The Network Discovery engine performs comprehensive reconnaissance of your infrastructure. It identifies live hosts, enumerates open ports, detects running services, and fingerprints operating systems — giving you a complete inventory of your external attack surface.
Scans are configurable from lightweight quick-checks to deep full-range assessments. Results are available in real-time through the dashboard, and findings automatically feed into the Vulnerability Assessment engine for deeper analysis.
Identify live hosts across IP ranges and subnets using multiple probe techniques including ICMP, TCP SYN, and ARP scanning.
Scan all 65,535 TCP and UDP ports with configurable intensity. Detect open, closed, and filtered states with high accuracy.
Fingerprint running services and their versions. Identify web servers, databases, mail servers, and custom applications.
Determine operating system type and version from network responses. Supports detection of hundreds of OS variants.
Collect service banners and protocol responses for detailed analysis. Identify outdated software versions and known vulnerable builds.
Resolve hostnames, discover subdomains, and map DNS infrastructure to build a complete picture of your external attack surface.
You add an IP address, CIDR range, or domain as a target in the dashboard.
Verify you own the target via DNS TXT record, HTTP meta tag, or file upload.
The engine probes the target to identify live hosts, open ports, and running services.
Findings appear in real-time with service details, OS info, and severity indicators.
Network Discovery is available on all plans, including Free.
Get Started Free