23 Free Modules · No Signup · ~30s

Know your external attack surface
before attackers do

23 free security modules scan your domain in parallel — TLS, headers, DNS + email security suite (SPF/DKIM/DMARC/MTA-STS/BIMI/TLS-RPT, DNSSEC, CAA), secrets (55+ patterns), paths, buckets + name guessing, redirects, cookies, JWT audit, session-entropy, MFA detection, source-map exposure, GraphQL introspection, Swagger / OpenAPI, backup files, third-party JS supply-chain + SRI, API versioning, AI-bot policy, typosquat detection, domain RDAP, security.txt, HSTS preload, subdomain takeover — and deliver an actionable A+ to F security grade in roughly 30 seconds. Sign up for the full 32-module enterprise scan.

Inside the Free Scan
🔒TLS
🛡️Headers
🌐DNS + Email
🔑Secrets 55+
📂Paths
☁️Buckets + Guess
↗️Redirects
🍪Cookies
📅Domain RDAP
🔐security.txt
🛡️HSTS Preload
💥Takeover
🗺️Source Maps
🔍GraphQL
📖Swagger
💾Backups
🪪JWT Audit
🎲Session Entropy
🔐MFA
📦Supply-Chain JS
🔢API Versioning
🤖AI Bot Policy
🎭Typosquat
All 23 run in parallel · Typically completes in 30–60s
How We Grade
Critical
−25
High
−10
Medium
−3
Low
−1
Info
0
A+95–100
A85–94
B70–84
C50–69
D30–49
F0–29
Free Tools Compared
EchelonGraph23 modules
SSL Labs1 module (TLS only)
securityheaders.com1 module (headers only)
hardenize.com~6 modules (no domain expiry, no takeover)
Mozilla Observatory~4 modules
Only EchelonGraph offers RDAP domain expiry, subdomain takeover detection, and cloud bucket scanning across 11 providers — all free.
Free Scan · No Signup · 23 Modules

Scan any domain in ~30 seconds

Want all 32 modules (incl. CORS-deep, ports, crawler, PII bundles, opt-in active probes), scan history, branded reports, and an attack-graph view? Sign up free →

Free / Total Modules
Secret Patterns
Cloud Providers
Path Checks
Avg Scan Time
How It Works

From URL to security grade — in ~30 seconds

🌐
Step 01

Enter Domain

Type your URL — we handle DNS resolution, redirects, and target identification automatically.

Step 02

Parallel Scans

23 free modules fire simultaneously — TLS, headers, DNS + email-security suite, secrets, paths, buckets + name guessing, JWT audit, session-entropy, MFA detection, source-maps, GraphQL introspection, Swagger, backup files, third-party JS supply-chain, AI-bot policy, typosquat, and more. Sign up for 9 more (deep crawl, CORS-deep, ports, PII bundles, etc.).

📊
Step 03

Score & Grade

Findings are weighted by severity and aggregated into a 0-100 score with A+ to F letter grade.

📄
Step 04

Actionable Report

Every finding includes remediation steps, compliance mapping, and evidence — shareable via email.

Scan Engine

32 modules, zero blind spots

Click any module to see exactly what it checks. Every module runs as an independent worker — no sequential bottlenecks.

Scoring Model

Penalty-based scoring — 100 to 0

CRITICAL
-25
per finding
HIGH
-10
per finding
MEDIUM
-3
per finding
LOW
-1
per finding
INFO
0
per finding
A+
95–100
A
85–94
B
70–84
C
50–69
D
30–49
F
0–29
Why EchelonGraph

Surface Scanner vs. the competition

FeatureEchelonGraphOthers
Free Modules23 parallel1–4 (single-purpose)
Total Modules32 parallel6–12 sequential
Scan Speed~30 seconds5–15 minutes
Domain RDAP (free)✓ Registrar + expiry + DNSSEC✕ Not offered
Subdomain Takeover (free)✓ 25+ services fingerprinted✕ Not offered
Cloud Buckets11 providers1–3 providers
Secret Patterns30+0–5
PII Detection✓ Built-in✕ Not available
Attack Graph✓ Integrated✕ Standalone
DRM Reports✓ Watermarked✕ Plain PDF
Unique Advantages

What no other scanner offers

🧠

Attack Graph Correlation

Surface findings feed directly into blast radius topology. A missing CSP header becomes a node in an exploitable attack chain.

🔐

DRM-Protected Reports

Watermarked, print-blocked viewer with session-bound access. Your security data stays yours.

☁️

11-Provider Bucket Detection

AWS, GCS, Azure, DigitalOcean, Backblaze, Alibaba, Firebase, Wasabi, MinIO, OVH, Oracle OCI.

👤

PII Leak Detection

Scans page content, tracker URLs, and form actions for exposed emails, phone numbers, SSNs, and credit cards.

30-Second Scan

All modules run concurrently with context-aware cancellation. 5–10x faster than sequential scanners.

🏢

Native Multi-Tenant

JWT-based tenant isolation enforced at the database query layer. Every SQL query includes WHERE tenant_id = $1.

Frequently Asked

Surface Scanner FAQ

How EchelonGraph compares to SSL Labs, securityheaders.com, hardenize.com, and Mozilla Observatory — and what the 23 free modules actually check.

What is the EchelonGraph Surface Scanner?

Surface Scanner is a free domain security scanner that analyses your website's external attack surface across 23 parallel modules in roughly 30 seconds. It checks TLS configuration, security headers, DNS records (including SPF/DKIM/DMARC), exposed secrets, sensitive paths, cloud bucket leaks, open redirects, cookie security, domain registration data via RDAP, security.txt presence, HSTS preload status, and subdomain takeover risk. Each scan returns an A+ to F security grade plus actionable remediation steps. No signup required.

How does the Surface Scanner compare to SSL Labs?

SSL Labs is excellent at TLS analysis — a single module that goes deep on certificate chains, ciphers, and protocols. EchelonGraph Surface Scanner runs that same TLS analysis as one of 23 parallel modules, then adds 11 more checks SSL Labs doesn't perform: security headers (CSP, HSTS, COEP/COOP/CORP), DNS authentication records, secret leak detection across 30+ patterns, cloud bucket exposure across 11 providers, subdomain takeover risk via Certificate Transparency logs, RDAP domain expiry tracking, and more. If you want only TLS, SSL Labs is great. If you want a complete external attack surface picture, our free scan covers all of it.

Is there a free alternative to securityheaders.com?

Yes — EchelonGraph Surface Scanner includes a security headers checker as one of its 23 free modules, validating the same set securityheaders.com grades (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, HSTS) plus modern additions like Cross-Origin-Embedder-Policy (COEP), Cross-Origin-Opener-Policy (COOP), and Cross-Origin-Resource-Policy (CORP). Unlike securityheaders.com, our scan combines header analysis with TLS, DNS, subdomain takeover detection, secret leak scanning, and domain expiry checks in a single 30-second run.

How is EchelonGraph different from hardenize.com or Mozilla Observatory?

Hardenize and Mozilla Observatory both run useful multi-check audits — hardenize covers around six categories, Mozilla Observatory around four. EchelonGraph Surface Scanner runs 23 modules free with three unique additions no free competitor offers: RDAP-based domain expiry and registrar tracking, subdomain takeover detection via Certificate Transparency log enumeration with 25+ service fingerprints, and cloud bucket exposure scanning across 11 providers (AWS S3, GCS, Azure Blob, DigitalOcean, Backblaze, Alibaba OSS, Firebase, Wasabi, MinIO, OVH, Oracle OCI). All free, no signup, 30-second scan time.

Can the scanner detect subdomain takeover risk?

Yes. The Subdomain Takeover module enumerates your domain's subdomains via Certificate Transparency logs (crt.sh and certspotter), resolves each CNAME chain, and matches against a curated fingerprint database of 25+ takeover-vulnerable services including AWS S3 static-website hosting, GitHub Pages, Heroku, Netlify, Vercel, Shopify, Fastly, Webflow, Tumblr, Pantheon, and others. When a CNAME pattern matches, we HTTP-fetch the subdomain and grep the response for the service's 'no such site' marker string to confirm. Confirmed dangling CNAMEs are flagged CRITICAL.

Does the scan check domain expiry and registrar information?

Yes. The Domain Info module performs a live RDAP (Registration Data Access Protocol) lookup against the authoritative TLD registry — Verisign for .com/.net, Public Interest Registry for .org, Identity Digital for .io/.ai/.info, Nominet for .uk, Denic for .de, Google Registry for .dev/.app, and others. We surface the registrar name, original registration date, expiration date (with CRITICAL severity if expiring in under 7 days, HIGH within 30 days), DNSSEC delegation status, nameservers, and a relative-time interpretation. Newly-registered domains (under 30 days) are flagged as a phishing signal.

How long does a Surface Scanner scan take?

Roughly 30 seconds for most targets, with a hard 60-second deadline. All 23 modules run in parallel — slow modules don't block fast ones. Typical timing: TLS, headers, DNS, cookies, and buckets each finish in under 3 seconds; HSTS preload check and security.txt usually under 2 seconds; RDAP domain lookup under 5 seconds; sensitive path scan around 20 seconds (it probes 200+ paths); subdomain takeover around 5-10 seconds depending on how many subdomains your domain has. Result page renders the grade, finding counts by severity, and full breakdown immediately when the last module finishes.

Is the Surface Scanner really free, or is it a limited trial?

The 23-module scan is permanently free with no signup, no credit card, and no scan limit per domain (rate-limited to one scan per IP every 5 minutes to prevent abuse). Free scans run forever. The Pro plan unlocks 9 additional modules (CORS deep-scan, web crawler, PII bundle detection, forms analysis, tech fingerprinting, port scanning, token analysis, plus opt-in active probes for login + password-reset enumeration) plus scan history, branded PDF reports, scheduled monitoring with grade-change alerts, and integration with the wider EchelonGraph attack-surface management platform. Pro pricing starts at $49/user/month.

Score your domain before attackers do

23 free modules. ~30 seconds. A+ to F grade. Sign up for the full 32-module scan + history + branded reports.

Start Free Scan →Talk to Sales

No credit card · 14-day free trial · Cancel anytime