Attack Surface Monitoring

Monitor Your Domain Attack Surface with One API Key

Track the external assets attackers see first: domains, DNS records, nameservers, SSL certificates, exposed subdomains, and registration changes. Turn domain intelligence into operational security alerts.

Start FreeASM Guide
External assets to track
  • Registered domains and expiration windows
  • Nameserver, MX, TXT, A and AAAA changes
  • SSL certificate validity and issuer changes
  • Active subdomains and wildcard DNS
  • WHOIS/RDAP ownership and status changes
Why It Matters

Domains are part of your attack surface

Forgotten domains, stale DNS records, expired certificates, exposed subdomains, and unauthorized nameserver changes create real operational and security risk.

Forgotten assets

Domains and subdomains outlive teams, campaigns, migrations, and vendors. Unknown assets become unmanaged risk.

Certificate incidents

Expired or unexpected SSL certificates can cause outages, warnings, and trust failures.

DNS drift

DNS changes can expose infrastructure, break mail delivery, or indicate unauthorized tampering.

Coverage

Four layers of external domain visibility

WHOIS / RDAP Layer

Registrar, dates, EPP statuses, nameservers, owner contact availability, and domain lifecycle signals.

Explore WHOIS API

DNS Layer

A, AAAA, MX, TXT, DMARC, NS, SOA, CAA, BIMI, MTA-STS, and TLS-RPT records for domain posture.

Explore DNS API

SSL Layer

Certificate validity, issuer, subject, validity dates, and expiration alerts for public web assets.

Explore SSL API

Subdomain Layer

Active subdomain discovery with wildcard detection and A/CNAME data for exposed hostnames.

Explore Subdomain API

Attack surface workflow

Inventory known domains

Start with your owned domains, brands, product names, subsidiaries, and campaign domains.

Enrich with WHOIS, DNS, SSL

Build a normalized asset profile for each domain and detect obvious operational issues.

Discover subdomains

Find active hostnames that may expose staging systems, legacy apps, or forgotten infrastructure.

Monitor changes

Alert on DNS, WHOIS, SSL, and expiration changes instead of relying on periodic manual reviews.

External asset enrichment
curl "https://whoisjson.com/api/v1/subdomains?domain=example.com" \
  -H "Authorization: TOKEN=YOUR_API_KEY"

curl "https://whoisjson.com/api/v1/nslookup?domain=example.com" \
  -H "Authorization: TOKEN=YOUR_API_KEY"

curl "https://whoisjson.com/api/v1/monitors" \
  -H "Authorization: TOKEN=YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com"}'
What To Monitor

External domain exposure changes over time

Attack surface management is not a one-time export. Domains expire, certificates rotate, DNS records drift, vendors change, and forgotten subdomains become security debt.

Asset signalRisk to detectUseful endpoint
Expiration dateDomain lapse, takeover risk, service interruption.WHOIS API
Nameserver changesUnauthorized DNS control changes or vendor migration drift.Domain Monitoring
MX/TXT recordsMail routing changes, SPF/DMARC drift, abuse potential.DNS Lookup API
SSL issuer and expiryExpired certificates, unexpected issuers, outage risk.SSL API
Active subdomainsForgotten staging, legacy apps, exposed services.Subdomain API

Monitoring cadence

Critical production domains should be monitored continuously. Lower-risk domains can be checked daily or weekly. Subdomain discovery can run on a schedule, while DNS and SSL changes deserve immediate alerts.

A useful ASM program separates inventory from monitoring: inventory tells you what exists; monitoring tells you what changed.

Asset inventory

Build a source of truth for domains, subdomains, DNS records, SSL certificates, registrars, and expiration dates. This helps security teams understand ownership and exposure.

Discover active subdomains

Change detection

Track changes to nameservers, A records, MX records, TXT records, WHOIS status, and SSL certificates. Change context matters more than raw snapshots.

Set up monitoring

Operational prevention

Use expiration and SSL warnings to prevent outages before they become public incidents. This is security, reliability, and reputation work at the same time.

SSL monitoring guide
FAQ

Attack Surface Monitoring Questions

What counts as domain attack surface?

Any domain, subdomain, DNS record, SSL certificate, mail route, or registration state that affects public-facing services or brand trust is part of the domain attack surface.

Is subdomain discovery enough?

No. Subdomains are only one layer. You also need DNS, WHOIS/RDAP, SSL, availability, expiration, and change monitoring to understand operational risk.

How is monitoring different from scanning?

Scanning captures a point-in-time snapshot. Monitoring records changes and alerts you when critical domain, DNS, WHOIS, or SSL signals move.

Who uses this data?

Security teams, DevOps, infrastructure teams, brand protection teams, and incident responders use domain intelligence to detect drift, outages, abuse, and unmanaged assets.

Related Reading

Strengthen your ASM program

WHOIS API for attack surface management

Enrich and monitor domain assets at scale.

SSL certificate monitoring

Track certificate expiry and unexpected certificate changes.

DNS lookup automation

Audit DNS records, email security, and infrastructure posture.

Start monitoring your external domain surface

One key for WHOIS, DNS, SSL, subdomains, availability, and monitoring.

Get Free API KeySee Monitoring