Free Attack Surface Scan

Find your attack surface
before attackers do

We map your external exposure and show you exactly what stands out - 15 security checks, no signup required, results in under 60 seconds.

security 15 security checks person_off No signup required timer Results in <60s bolt Powered by SQUR AI verified_user EU data residency

Three steps to full visibility

1

Enter your domain

Paste your domain and confirm you own or are authorised to scan it. No account needed.

2

SQUR maps your exposure

Our autonomous engine runs 15 targeted checks - DNS, headers, TLS, open ports, subdomain enumeration, and more.

3

See what attackers see

Get an instant map of your external attack surface, prioritised by exposure, with guidance on what to review next.

4

Go deeper with SQUR

Surface scan is just the start. SQUR's full autonomous pentesting goes inside your API and confirms exploitability.

What Attack Surface shows, and what it does not

The scan connects to what is publicly reachable and reads it. It never logs in and never sends an attack, so it shows your exposure and raises indicators, but it cannot confirm that anything is exploitable. That is the pentest's job.

What it shows

  • Subdomains and public-facing assets
  • Open ports and exposed services
  • TLS and certificate configuration
  • Security headers (missing or weak)
  • Email authentication (SPF, DKIM, DMARC)
  • Technology fingerprint
  • Possible subdomain takeover
  • Exposed sensitive files
  • Software versions matching known CVEs, as indicators

Passive and read-only. No signup: 15 checks free, 31 with a free account.

What it does not do

  • It never logs in to your app
  • It never sends an attack or payload
  • No authentication-bypass testing
  • No injection testing (SQLi, XSS, and so on)
  • No access-control testing (IDOR / BOLA)
  • No business-logic testing
  • It cannot confirm a vulnerability is exploitable
  • It is not a pentest and not an audit report

It raises indicators, not proof. To know what is actually exploitable, you authorise a pentest.

Next Step

Your exposure is just the surface.

The free scan reveals what's visible. SQUR's autonomous pentest confirms what's actually exploitable - with proof-of-exploit for every finding.

24h delivery €1,995 fixed price EU data residency · GCP Brussels

No auto-renewal · Retest included · Cancel anytime