External Attack Surface Management

Map Your Entire
External Attack Surface

Discover every subdomain, open port, and vulnerability an attacker would find. Multi-stage scanning pipeline. Comprehensive CVE aggregation. From EUR 90 per scan.

3 free scans includedNo credit card requiredResults in under 60 seconds
recon.orizon.one/dashboard
ScanTargetEntry PointsVulnerabilitiesRiskStatus
Production Audit
2 hours ago
A
acme-corp.eu
47
2
5
12
8
6.8Completed
Staging Check
5 hours ago
S
staging.fintech.io
23
0
2
7
4
4.2Completed
Partner Portal
1 day ago
P
partners.logistica.it
31
1
3
9
6
5.7Completed
Weekly Scan
Running... 67%
H
api.healthtech.de
15
0
1
3
2
3.167%
New Client Onboard
Queued
R
shop.retailco.es
-
-
-Queued
0

Subdomains Discovered

0

Open Ports Detected

0

Technologies Identified

0

CVEs Correlated

What One Scan Reveals

A single RECON Essentials scan runs 13 detection tools in parallel and correlates findings from 10 vulnerability databases.

Subdomain Discovery

Every subdomain, including forgotten dev and staging environments. Passive enumeration via 50+ intelligence sources.

Port Scanning

All 65,535 TCP ports scanned in seconds. Service identification and version detection on every open port.

Technology Stack

Thousands of technology signatures detected. Frameworks, CMS, server software, JavaScript libraries, and cloud services.

CVE Detection

Multi-source CVE aggregation from leading vulnerability databases, correlated to your exact technology versions.

Risk Scoring

Proprietary risk algorithm weighing severity, exploitability, exposure, and threat intelligence into one actionable score.

DNS & Email Security

MX, SPF, DMARC, DKIM validation. DNS misconfigurations, dangling records, and zone transfer checks.

How It Works

6 phases. Industry-leading detection accuracy. Minimal false positives.

1

Reconnaissance

Subdomain enumeration + DNS resolution

5-10s

2

Probing

HTTP analysis + Port scanning + TLS inspection

5-10s

3

Fingerprinting

Technology detection + Service identification

5-10s

4

Dynamic Detection

Browser rendering + DOM analysis + Library scanning

15-25s

5

Validation

Cross-source verification

3-5s

6

CVE Correlation

Multi-source vulnerability aggregation

10-30s

Inside a Scan Result

Every scan produces a comprehensive risk assessment with actionable breakdowns.

6.8Risk Score
25128
47
Subdomains
12
IPs
23
Technologies
156
Open Ports

Watch a Scan in Action

See how RECON Essentials maps an attack surface in real time.

recon.orizon.one/scan/running
Subdomain enumeration
DNS resolution
Port scanning
Technology detection
Vulnerability correlation
Risk scoring
Live Results
Subdomains47
Live Hosts-
Open Ports-
Technologies-
CVEs-
Risk Score-
Subdomain enumeration...17%

Vulnerability Intelligence

Deep CVE analysis with exploit intelligence from multiple databases.

CVE-2024-21762
CVSS 9.8Critical

FortiOS Out-of-Bound Write

A out-of-bound write vulnerability in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code via specially crafted HTTP requests.

vpn.acme-corp.euCISA KEVEPSS: 0.87
CVE-2024-3400
CVSS 8.1High

PAN-OS Command Injection

A command injection vulnerability in the GlobalProtect feature of PAN-OS allows unauthenticated attackers to execute commands with root privileges.

firewall.acme-corp.euExploit Available

Severity Distribution

Critical
0
High
0
Medium
0
Low
0
Total vulnerabilities0

Track Your Risk Over Time

Monitor how your attack surface and risk posture evolve across scans.

recon.orizon.one/analytics

Vulnerability Trend

JanFebMarAprMayJun
Total
Critical + High

Why Teams Switch to Orizon

Enterprise-grade detection at a fraction of the cost.

CapabilityOrizon RECONQualys EASMCrowdStrike Falcon
Detection toolsMulti-stage3-45-6
CVE sources10+ databases2-33-4
Detection accuracy90%+~80%~85%
Scan timeUnder 60s5-10 min2-5 min
NIS2 compliance mapping
Framework coverage7 frameworks1-20
Starting priceEUR 90/domainEUR 15K+/yrEUR 25K+/yr

Simple, Transparent Pricing

No contracts. No hidden fees. Start with 3 free scans.

Pay-As-You-Go

EUR 90/domain
  • 1 full attack surface scan
  • Full detection pipeline
  • CVE correlation
  • Risk scoring report

Starter

EUR 630
Save 30%
  • 10 domains
  • EUR 63/domain
  • Full pipeline
  • Valid 12 months

Professional

EUR 1,487.50
Save 34%
  • 25 domains
  • EUR 59.50/domain
  • 2,250 tokens
  • Valid 12 months
Most Popular

Business

EUR 2,800
Save 38%
  • 50 domains
  • EUR 56/domain
  • 2,500 tokens
  • Valid 12 months

Enterprise

EUR 5,250
Save 42%
  • 100 domains
  • EUR 52.50/domain
  • 5,000 tokens
  • Valid 12 months

See What Attackers See

Your first 3 scans are free. No credit card. Full attack surface report in under 60 seconds.