Features

Core Security Scans

DNS Monitoring

Comprehensive DNS analysis and tracking for your domains.

What it monitors:

A records: IPv4 addresses with geolocation data
AAAA records: IPv6 addresses
MX records: Mail server configuration
TXT records: SPF, DKIM, DMARC, and domain verification
CNAME records: Domain aliases and CDN configurations
NS records: Name server delegation
SOA records: Zone authority information

Key capabilities:

Real-time DNS record tracking
IP geolocation (country, city, ISP)
Historical change detection
Unauthorized modification alerts
TTL monitoring
DNS propagation validation

Use cases:

Verify infrastructure changes
Monitor for DNS hijacking
Track mail server migrations
Audit CDN configurations
Compliance reporting

TLS Certificate Management

Automated SSL/TLS certificate discovery and monitoring across all your subdomains.

Discovery method:

Uses Certificate Transparency logs (crt.sh)
Finds all certificates ever issued for your domain
Discovers subdomains via Subject Alternative Names (SANs)
Tracks wildcard certificates

What it monitors:

Certificate validity status
Expiration dates with proactive alerts
Certificate chains and issuers
Subject Alternative Names
Certificate count per subdomain
First seen / Last seen timestamps

Alerts:

🔴 Critical: Expired certificates
🟠 Warning: Expiring within 30 days
🟢 Valid: Active and healthy

Key features:

Subdomain discovery via certificates
Multi-certificate tracking per subdomain
Historical certificate data
Issuer validation (Let's Encrypt, DigiCert, etc.)

Use cases:

Prevent certificate expiration incidents
Discover forgotten subdomains
Track certificate renewal schedules
Ensure comprehensive HTTPS coverage
Compliance with security policies

Port Scanning & Vulnerability Assessment

The most comprehensive scan type - discovers your complete attack surface.

Scan scope:

ALL 65,535 ports on every discovered IP
DNS A record IPs: Every IPv4 from main domain
Subdomain IPs: All IPs from TLS-discovered subdomains
Complete coverage: Nothing is missed

Scan process:

DNS scan discovers: example.com → 1.2.3.4
TLS scan finds: api.example.com, admin.example.com
Subdomains resolve to: 1.2.3.5, 1.2.3.6
Port scan executes on: 1.2.3.4, 1.2.3.5, 1.2.3.6
Each IP: full 65535 port scan + service detection + CVE checks

What it detects:

Open ports: Complete inventory of exposed services
Service identification: HTTP, SSH, MySQL, Redis, etc.
Service versions: Software and version detection
CVE vulnerabilities: Known security flaws with CVSS scores
Risk assessment: Automated risk level calculation
Visual captures: Screenshots of all HTTP/HTTPS services

CVE Detection:

Automatic CVE database lookups
CVSS score calculation (0-10 scale)
Exploit availability checking
Vulnerability references and patches
Severity ratings: Low, Medium, High, Critical

Screenshot capabilities:

HTTP services on any port
HTTPS services on any port
All discovered subdomains
Visual evidence of exposed interfaces

Risk levels:

Critical: Known CVEs, administrative interfaces exposed
High: Outdated versions, sensitive services
Medium: Services requiring monitoring
Low: Standard services, properly configured

Use cases:

Complete attack surface mapping
Shadow IT discovery
Compliance audits (PCI-DSS, ISO 27001)
Vulnerability management
Change detection
Incident response preparation

Similar Domain Detection (Anti-Phishing)

Protect your brand from typosquatting and phishing attacks.

Detection methods:

Character substitution: gooogle.com (double o)
Character deletion: gogle.com (missing o)
Character insertion: goooogle.com (extra o)
Homoglyphs: gοοgle.com (Greek ο instead of Latin o)
TLD variations: google.net, google.co, google.org
Hyphenation: goo-gle.com, g-oogle.com
Subdomain addition: secure-google.com, login-google.com

What it checks:

Domain registration status
DNS resolution
HTTP/HTTPS availability
Hosting location
Content similarity

Visual monitoring:

Automatic screenshots of ALL registered similar domains
HTTP and HTTPS captures
Visual comparison with legitimate sites
Historical screenshot tracking
Phishing page identification

Risk assessment:

Critical: Active phishing sites, exact clones
High: Registered with similar content
Medium: Registered but parked/inactive
Low: Unregistered permutations

Data collected:

Permutation type and generation method
Registration status
IP address and geolocation
Screenshot evidence
Risk score

Use cases:

Brand protection
Phishing campaign detection
Trademark monitoring
Legal evidence collection
Incident response
Customer trust protection

Breach Detection

Monitor if your domain appears in public data breaches.

Data sources:

Have I Been Pwned database
Public breach databases
Historical breach data

What it checks:

Domain presence in breaches
Breach name and date discovered
Compromised data types (emails, passwords, etc.)
Affected user count
Breach severity

Notifications:

New breach discoveries
Historical breach tracking
Severity assessment
Remediation recommendations

Use cases:

Security incident monitoring
Compliance reporting (GDPR, NIS2)
User notification requirements
Password reset campaigns
Risk assessment

Email Security Assessment

Comprehensive email authentication and anti-spoofing validation.

SPF (Sender Policy Framework):

Record existence validation
Syntax checking
Authorized mail server identification
Include/redirect mechanism validation
Record length compliance (255 char limit)

DKIM (DomainKeys Identified Mail):

Selector configuration validation
Public key strength verification
Key format validation
Signing domain verification

DMARC (Domain-based Message Authentication):

Policy configuration check (none/quarantine/reject)
Reporting address validation
Subdomain policy verification
Alignment requirement validation
Percentage tag verification

Security scoring:

Individual component scores (SPF, DKIM, DMARC)
Overall email security score (0-100)
Pass/Fail/Not Found status
Detailed recommendations

Score interpretation:

80-100: Excellent - Fully protected
50-79: Needs improvement - Partial protection
0-49: Critical issues - Vulnerable to spoofing

Use cases:

Prevent email spoofing
Improve deliverability rates
Meet compliance requirements (DMARC mandate)
Protect brand reputation
Reduce phishing risk

Platform Features

Scheduled Scans

Automate your security monitoring with recurring scans.

Scheduling options:

Daily: Every day at specified time
Weekly: Every week on chosen day and time
Monthly: Every month on specific date

Capabilities:

Per-domain scheduling
Per-scan-type schedules
Multiple schedules per domain
Enable/disable without deletion
Execution history tracking
Automatic retry on failures

Notification options:

Email notifications on completion
Alerts for failed scans
Summary reports
Critical issue notifications

Requirements:

Small or Full plan subscription
Verified domain ownership
Active subscription status

Best practices:

DNS scans: Weekly or after infrastructure changes
TLS scans: Monthly for expiration monitoring
Port scans: Weekly for security posture
Similar domains: Monthly for brand protection
Breach detection: Daily for incident response
Email security: Monthly or after configuration changes

Reports & Exports

Generate professional security reports for stakeholders and compliance.

Export formats:

PDF Reports

Branded SnitchNet template
Executive summary with key findings
Detailed scan results with charts
Vulnerability breakdown
Risk assessment
Actionable recommendations
Print-ready format
Professional presentation

CSV Exports

Spreadsheet-compatible format
All raw scan data
Easy filtering and sorting
Import into SIEM tools
Custom data analysis
Compliance reporting

JSON Exports

Machine-readable format
Complete data structure
API integration ready
Custom processing scripts
Automation workflows
Third-party tool integration

What's included:

Complete scan results
Historical data trends
Vulnerability details
Risk scores
Geolocation data
Screenshot evidence
Recommendations

Requirements:

Small or Full plan
HomeLab plan: view-only access

Team Collaboration

Multi-user access with granular permission controls.

User roles:

Owner

Full platform access
Organization management
Billing and subscription control
Delete organization
Transfer ownership
Only one owner per organization

Admin

Manage team members
Send invitations
Add/remove domains
Trigger all scans
View all results
Export reports
Cannot manage billing

Member

View all domains and results
Trigger scans
Export reports (on paid plans)
Cannot manage team
Cannot add/remove domains

Viewer

Read-only access
View dashboards
View scan results
View analytics
Cannot trigger scans
Cannot export reports

Team management:

Email-based invitations
Pending invitation tracking
Role changes anytime
Member removal
Activity audit logs
Session management

Collaboration features:

Shared dashboards
Team notifications
Comment system (future)
Shared schedules
Centralized reporting

Dashboard & Analytics

Real-time security posture visualization and trend analysis.

Dashboard components:

Security Radar Chart

6-dimension security assessment
DNS health score
TLS certificate status
Port security rating
Email authentication score
Breach exposure level
Similar domain risk

Vulnerability Chart

CVE severity distribution
Critical/High/Medium/Low breakdown
Trend over time
Port-based grouping
Service-based analysis

Scan History Chart

Last 30/90/365 days
Scan frequency visualization
Success/failure rates
Duration trends
Resource usage

Stats Cards

Total vulnerabilities found
Certificates expiring soon
Similar domains detected
Recent breach count
Last scan timestamps
Overall security score

Top Scans Badge

Most frequently run scans
Popular scan types
Usage patterns

Real-time updates:

Live scan status
Progress indicators
Instant result updates
Push notifications (future)

Interactive features:

Click-through to detailed results
Filter by severity
Date range selection
Export dashboard views
Customizable widgets (future)

Audit Logs

Complete activity tracking for compliance and security.

What's logged:

User authentication events (login, logout, failed attempts)
Domain additions and removals
Domain verification actions
Scan triggers (manual and scheduled)
Organization changes (name, settings)
Team member invitations
Role changes
Member removals
Subscription changes
Report exports
Settings modifications

Log details:

Timestamp (ISO format)
User who performed action
Action type and description
IP address
User agent
Organization context
Affected resources

Compliance support:

ISO 27001: Full activity audit trail
NIS2: User action tracking requirements
GDPR: Data access logging
SOC 2: Security event monitoring

Features:

Searchable logs
Date range filtering
User filtering
Action type filtering
Export to CSV
Retention: Unlimited on all plans

Multi-Organization Support

Manage multiple organizations with independent data isolation.

Organization features:

Unique organization slugs
Independent billing per organization
Separate domain lists
Isolated scan results
Team members per organization
Custom organization settings

User capabilities:

Create multiple organizations
Switch between organizations
Different roles in different orgs
Centralized account management

Use cases:

Agencies managing client domains
Enterprises with multiple subsidiaries
Consultants serving multiple clients
MSPs offering security monitoring

Domain Management

Centralized domain monitoring and verification.

Domain features:

DNS-based ownership verification
TXT record validation
Active/inactive domain status
Last scan timestamps per type
Domain-specific settings
Domain deletion with data cleanup

Verification process:

Add domain to organization
Generate verification token
Add TXT record: _snitchnet-verification
Click "Verify" button
Automatic DNS check
Domain activated upon success

Domain limits:

HomeLab plan: 1 domain
Small plan: 10 domains
Full plan: Unlimited domains

Domain actions:

Verify ownership
Recheck verification
Delete domain
View scan history
Export domain-specific reports
Schedule domain scans

Authentication & Security

Enterprise-grade authentication with multiple security layers.

Authentication methods:

Email & Password: Traditional username/password
Google OAuth: One-click Google sign-in
Microsoft OAuth: Azure AD integration
Passkeys (WebAuthn): Biometric authentication (Face ID, Touch ID, Windows Hello)

Security features:

Two-Factor Authentication (2FA)

TOTP-based authentication
QR code setup
Backup codes (12 codes)
Compatible with: Google Authenticator, Authy, 1Password, etc.
Required for high-security accounts (future)

Session Management

Secure session tokens
Automatic session expiration
Multi-device login tracking
Force logout capability
Session hijacking protection

Password Security

Minimum length requirements
Complexity validation
Secure hashing (Better Auth)
Password reset flows
Account recovery options

Compliance:

GDPR-compliant data handling
Privacy policy enforcement
Cookie consent management
Data export capabilities
Account deletion workflows

Notification System

Stay informed about security events and scan completions.

Notification types:

Scan completion alerts
Certificate expiration warnings
New breach discoveries
Critical vulnerability alerts
Similar domain registrations
Schedule execution confirmations
Team member activities
Subscription reminders

Delivery channels:

Email notifications
In-app notifications (future)
Webhook integrations (future)
Slack integration (future)

Notification settings:

Per-scan-type preferences
Severity threshold configuration
Quiet hours (future)
Digest options (daily/weekly)
Team-wide vs personal notifications

Features

On this page