See What Attackers Can See About Your Organisation

SurfaceMapper maps your external attack surface and delivers a clear, risk-scored report in under 48 hours.

View Example Report Request a Scan

What it Finds

External Exposure

  • exposed subdomains and forgotten environments
  • internet-facing services and open ports
  • subdomain takeover opportunities

High-Risk Interfaces

  • admin panels (Jenkins, Grafana, Kibana, etc)
  • cloud storage exposures (S3, Azure blobs)
  • sensitive files and paths (.env, .git/, config dumps)

Network Services

  • risky ports publicly reachable (RDP, databases, SSH)
  • cleartext protocols in use (FTP, Telnet, HTTP)
  • TLS weaknesses and expiring certificates

Email Security

  • missing or permissive SPF records
  • unenforced or absent DMARC policy
  • DKIM configuration gaps

Known Vulnerabilities

  • CVEs correlated to detected service versions
  • CVSS-scored and publicly documented exploits
  • vulnerability script indicators from port scan data

IP Reputation

  • Spamhaus RBL listings (spam sources, compromised hosts)
  • AbuseIPDB abuse confidence scoring
  • botnet and exploit activity indicators

Default Credentials

  • default credential testing against discovered services
  • web admin panels, FTP, SSH, Telnet, databases
  • screenshot evidence of authenticated access

Web Vulnerability Scan

  • hundreds of checks against live web endpoints
  • misconfigurations, exposed panels, known CVEs
  • severity-scored findings with remediation

TLS Deep Analysis

  • deprecated protocol detection (SSLv2/3, TLS 1.0/1.1)
  • known vulnerabilities (BEAST, POODLE, Heartbleed, ROBOT)
  • weak and export-grade cipher identification

JavaScript & Public Code

  • JavaScript files scanned for hardcoded secrets and API keys
  • public GitHub repositories searched for leaked credentials
  • verified secrets reported as Critical findings

How It Works

Internet-facing Assets
SurfaceMapper Scan
Risk-Scored Report

1. Scope

You provide a domain or IP range.

2. Scan

SurfaceMapper maps your external attack surface with no credentials required.

3. Deliver

You receive a clear report with risks and recommended fixes.

What You Get

  • full external asset inventory (domains, IPs, services)
  • risk-scored findings with evidence
  • screenshots of exposed and authenticated admin interfaces
  • CVE correlation against service fingerprints
  • default credential testing with screenshot proof
  • email security posture (SPF, DMARC, DKIM)
  • IP reputation and RBL listing status
  • exposure drift tracking (what changed since last scan)
  • clear executive summary and prioritised remediation
  • web vulnerability scan across all live endpoints
  • TLS deep analysis (deprecated protocols, known exploits)
  • JavaScript and public repository secret detection

Example Report

See a real SurfaceMapper report (redacted).

SurfaceMapper report — executive snapshot with KPI tiles, exposure composition and severity charts
Download Sample PDF View Breakdown

Pricing

One-Time

Standard Scan

$349 AUD

Full external surface review and risk-scored PDF report.

One-Time

Deep Scan

$549 AUD

Standard scan plus web vulnerability scan, deep TLS analysis, and JavaScript and public code secret detection.

Monthly

Continuous Monitoring

$99 AUD/month

Monthly scans and exposure tracking.

Billed monthly. No lock-in contracts.

Who It’s For

small to mid-sized businesses
SaaS companies
professional services firms
managed service providers

Want to see what your organisation exposes to the internet?

Request a Scan Email info@surfacemapper.net