mscyber.tech
External Attack Surface Scanner
cactus

See your perimeter the way an attacker does.

Run a free external security assessment of any domain you own, DNS to OWASP, passive recon to active vuln scan. By Mercurius Cybersecurity.
Enter the domain you own, you'll verify ownership with your company email on the next screen.
Quick scan: ~1 min
Comprehensive: ~10 min
PDF emailed to you
No signup, no credit card
🛡

Your own domain only

You verify ownership by submitting an email on the domain you're scanning. Free providers (gmail, yahoo, etc.) are blocked, you can't kick off a scan against a site you don't control.

📧

Report goes straight to your inbox

The full PDF report is emailed to the address you verified with, share it with your team, vendor, or auditor. The live dashboard is also yours to download or share via the link.

🤝

You pick the depth

Quick (1-2 min) for a daily-driver overview, or Comprehensive (10-15 min) for a full external audit including TLS deep audit, web-server audit, WordPress audit and active vulnerability probing. One scan per company per 24 hours.

What we check

Everything an attacker would map, and the same probes they'd run next.

18 distinct checks span passive reconnaissance and active vulnerability scanning. Quick mode runs the recon half. Comprehensive runs everything.

Passive recon· available in Quick & Comprehensive
🌐

DNS & records

Authoritative A / AAAA / MX / NS / TXT / SOA / CAA inventory with issuer and policy gaps flagged.

🕸

Subdomain discovery

Certificate Transparency log mining, the full subdomain footprint you've shipped over time.

🔒

TLS & certificates

Protocol versions, cipher strength, chain validity, expiry windows, graded per host.

🧾

HTTP security headers

HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, present vs. missing, per host.

📨

Email security

SPF · DKIM · DMARC · MTA-STS · TLS-RPT posture with actionable deliverability & spoofing risks.

🧱

Tech stack & CVEs

Frameworks, CMSs, JS libraries fingerprinted and cross-checked against retire.js + EOL data.

🛡

OWASP Top 10 (2021)

Passive-applicable categories mapped against live evidence, no guesswork, no padding.

Subdomain takeover

Dangling CNAMEs scored against a fingerprint library of vulnerable SaaS services.

📜

Compliance snapshot

ISO 27001 · PCI-DSS · NIST CSF · CIS Controls rollup, where you stand before the auditor arrives.

🔭

OSINT & exposure

Wayback, GitHub leaks, search-engine dorks, what's already public about your perimeter.

📡

Open ports

Top-1000 TCP discovery: catch admin panels, databases and dev services hiding on non-standard ports.

🎯

Top priorities

An auto-generated, action-ready backlog ranked by severity × exploitability, not alphabetized junk.

Active vulnerability scans· Comprehensive mode only
🔬

TLS deep audit

Cipher hygiene, deprecated protocols (TLS 1.0/1.1), Heartbleed, ROBOT, BEAST, BREACH, FREAK, SWEET32 and other known TLS CVEs, verified against the live handshake.

🕵

Web server audit

Misconfigurations, dangerous files (.git, .env, backups), default admin pages, dangerous HTTP methods and a long tail of well-known web-server issues.

📰

WordPress audit

Auto-runs only if WordPress is detected. Enumerates plugins, themes and users; matches detected components against the WordPress vulnerability database.

Active vulnerability scan

Template-driven probes against the apex and discovered hosts: thousands of known CVEs, exposed admin panels, default credentials, dangerous misconfigurations and takeover-prone services.

How it works

Four steps. No agents, no API keys, no setup.

From entering your domain to a downloadable PDF, typically inside a tea break.

  1. 1

    Enter your domain

    Drop in the domain you own. We do basic sanity checks (no IPs, no internal addresses, no IP literals).

  2. 2

    Verify with a company email

    Confirm authorization with an email on the domain you're scanning, no gmail / yahoo / free providers. This is how we make sure you only scan what you own.

  3. 3

    Pick Quick or Comprehensive

    Quick (1-2 min): passive recon + open ports. Comprehensive (10-15 min): everything, including active vulnerability probing.

  4. 4

    Live dashboard + PDF in your inbox

    Watch each check land on the live dashboard as the scan runs. The full PDF report is emailed to you as soon as it's ready, share with your team, vendor, or auditor.

What you'll get

A real report, not a screenshot.

Every scan produces three artifacts you can take to your team or your CFO.

📊

Live dashboard

13 sections, severity-ranked findings, jump-anywhere sidebar, severity gauge with letter grade. Shareable via the URL, no signup needed for viewers.

📄

Branded PDF report

Cover page with grade and target, executive summary, every section with context and recommendations, full findings table. Emailed to your verified inbox.

🎯

Prioritized action list

An auto-generated backlog ranked by severity × exploitability, what to fix first, what to schedule, what's noise. No alphabetized junk.

Ready?

Run your first scan now.

Free · ~1-15 minutes (you choose) · no credit card. One scan per company per 24 hours.

Start scan
Need authenticated, human-reviewed testing? Book a full VAPT with Mercurius →
mscyber.tech
cactus
Scan in progress

,

Comprehensive Started just now
Progress
0%
complete
Elapsed
0s
since start
Estimated remaining
,
calculating…
Steps
0 / 0
queued
Currently running
Starting…
0%

Scan checklist

0 done · 0 running · 0 queued

    Passive recon + active vulnerability checks · authorized targets only.