Vendor domain scan

Keen to get a better understanding of your exposure via technology suppliers and vendors? Use the vendor domain scan to find top level issues and risks for a vendor domain. 

How to add a vendor domain to your scan

Navigate to the Scanning tab and click Add new entity

Enter the vendor domain you would like to scan, eg github.com

If you use a specific URL for the vendor admin portal or for your own subdomain  (e.g.  portal.vendor.com or mycompany.vendor.com), add this as a Website or Sub domain type entity. 

What does a vendor domain scan look for?

The vendor scan looks for issues and risks at the top level of the domain - anything that can provide general safety information -  like:

• Email security
• Breached accounts
• Website security of the root and www domains only (if you need to look for website security issues for a specific subdomain then add the site as a "Website" seed.).  
• Certificate expiry on the root and www domains
• Reputation checks

What is not included in a vendor domain scan?

The vendor scan does not crawl all sub-domain data or DNS lookups – because for some vendors this be extensive, causing a heavy load on our platform

Nor does it generate all the inventory and informational findings that a root domain scan of your own organisation will.

It will not crawl for related assets or generate findings for things such as:

• Domain email contacts
• Microsoft 365 tenants or other cloud services
• Similar domains or indirect favicons
• Related IP addresses and ports
• The technology stack websites use
• Web application firewall