
Learn what Surfbot is, who it's for, and how it keeps your attack surface under control.
What is Surfbot?
Surfbot is an external attack surface management platform. It discovers, scans, and analyzes your external-facing infrastructure — domains, subdomains, open ports, web applications, APIs, and more — to find vulnerabilities and exposures before attackers do.
Think of it as a tireless security researcher that runs the same methodology a penetration tester would use, but as a managed service you can trigger on-demand.
Who is Surfbot for?
- Security teams who need visibility into their external attack surface
- DevOps/Platform engineers who want to catch misconfigurations before they ship
- Startups and SMBs that can't afford a full-time red team but still need offensive security coverage
- Bug bounty hunters and pentesters managing multiple targets
Key Features
| Feature | Description |
|---|---|
| Asset Discovery | Automatic subdomain enumeration, port scanning, and web probing |
| Vulnerability Scanning | 8,000+ Nuclei templates — CVE detection, misconfiguration checks, secret exposure |
| Scan Profiles | Three intensity levels — passive, standard, and deep |
| Differential Analysis | Know exactly what changed between scans — new assets, new ports, new vulns |
| REST API | Full API for integration with your existing tools and workflows |
| Webhooks | Real-time notifications when new findings are detected |
How It Works (High Level)
Every scan follows a pipeline:
- Discovery — Enumerate subdomains (subfinder) and resolve DNS (dnsx)
- Port Scanning — Identify open ports and services (naabu)
- HTTP Probing — Fingerprint web servers, technologies, and response behavior (httpx)
- Vulnerability Assessment — 8,000+ Nuclei templates filtered by scan profile
- Differential Analysis — Compare results to surface changes since last scan
Results are delivered to your dashboard, and optionally pushed via email alerts, webhooks, or the API.