DNS map
One-shot reconnaissance scan. Pulls NS, MX, A/AAAA, TXT, and CAA records on the apex, discovers subdomains via Certificate Transparency logs, and resolves the owning ASN for each IP. Rendered as an interactive map.
Scan a domain
Server-side DNS + Certificate Transparency lookup. Takes 5–20s depending on cert corpus size.
How it works: We run DNS queries server-side from our infrastructure (Cloudflare + Google + Quad9 resolvers, cross-checked), then enrich each discovered IP with its ASN. Subdomains come from crt.shCertificate Transparency logs — public records of every TLS certificate issued for your domain. We don't brute-force or rate-abuse anything. Each scan takes 5–20 seconds depending on the size of the certificate corpus.
Want this run hourly with diff alerts when a subdomain appears or disappears? Add your domain to continuous monitoring.