Platform
Solutions
Partners
Why NMT
Resources
Contact Us
Free Attack Surface Check

See what attackers
see about you

Before you can defend it, you have to see it. Get a free, outside-in map of everything exposed to the internet under your name, the way an attacker builds it. Graded A to F in about ten minutes. No install, no agent.

Run my free check

What an attacker can already see

Six lenses, mapped from the public internet. No access to your systems required.

Exposed assets & shadow IT

Every internet-facing domain, subdomain, and origin tied to your name, including the ones no one remembers standing up.

Open ports & services

Services and ports reachable from the internet, and the software versions attackers fingerprint for known exploits.

Leaked credentials

Employee and executive credentials exposed in breaches and dark-web dumps, before they are used against you.

Email spoofability

Whether attackers can send mail as you: SPF, DKIM, and DMARC checked across your sending domains.

Dark-web mentions

Where your brand, domains, and data show up across dark-web and paste sources.

Brand & lookalike domains

Typosquatted and lookalike domains set up to impersonate you and phish your customers.

Attackers do not ask for permission

They map your exposed assets, leaked passwords, and spoofable domains long before they act, using the same public signals anyone can reach. The only question is whether you have seen it first. This check gives you their view, so you can close the gaps before they are used.

Agentless
Nothing to install. The check runs entirely from outside, using public signals.
Outside-in
Assets discovered from certificate transparency and mail-record pivots, not a list you provide.
A–F grade
A board-ready grade across all six lenses, shown as a six-axis scorecard with fixes.
~10 minutes
From your domain to your grade, with no commitment.

Common questions

What does the check actually look at?
It maps your external attack surface the way an attacker would: internet-facing assets and subdomains, open ports and services, leaked credentials, email spoofability (SPF/DKIM/DMARC), dark-web mentions, and lookalike domains. It is entirely outside-in.
Do I need to install anything?
No. The check is agentless and outside-in. It uses public signals such as certificate transparency and mail-record pivots, so there is nothing to install and no access to your systems required.
What do I get back?
A board-ready grade from A to F across the six lenses, shown as a six-axis scorecard, with the specific exposures found and how to fix them, prioritized. It takes about ten minutes.
Is it free?
Yes. The outside-in check and your grade are free, with no install and no commitment.
How is this different from a vulnerability scan?
A vulnerability scan looks inward at hosts you point it at. This looks inward from the attacker's side of the internet at everything exposed under your name, including assets you did not know you had.
Free check

Run your free attack surface check

Enter your domain and we will map what attackers can see, then send your grade.

Your data is encrypted & never shared

Want the full platform view? Explore NOVA AI or get your free risk score.