🛡️ Exposed

Enter any domain for an instant security exposure report. Checks data breaches, attack surface, email authentication, security headers, threat intelligence, and exposed files — all from public sources, no signup required.

Last updated:

💀 Breaches
🌐 Attack Surface
📧 Email Security
🔒 Security Headers
⚠️ Threat Intel
📂 Exposed Files

What is Exposed?

Exposed is a free, instant domain security scanner that combines 15+ public intelligence sources into a single comprehensive exposure report. Think of it as a free alternative to commercial security rating platforms like SecurityScorecard, BitSight, or UpGuard — but with immediate results and zero signup.

What Does It Check?

Data Breach Exposure
Searches the Have I Been Pwned database of 900+ breaches to find if the domain has been involved in any data breaches. Shows total accounts exposed, breach dates, and what data types were compromised (passwords, emails, credit cards, etc.).
Attack Surface Mapping
Discovers subdomains via HackerTarget and Certificate Transparency logs, then checks each resolved IP against Shodan InternetDB for open ports, known CVEs, and running services. Identifies infrastructure sprawl that increases exposure.
Email Authentication
Validates SPF, DKIM, and DMARC records to assess email spoofing resilience. Checks DNSSEC validation and CAA certificate authority restrictions. Poor email authentication allows attackers to send convincing phishing emails as your domain.
Security Headers
Analyzes HTTP response headers including HSTS (transport encryption), Content-Security-Policy (XSS protection), X-Frame-Options (clickjacking), X-Content-Type-Options (MIME sniffing), and Referrer-Policy. Missing headers leave visitors vulnerable.
Threat Intelligence
Cross-references the domain and its IPs against AlienVault OTX pulse database and abuse.ch feeds (Feodo botnet C2, URLhaus malware distribution). Reveals if any infrastructure has been flagged as malicious.
Exposed Files
Searches the Wayback Machine for historically archived sensitive paths like .env files, .git directories, wp-admin panels, database dumps, and configuration files. Even if removed, their existence in archives suggests past exposure.

How Is the Security Grade Calculated?

The overall A through F grade is a weighted composite of six category scores. Breach exposure and attack surface carry the highest weight because they represent confirmed or high-probability compromise vectors. Email authentication and security headers are weighted moderately as preventive controls. Threat intelligence and exposed files contribute to the final score as indicators of ongoing or historical risk.

🛡️ Exposed — Frequently Asked Questions

What does the Exposed scanner check?

Exposed performs six categories of security checks: data breach exposure via HIBP, attack surface mapping (subdomains, open ports, CVEs), email authentication (SPF, DKIM, DMARC, DNSSEC), HTTP security headers (HSTS, CSP, X-Frame-Options, etc.), threat intelligence (OTX, Feodo, URLhaus), and exposed sensitive files via the Wayback Machine. Each category is graded and combined into an overall A through F security score.

Is this a free alternative to SecurityScorecard or BitSight?

Yes. Exposed provides similar domain security visibility using entirely free, no-auth public APIs. While commercial platforms like SecurityScorecard and BitSight offer deeper enterprise features, Exposed gives instant results without signup, contracts, or per-scan fees.

Does scanning a domain alert the target?

No. Exposed only queries public databases and passive intelligence sources. It does not actively probe the target's servers, send packets, or interact with the domain directly except for DNS lookups. All data comes from pre-indexed sources like Shodan, HIBP, and certificate transparency logs.

Domain Recon

Complete attack surface mapping.

Tech Stack Detector

Detect website technology.

Subdomain Takeover

Detect dangling CNAMEs.

Email Security

SPF/DKIM/DMARC analysis.