FAQ
Frequently asked questions
Direct answers about ExposureGrid: the product, scan safety, the public beta, and what you'll see in your reports.
Browse frequently asked questions about ExposureGrid.
About the product
What is ExposureGrid?
ExposureGrid is an external attack-surface and security posture scanner. It runs continuous, non-invasive checks against the public web assets your business depends on (TLS, security headers, CSP, CORS, cookies, DNS, and mail authentication) and tells you when posture changes.
Does the Free tier show every finding?
No. Free scans and public report links show a limited preview: a small number of visible baseline findings, honest totals, and upgrade summaries for higher-tier coverage. Full finding bodies, evidence, remediation, and paid-only scanner output require a subscription tier that unlocks them—never via a hidden query parameter.
Who is ExposureGrid for?
ExposureGrid is built for SaaS teams, agencies and MSPs, and small-business IT teams that own a public web surface but don't run a dedicated security operations team. It's opinionated about what to check so you don't need a specialist on staff to act on findings.
Is ExposureGrid a penetration test?
No. ExposureGrid surfaces misconfigurations and posture drift on the public side of your stack. It is not a penetration test, a vulnerability exploitation engine, or a fuzzer, and it does not replace a manual pen test, code review, or compliance audit.
How is this different from a vulnerability scanner?
Most vulnerability scanners are authenticated, intrusive, and CVE-focused. ExposureGrid focuses on external, configuration-level signals an attacker can see from outside: the misconfigurations that drive most real-world web exposure incidents.
Scan safety & authorization
Do free public scans include port scanning?
No. Port and service exposure checks are only available to subscribed users for verified managed domains. Free public scans use a separate, intentionally limited check set.
Do free public scans include asset discovery?
No. Asset discovery, takeover checks, and cloud storage exposure probes are paid capabilities that run under subscription for verified managed domains only.
Do public scans include API, JavaScript, and technology fingerprinting?
No. Those modules run only for subscribed users on verified managed domains where you configure them. They are deeper passive checks than what belongs on anonymous free scans.
Do you exploit API endpoints?
No. ExposureGrid uses safe passive requests such as GET and capped HEAD equivalents. We do not exploit, fuzz, brute force, authenticate, or mutate application state.
Will JavaScript scanning expose my secrets?
The scanner redacts secret-like values and stores only bounded evidence such as hashes and context. Full bundles and source maps are not persisted.
Does technology fingerprinting mean you are checking CVEs?
No. Fingerprinting records observed technologies and disclosures. It does not map versions to vulnerabilities or claim exploitability from a banner alone.
Why are asset-focused scanners paid-only?
They perform bounded, domain-linked discovery deeper than anonymous public probes. Charging and verification keep abuse risk low while protecting unrelated third-party infrastructure.
Does ExposureGrid attempt to take over subdomains?
No. Passive DNS lookups and capped HTTP fingerprints may describe risk, but the product never registers, modifies, or claims third-party SaaS accounts.
Does ExposureGrid download files from exposed buckets?
No. Responses are clipped to detection-sized snippets; object bodies are never stored.
Can I turn advanced scanners off?
Yes. Paid subscribers control scanner selection per verified domain.
Will discovery scan unrelated sites?
No. ExposureGrid derives candidates from your verified domain and assets returned by scanners on that domain. Arbitrary domains are rejected.
Does ExposureGrid try to log into admin panels?
No. ExposureGrid identifies publicly reachable management surfaces using safe, non-invasive HTTP requests. It does not attempt passwords, brute force, password resets, account enumeration, or exploitation.
Can I choose which scanners run?
Yes. Subscribed users can configure scanner profiles per verified domain and turn paid exposure scanners on or off. The backend enforces eligibility and verification rules.
Why are deeper scanners only available for verified domains?
Deeper exposure checks can reveal sensitive attack-surface information. ExposureGrid requires domain verification and authenticated access before running those modules.
Will ExposureGrid download exposed files?
ExposureGrid only retrieves bounded, minimal evidence needed to confirm exposure and stores redacted metadata. It does not store full secrets, full dumps, or complete sensitive file contents.
Are scans safe to run?
Yes. ExposureGrid uses lightweight, externally observable checks (TLS handshakes, response headers, DNS queries, CSP and CORS probes), comparable to what a normal browser, crawler, or email server already does. No payloads, no fuzzing, no credential testing.
Will ExposureGrid trigger my WAF or rate limits?
ExposureGrid is intentionally low-volume per scan. Most reasonably tuned WAFs and rate limiters won't flag it, but very strict allowlists might. If you operate the target you can allowlist the scanner. If you don't operate it, you shouldn't be scanning it.
Am I allowed to scan a site I don't own?
No. You must be authorized to assess any target you submit. The Terms of Service require that you only scan domains you own or have explicit, legally sufficient authorization to assess. Public reachability is not consent.
Beta & pricing
Is ExposureGrid in beta?
Yes. ExposureGrid is in public beta. The scanner is live, useful, and runs against real production sites every day. Expect new categories, refinements, and roadmap items as we move toward general availability.
How much does ExposureGrid cost?
Public scans are free and don't require an account. Continuous monitoring is on three paid plans: Starter at $29/mo for 1 domain, Pro at $79/mo for 5 domains, and Premium at $149/mo for 10 domains. Every paid plan starts with a 14-day free trial that monitors 1 domain (no credit card). Your plan's full domain count is available the moment you subscribe.
How many domains can I monitor during the free trial?
The trial always monitors 1 domain, regardless of which plan you sign up to trial. That keeps trials focused on real evaluation: verify a real domain, run scheduled scans, see drift, get alerts. Your plan's full domain count (5 for Pro, 10 for Premium) is available the moment you subscribe.
Will pricing change because the product is in beta?
The 'public beta' label is about product maturity, not pricing. Plan prices are set today at the rates on the pricing page. We'll communicate well in advance if pricing ever changes.
Do I need an account to try ExposureGrid?
No. You can run a free public scan from the homepage and get a token-protected, shareable report URL. Creating an account starts a 14-day free trial with scheduled monitoring, scan history, and drift alerts on a single domain.
Findings & reports
What do findings include?
Each finding includes a severity, a plain-English description, the exact evidence ExposureGrid observed (response headers, certificate fields, DNS records, etc.), and remediation guidance written for the developer or admin who will fix it.
Why does my scan show 'partial coverage'?
Coverage is partial when a planned check couldn't complete. For example, a host didn't answer on port 443, or DNS records were missing for a category we planned to test. ExposureGrid is intentionally explicit about partial coverage so a degraded scan never looks like a clean bill of health.
Can I share a report with my team?
Yes. Public scans produce a token-protected URL you can share with a teammate, vendor, or auditor without exposing your account. Inside the dashboard, scan results stay scoped to your workspace.
Still curious?