Security Scans
Complete guide to all security scan types
Available Scan Types
SnitchNet provides comprehensive security monitoring through multiple scan types.
DNS Scan
Monitor and analyze DNS records for your domains.
What it checks:
- A records (IPv4 addresses)
- AAAA records (IPv6 addresses)
- MX records (Mail servers)
- TXT records (Domain verification, SPF, DKIM, DMARC)
- CNAME records (Aliases)
- NS records (Name servers)
- SOA records (Start of Authority)
Data collected:
- Record type and value
- TTL (Time To Live)
- Priority (for MX records)
- IP geolocation information
- Historical changes
Use cases:
- Verify DNS configuration
- Detect unauthorized changes
- Monitor DNS propagation
- Track mail server configuration
TLS Certificate Scan
Track SSL/TLS certificates and get alerts before expiration.
What it checks:
- Certificate validity
- Expiration dates
- Certificate chains
- Issuer information
- Subject Alternative Names (SANs)
- Wildcard certificates
Data collected:
- Certificate details
- Serial numbers
- Issuer and subject
- Valid from/to dates
- First seen/last seen timestamps
- Certificate count per subdomain
Alerts:
- Certificates expiring in 30 days
- Expired certificates
- Invalid certificates
Use cases:
- Prevent certificate expiration
- Monitor certificate renewals
- Track subdomain certificates
- Ensure HTTPS coverage
Port Scan
Comprehensive port scanning across all discovered infrastructure.
What it scans:
- All DNS A record IPs: Every IPv4 address from your DNS
- All subdomain IPs: IPs from every subdomain discovered via TLS certificates
- All ports: Complete port range scan (1-65535)
- HTTP/HTTPS services: Automatic screenshot capture
Scan targets:
- Main domain IP addresses
- All IPs from DNS A records
- All IPs resolved from TLS certificate subdomains
- Each IP gets a full port scan
Data collected:
- Open ports: Complete list of accessible ports
- Service detection: Identifies running services (HTTP, SSH, MySQL, etc.)
- Service versions: Detects software versions when possible
- CVE vulnerabilities: Checks for known Common Vulnerabilities and Exposures
- Risk assessment: Automatic risk level calculation
- HTTP/HTTPS screenshots: Visual capture of web services
- Port states: Open, closed, filtered status
Screenshots captured for:
- All HTTP services (port 80 and others)
- All HTTPS services (port 443 and others)
- All discovered subdomains (HTTP/HTTPS)
- All similar domains (HTTP/HTTPS)
CVE Detection:
- Automatic CVE lookup for detected services
- CVSS score calculation
- Exploit availability check
- Vulnerability source and references
- Severity rating (Low, Medium, High, Critical)
Risk levels:
- Low: Standard services with no known issues
- Medium: Services that should be monitored or restricted
- High: Services with potential security concerns or outdated versions
- Critical: Services with known CVEs or highly exposed attack surface
Example scan flow:
- DNS scan discovers:
example.com→ IP1.2.3.4 - TLS scan finds subdomains:
api.example.com,admin.example.com - Subdomains resolve to:
1.2.3.5,1.2.3.6 - Port scan runs on:
1.2.3.4,1.2.3.5,1.2.3.6 - Each IP scanned for all 65535 ports
- HTTP/HTTPS services get screenshots
- CVEs checked for all detected services
Use cases:
- Complete attack surface discovery
- Identify exposed administrative interfaces
- Find forgotten or shadow IT services
- Monitor for unauthorized service changes
- Detect vulnerable software versions
- Assess compliance with security policies
- Track port exposure over time
Similar Domains
Detect typosquatting and phishing attempts targeting your brand.
Detection methods:
- Character substitution (e.g.,
gooogle.com) - Character insertion/deletion (e.g.,
gogle.com) - Homoglyph attacks (e.g.,
gοοgle.comwith Greek ο) - TLD variations (e.g.,
google.net,google.co) - Subdomain additions (e.g.,
secure-google.com) - Hyphenation (e.g.,
goo-gle.com)
Data collected:
- Similar domain names: All generated permutations
- Registration status: Whether domain is registered
- DNS resolution: If domain resolves to an IP
- HTTP/HTTPS screenshots: Visual capture of active domains
- Risk level: Automated threat assessment
- IP geolocation: Location of hosting
- Permutation type: How domain was generated
Screenshots:
- All registered similar domains: Automatic HTTP/HTTPS screenshots
- Visual comparison: See what attackers are hosting
- Content analysis: Identify phishing pages
- Historical tracking: Monitor changes over time
Risk assessment:
- Low: Parked domains, no content, unregistered
- Medium: Registered but inactive or under construction
- High: Active with similar content or branding
- Critical: Suspected phishing attempt or exact clone
Example similar domains for example.com:
examp1e.com(character substitution)examle.com(character deletion)examplle.com(character insertion)example.net(TLD variation)secure-example.com(subdomain addition)еxample.com(homoglyph - Cyrillic е)
Use cases:
- Protect brand reputation
- Detect phishing campaigns before they spread
- Monitor domain squatting activity
- Identify impersonation attempts
- Trademark protection
- Early warning system for attacks
- Legal evidence collection
Breach Detection
Check if your domain appears in public data breaches.
Data sources:
- Have I Been Pwned
- Public breach databases
- Dark web monitoring (future)
What it checks:
- Domain in breach databases
- Breach name and date
- Compromised data types
- Affected users count
Notifications:
- New breach discoveries
- Historical breach tracking
Use cases:
- Monitor security incidents
- Track breach history
- Comply with notification requirements
- Assess credential exposure
Email Security
Validate email authentication and anti-spoofing configurations.
What it checks:
SPF (Sender Policy Framework)
- Record existence
- Syntax validation
- Authorized mail servers
- Include/redirect mechanisms
- Record length limits
DKIM (DomainKeys Identified Mail)
- Selector configuration
- Public key validation
- Key strength
- Signing domains
DMARC (Domain-based Message Authentication)
- Policy configuration (none/quarantine/reject)
- Reporting addresses
- Subdomain policy
- Alignment requirements
Security scoring:
- SPF status: Pass/Fail/Not Found
- DKIM status: Pass/Fail/Not Found
- DMARC status: Pass/Fail/Not Found
- Overall email security score
Recommendations:
- SPF setup guidance
- DKIM configuration steps
- DMARC policy recommendations
- Implementation best practices
Use cases:
- Prevent email spoofing
- Improve deliverability
- Meet compliance requirements
- Protect brand reputation
Scheduled Scans
Automate your security monitoring with scheduled scans.
Available frequencies:
- Hourly
- Daily
- Weekly
- Monthly
- Custom cron expressions
Features:
- Per-scan-type scheduling
- Multiple schedules per domain
- Email notifications
- Automatic retry on failure
- Execution history
Requirements:
- Small plan or higher
- Verified domain
- Active subscription
Scan Limits
Homelab Plan
- 1 scan per month per type
- Manual execution only
- 1 domain maximum
Small Plan (€4.99/month)
- Unlimited scans
- Scheduled scans
- Up to 10 domains
Full Plan (€19.99/month)
- Unlimited scans
- Scheduled scans
- Unlimited domains
- Priority scanning
Best Practices
Scan Frequency
- DNS: Weekly or when making changes
- TLS: Monthly or 30 days before expiration
- Port: Weekly for security monitoring
- Similar Domains: Monthly for brand protection
- Breach: Daily for incident response
- Email: Monthly or after configuration changes
Monitoring Strategy
- Set up scheduled scans for routine checks
- Enable email notifications for critical alerts
- Review audit logs regularly
- Export reports for compliance
- Monitor dashboard for trends
Response Workflow
- Alert received → Check dashboard
- Verify issue → Review scan details
- Assess impact → Determine severity
- Take action → Implement fixes
- Rescan → Confirm remediation
- Document → Add to audit log