Attack Surface

Attack surface means all apex domains, their subdomains, and IPs discovered by or added to Detectify, including other domains and IP-addresses such domains point to. This also includes all associated information to these assets, such as DNS records, open ports and applications and services run on them, plus much more.


The Attack Surface Page

The attack surface page is designed to give our Surface Monitoring customers a complete overview of all of their assets (a domain or IP). Each asset is classified according to a Surface state which describes whether an asset is to be considered as currently exposed on your attack surface.


Surface State


Inactive: These are assets that we haven’t seen for the last 14 days. For domains, this means that we haven’t been able to find a DNS record corresponding to this particular domain. For IPs, this means that we haven’t been able to reach that particular IP.

Seen (active): These are assets that we’ve been able to see within the last 14 days, either through resolving a DNS record (for domains) or through reaching the IP (for IP assets).

Reachable (active): These are assets that we have been able to reach during our monitoring through pings or port scanning.

Open (active): The IPs that the asset points to have open ports that we have been able to reach.

Active assets

The attack surface page aims to show you what you are currently exposing on your attack surface.Thus, these states can be filtered on using the surface state filter.


Open Ports

The attack surface page will, on each asset that has Surface Monitoring running, show the open ports that we have been able to reach on that asset. What is seen in the table are only the ports that have been reached within the last 3 days. However, if you click the link, you will be able to see all ports that we have ever found to be open on that asset, including historic ports (ports that we haven’t reached in the last 3 days).