Enter a domain, URL, IP, email, or record and get a focused result without setup.
Find exposed software, risky configurations, and known affected versions across a public website. Every result explains what was checked, why it matched, and how strong the evidence is.
GET /v1/vulnerabilities?domain=example.com&mode=standard
Use the browser tool for a fast answer, then move the same logic into scripts, monitoring, or product flows when it becomes repeatable.
Enter a domain, URL, IP, email, or record and get a focused result without setup.
Outputs highlight statuses, risks, records, and next actions instead of raw provider noise.
Use the request and response examples to turn a one-off check into an API call or recipe.
Each page is shaped around a practical operational question, not just a raw lookup.
See the current DNS, registration, security, pricing, or reputation evidence.
Compare the result with related checks so the next move is easier to trust.
Copy examples, open linked tools, or move into API documentation when you need scale.
Transparent docs, authenticated requests, and visible reliability details make it easier to evaluate DomScan before you ship.
OpenAPI, Swagger, Postman, CLI, SDK, and MCP links are one click away.
Authenticated endpoints use API keys with clear credit costs before you call them.
Start with 10,000 monthly credits and upgrade only when usage grows.
Start from the curl and HTTP samples, then map the parameters into your application code.
See the observed component, version evidence, advisory identifiers, affected ranges, and important limitations.
Prioritize exact version matches with CISA known-exploitation evidence and FIRST EPSS probability.
Unknown, partial, and unavailable checks remain visible instead of being presented as a clean result.
GET /v1/vulnerabilities?domain=example.com&mode=standard
{
"summary": {
"posture": "review",
"risk_level": "medium",
"finding_count": 2,
"version_affected_count": 1
},
"findings": [{
"classification": "version_affected",
"severity": "high",
"priority": "high",
"component": {
"name": "jQuery",
"detected_version": "3.4.1"
},
"advisory": {
"id": "GHSA-gxr4-xjj5-5px2",
"cves": ["CVE-2020-11022"]
}
}]
}
The browser experience previews DomScan's structured endpoints, so teams can validate a use case before writing code.
No. This release performs passive public-response inspection, exact advisory correlation, and isolated rendering. It does not send exploit payloads.
An affected-version finding requires a reviewed package mapping, an observed compatible version, and an authoritative OSV affected-range match. Configuration findings are reported separately.
It means DomScan did not detect an issue within the checks that completed. It does not prove the application is secure.