Quickstart

Create Your Account

Head to app.surfbot.io/register and create a free account. No credit card required — the Free tier includes 1 domain with no expiration.

Add Your First Domain

The onboarding wizard guides you automatically after registration. Enter your root domain (e.g., yourcompany.com).

Surfbot will scan the root domain and all discovered subdomains automatically.

Verify Domain Ownership

Surfbot uses a two-tier verification system:

Business email (fast path): If you registered with [email protected], your domain yourcompany.com is verified automatically. Zero friction — no DNS changes needed.

Generic email (fallback): If you registered with a generic email (Gmail, Hotmail, etc.), you'll need to verify via one of two methods:

DNS TXT Record:

_surfbot-verify.yourcompany.com  TXT  "surfbot-verify=sb_abc123def456"

HTTP File Verification:

Place a file at https://yourcompany.com/.well-known/surfbot-verify.txt with the verification token shown in your dashboard.

See Domain Verification for full details on both methods.

Choose Scan Profile & Run First Scan

Select your scan profile based on how thorough you want the assessment to be:

Click Start Scan. A typical first scan takes 5–10 minutes.

Review Results

When the scan completes, you'll see:

• Assets — Every subdomain, IP, and open port discovered
• Findings — Categorized by severity (Critical, High, Medium, Low, Info) with CVSS scores and evidence
• Changes — On subsequent scans, see the diff of new, resolved, and changed findings

Each finding includes details, evidence, and remediation guidance.