Attack Surface

All Assets page

The "All Assets" page is the primary place to learn about the assets you have on your attack surface. It's the top item under the "Insight" section in the menu, designed to collect all the output and insights our product has generated.

The main feature of the "All Assets" page is a table displaying each row as a new domain, along with details about that domain. Filters and search options are available so that you can find the domains you're interested in or that match your specific query. You can also examine aspects such as the surface state of a domain, which explains the level of exposure that particular domain has.

We categorize domains as: 

  • Open: We've found open ports for those domains.
  • Unreachable: The domain cannot be reached.
  • Inactive: A domain that is parked.

You can also see what vulnerabilities have been found on specific domains. Filter based on the open ports and view the DNS records of those domains, when they were first discovered, as well as the methods used for discovery.

Selecting any domain will take you to the details page, which shows open ports, DNS records, technologies fingerprinted on that specific domain (e.g.,, the IP addresses this domain points to, and the list of vulnerabilities found. The details page summarizes all aspects of that domain, giving you a complete picture and highlighting any necessary actions.

Root Assets

You can easily find domains by using the "Root Assets" page. This helps you find domains of interest; for example, if we want to go into, clicking that will filter all the subdomains to that root, including the root itself.

IP Addresses

The IP Addresses page collects all the different IPs that are on your attack surface. You can slice and dice the data at various levels, including the IP address, if it's active, how many assets each of the IPs has, and the provider.

Group By options

Exploring other "Group By" options gives different perspectives with the same data type. Grouping by provider, for example, shows all the different providers and their current usage. 

The "Group By None" option is the most detailed, with each row representing an IP address and a domain, allowing direct access to all related data. This is especially useful for unraveling complex relationships between IPs and domains.

Country Group

The country group shows all the countries found, each row representing a unique country and statistics about that country, such as the number of IPs, assets, and providers. All these pages follow a similar structure, including status, first seen, and disappearance data.


We detail any ports we've found exposed on the IPs you use.

The first page you'll see is grouped by port, where each row represents a unique open port, along with columns describing the number of assets and IPs on which this port has been found open.

Like the IP addresses and technologies pages, it follows a similar structure, with a status column indicating whether this port is active (open) or not (closed) on your attack surface. We also include "first scanned" and "disappeared" data to track when we first discovered it and if it has vanished.


The technologies page lists all fingerprinted software found anywhere on your attack surface.

It uses a "Group By" structure, allowing you to choose the level of detail you want to see. Starting with the most zoomed-out version, "group by technology," each row represents a unique technology, disregarding versions. For instance, if multiple versions of jQuery are found, it will be listed once, and we will count how many times that technology, in various versions, has been detected across different assets.