Vendor domain scan

Keen to get a better understanding of your exposure via technology suppliers and vendors? Use the vendor domain scan to find top level issues and risks for a vendor domain. 

How to add a vendor domain to your scan

Navigate to the Scanning tab and click Add new entity

Enter the vendor domain you would like to scan, eg

If you use a specific URL for the vendor admin portal or for your own subdomain  (e.g. or, add this as a Website or Sub domain type entity. 


What does a vendor domain scan look for?

The vendor scan looks for issues and risks at the top level of the domain - anything that can provide general safety information -  like:

  • Email security
  • Breached accounts
  • Website security of the root and www domains only (if you need to look for website security issues for a specific subdomain then add the site as a "Website" seed.).  
  • Certificate expiry on the root and www domains
  • Reputation checks

What is not included in a vendor domain scan?

The vendor scan does not crawl all sub-domain data or DNS lookups – because for some vendors this be extensive, causing a heavy load on our platform

Nor does it generate all the inventory and informational findings that a root domain scan of your own organisation will.

It will not crawl for related assets or generate findings for things such as:

  • Domain email contacts
  • Microsoft 365 tenants or other cloud services
  • Similar domains or indirect favicons
  • Related IP addresses and ports
  • The technology stack websites use
  • Web application firewall