Everything you need to manage your external attack surface

Open Ports & Services

SurfaceLoop scans your external assets for open TCP ports and identifies exposed services that could provide an entry point for attackers.

• Full TCP port scanning across common and extended ranges
• Service identification — SSH, RDP, VNC, FTP, databases, and more
• Change detection for newly opened or closed ports
• Severity classification based on service risk level

Exposed Web Panels

Detects admin panels, management interfaces, and control panels that are exposed to the internet — common targets for credential stuffing and exploitation.

• 55+ detection templates for common admin panels
• phpMyAdmin, Jenkins, cPanel, Webmin, and more
• Default credential detection
• Login page fingerprinting

TLS & Certificate Issues

Monitors your TLS configuration and certificates to prevent man-in-the-middle attacks, trust warnings, and service outages from expired certs.

• Certificate expiry monitoring with advance alerts
• Weak cipher suite detection
• Self-signed certificate identification
• Hostname mismatch and chain-of-trust validation

Missing Security Headers

Checks HTTP responses for missing security headers that protect against common web attacks like XSS, clickjacking, and MIME sniffing.

• Content-Security-Policy (CSP) validation
• HSTS configuration checks
• X-Frame-Options and X-Content-Type-Options
• Referrer-Policy and Permissions-Policy

Known Vulnerabilities (CVEs)

Runs thousands of Nuclei templates against your assets to detect known CVEs and exploitable vulnerabilities in web applications and services.

• 9,000+ Nuclei detection templates
• CVE-mapped findings with severity scores
• Technology-specific vulnerability checks
• Continuous updates as new CVEs are published

DNS & Email Spoofing

Validates your DNS email authentication records to prevent domain spoofing, phishing, and email-based attacks against your organisation.

• SPF record validation and policy analysis
• DMARC configuration and enforcement checks
• DKIM key presence verification
• Actionable recommendations for hardening

Subdomain Enumeration

Discovers subdomains and related assets that may be unknown to your team — shadow IT, forgotten services, and development environments exposed to the internet.

• Certificate transparency log monitoring
• DNS brute-force enumeration
• Reverse DNS lookups
• Wildcard and catch-all detection