A client-side web application for discovering and analyzing third-party services associated with any domain through comprehensive DNS analysis. Built for security professionals to identify cloud service dependencies, detect subdomain takeovers, and assess an organization's digital footprint in real-time.
The tool features automated detection of third-party services across cloud providers (AWS, Azure, GCP), email security services, CDNs, and more. It includes security analysis for subdomain takeover detection, internal IP exposure identification, and DMARC policy assessment. All analysis happens directly in your browser - no data ever leaves your machine.
This project was developed with the assistance of AI tools, most notably Cursor IDE, Claude Code, and Qwen3-Coder. These tools helped accelerate development and improve velocity. All AI-generated code has been carefully reviewed and validated through human inspection to ensure it aligns with the project's intended functionality and quality standards.
- Special thanks to OWASP Amass for their aggregating different TXT record patterns, we augmented our TXT record pattern database for third-party service detection with the publically available data from Amass.
Join our Discord server for discussions, questions, and collaboration:
Connect with other security researchers, share your findings, and get help with usage and development.
This project is licensed under the GNU General Public License v3 (GPLv3) - see the LICENSE file for details.
This tool is designed for security auditing and penetration testing of systems you own or have explicit permission to test. Always ensure you have proper authorization before using this tool against any systems or domains you don't own. The authors are not responsible for any misuse of this software.
Cutting-Edge Software Supply Chain Security Research
Pioneering advanced software supply chain security research and developing innovative offensive security tools for the community. This tool is part of our free research toolkit - helping security researchers and penetration testers identify third-party service dependencies and assess digital footprints.
Specializing in software supply chain attacks, CI/CD pipeline security, and offensive security research. Our research tools help organizations understand their software supply chain vulnerabilities and develop effective defense strategies.
Explore our professional training programs, latest research insights, and free open source tools developed from our cutting-edge cybersecurity research.
Upcoming Trainings | Read Our Blog | Open Source by Cyfinoid
Hands-on training in software supply chain security, CI/CD pipeline attacks, and offensive security techniques
© 2025 Cyfinoid Research.