What does the internet
already know about your risk?

Get an instant external attack surface grade for any domain. We check DNS, email spoofing protection, TLS, security headers, and exposed services β€” using only public data.

No login required. Passive assessment β€” we never send intrusive traffic to your systems.

Results in seconds Public data only No penetration testing

What we grade

Five categories that determine how exposed a domain looks from the outside.

πŸ”’

TLS & HTTPS

Whether the site enforces HTTPS, redirects plaintext, and protects against downgrade attacks.

πŸ“§

Email spoofing

SPF and DMARC records that stop attackers from sending mail as your domain.

🧾

Security headers

HSTS, CSP, and related headers that harden the browser against common attacks.

🌐

Exposure

Open ports, known CVEs, and forgotten subdomains discovered from public sources.

🧭

DNS hygiene

Resolvability, CAA records, and configuration that reduces the risk of hijack or mis-issuance.

πŸ“ˆ

Continuous monitoring

Upgrade to re-scan on a schedule and get alerted the moment your grade drops.

Recently scanned

A live sample of domains graded on the platform.

attacksurfacescore.com
98/100
A

Know your grade before an attacker does

Run a free scan now, then create an account to track changes over time.

Scan a domain β†’