What does Externalsight scan?

Externalsight scans authorized internet-facing assets across DNS, TLS, HTTP headers, exposed services, subdomains, cloud exposure, email authentication, DAST signals, CVE enrichment, and infrastructure exposure indicators.

Do I need to install an agent?

No. Externalsight is agentless and uses deterministic outside-in scanning from the public internet.

Can I monitor changes over time?

Yes. Sentinel supports 48-hour background monitoring and Fortress supports 24-hour background monitoring, with historical comparison of posture changes.

● Now · Real-time monitoring live

See your exposed attack surface before attackers exploit it.

ExternalSight scans your internet-facing domains for exposed assets, misconfigurations, weak security controls, and attacker-visible risks — then turns them into prioritized fixes.

Run a scan now → See how it works →

✓ No agents ✓ No credit card ✓ <3 min to first finding

externalsight · console · acme-corp.com STREAMING

Posture

↑ 6 this week

Critical

+1 24h

Subdomains

+3 24h

Scanners

all OK

● CRIT admin.acme-corp.com:8080 admin panel exposed · no IP allowlist SLA 24h

Posture · 30d +11 (15.7%)

Recent activity

14:02:33 [OK] tls_scanner complete · 14ms

14:02:34 [OK] subdomain_scanner 14 found

14:02:35 [WARN] port_scanner 6 ports open

14:02:36 [CRIT] admin_panel_scanner 1 exposed

14:02:37 [RUN] cve_scanner matching 247k records... ▍

01 · DEMO

Live scan

Type any domain. Watch forty-eight scanners resolve in real time, with a deterministic posture score on the other side.

NO SIGNUP · NO CC

↵ to scan

Pipeline · 48 scanners

DNS resolution 14ms

Cert transparency 124ms

Subdomain enum 847ms

TLS configuration 1.2s

HTTP headers 420ms

Port scanning ·····

CVE matching —

Posture scoring —

Posture score

B+

moderate exposure

Crit

High

Med

Low

Top finding

Admin panel exposed on public IP CVSS 9.1

admin.acme-corp.com:8080 · Basic Auth · TLS 1.2 · IP allowlist absent

Surface inventory

Domains 1

Subdomains 14

Open ports 6

Certificates 12

TLS version 1.3

IPs reachable 8

CVE matches 3

Tech stack nginx, React

WAF Cloudflare

Cred leaks 0

02 · RESEARCH

The data on attack surface

What independent analysts find, repeatedly, when they survey enterprise security in 2024–2025.

GARTNER Top Security Trend, 2024

+35%

avg new assets discovered post-EASM

"Between 80–95% of a company's assets change each year. Manual tracking is structurally impossible."

FORRESTER Wave Q3 2024

−45%

breach probability reduction

"ASM will continue to prevail as a capability in proactive security platforms."

IBM Cost of a Breach 2024

$2.2M

avg saved by automation-using teams

"Organizations using AI and automation in security detect incidents ~100 days faster."

03 · PLATFORM

Forty-eight scanners, five disciplines.

Discovery, exposure, configuration, infrastructure, and active DAST — all feeding into a single posture score.

01 · DISCOVERY 14 scanners

Attack surface discovery

Continuously enumerate subdomains, fingerprint infrastructure, and monitor certificate transparency logs. Every new asset lands on the map automatically.

Subdomain enum CT logs Reverse-WHOIS ASN discovery Subsidiary mapping

02 · EXPOSURE

Exposure intelligence

Credential leaks, exposed secrets, and cloud misconfigurations detected and prioritized before attackers find them.

Credential breaches Secret leaks Cloud storage

03 · CONFIG

Misconfiguration detection

Catch TLS weaknesses, missing security headers, CORS misconfigurations, and CSP gaps — before they become incidents.

TLS Headers CORS CSP

04 · INFRA

Infrastructure risk

Detect exposed admin panels and remote access endpoints, fingerprint the tech stack, and confirm WAF coverage.

Admin panels WAF Tech fingerprint

05 · CONTINUOUS

Continuous DAST

Active vulnerability testing across your discovered attack surface, running automatically on a cadence you set.

XSS SQLi Error disclosure

04 · POSTURE

One number. Eight weighted categories. Drillable to the byte.

The posture score is computed on each scan from eight category weights. CISOs see the score; engineers drill straight to the failing scanner and its raw evidence.

api.acme-corp.com ● LIVE

0 posture / 100

Crit

High

Med

Low

30d trend ↑ +11 (15.7%)

Category breakdown weighted · sorted by impact

TLS security

+385

DNS security

092

HTTP security

−564

Asset exposure

+871

Port exposure

+288

Email security

+176

Exposure monitoring

−362

Infrastructure

+481

05 · MONITORING

Your perimeter changes hourly. The scan keeps up.

Continuous re-scans, intelligent diff detection, and routed alerts — so the only people surprised by a new exposure are not on your team.

Real-time detection

Catches new subdomains, ports, and config changes within minutes of going live.

Intelligent alerting

Routes Critical & High to email, Slack, Teams, or webhook with full evidence attached.

Daily diff reports

Day-over-day changes recorded for 90 days. Audit-ready.

Trend dashboards

Posture-over-time across every domain in your inventory. Answer the board with one chart.

Activity timeline · acme-corp.com Live updates

Today 14:02

New subdomain

staging-v2.acme-corp.com

investigating

Today 11:48

Cert expiring

api.acme-corp.com · 7 days

auto-flagged

Today 09:15

Port closed

admin.acme-corp.com :8080

resolved

Today 06:30

CVE match

CVE-2024-3094 · libxml2

open

Yesterday

WAF activated

app.acme-corp.com

resolved

Yesterday

Subdomain takeover

old-blog.acme-corp.com

critical

2 days ago

Posture +4

TLS upgrade across edge

resolved

06 · REPORT

Every finding ships with evidence and remediation.

Structured JSON for engineers. Executive PDF for the board. Same data, two formats, one source of truth.

CRITICAL finding-ESF-2024-AC-0042.json

Copy Open in dashboard ↗

{ "finding_id": "ESF-2024-AC-0042", "severity": "critical",// CVSS 9.1 "category": "admin_surface_exposure", "target": "admin.acme-corp.com:8080", "first_seen": "2026-04-28T14:02:33Z", "evidence": { "http_status": 200, "server_header": "nginx/1.18.0", "page_title": "Admin · Sign in", "tls_version": "TLS 1.2", "ip_allowlist": false, "basic_auth": true }, "remediation": { "action": "restrict_to_vpn_or_ip_allowlist", "effort": "low", "sla_hours": 24, "owner": "infra-team@acme" }, "chain_correlation": 3,// 3 related findings "audit_signature": "sha256:7a3f..." }

Structured JSON 01

Pipe straight to your SIEM, ticket system, or remediation workflow.

Executive PDF 02

Board-ready posture summary with quarter-over-quarter trend.

Chain correlation 03

Findings link causally — admin panel + weak TLS + leaked credential = single incident, not three.

90-day retention 04

Every byte of raw evidence retained, signed, and verifiable on audit.

07 · ARCHITECTURE

How the engine actually works.

DNS resolution, TLS handshakes, HTTP inspection, TCP probes — outside-in, exactly what an attacker sees.

◉

External infra

Domains, subdomains, public servers.

⇣

Data collection

DNS, TLS, HTTP, TCP probes.

◇

Analysis engine

48 concurrent scanners.

⌖

Risk classification

Findings ranked by severity, enriched with CVE data, and correlated into chains.

agents to install

Real network scanning

No agents. No sidecars. No integrations. We see exactly what an attacker on the open internet sees.

100%

evidence attached

Evidence-backed

Every finding ships with raw DNS records, HTTP headers, and certificates — everything is verifiable, nothing taken on faith.

∞

consistent results

Deterministic

Same target, same result, every time. No randomness. No AI hallucinations. Just protocol-level signal.

08 · PRICING

Priced for real security work.

Sentinel costs 0.012% of the average data breach. The math is not contested.

RECON

$0 /month

For individuals exploring exposure.

Start free

1 domain
3 full scans / month
Core scanners + scoring
PDF reports
No monitoring

RECOMMENDED

SENTINEL

$29 /month

For teams managing real infrastructure.

Get access

3 domains
15 full scans / month
50 target scans
3 DAST scans
48-hour monitoring
Slack / Teams / Webhooks

FORTRESS

$79 /month

For teams with large surfaces.

Get access

10 domains
50 full scans / month
120 target scans
10 DAST scans
24-hour monitoring
All-severity alerts
Slack / Teams / Webhooks

CITADEL

Custom

For complex global surfaces.

Contact sales

Unlimited domains
Unlimited scans
REST API
SSO / SAML
Subsidiary discovery
Dedicated SLA

09 · BEGIN

Your perimeter is already mapped. The only question is by whom.

Start free, no credit card required. See your first finding in under three minutes.

Run a scan now → Create free account

Enter domain

Apex domain only. We discover the rest.

Scan runs

48 scanners run concurrently. Results land in under 3 minutes.

Review evidence

Findings prioritized by severity, each with clear remediation steps.