Glasstrail features:
Get a heads up and head start protecting your organisation

Automatically detect issues and risks across your external attack surface

Account credentials

Finds any user accounts on your domain with password breaches and whether these are active Microsoft accounts. Finds breached email addresses for your domain (and whether they are active Microsoft Accounts). Finds webpages on your domains that are exposing a paid Google API key that could be abused.

DNS and domain security

Checks for missing or misconfigured DNSEC policy. Checks whether Certification Authority Authorization policy is implemented.

Email security

Checks whether DMARC policy is in use and configured correctly. Checks whether the SPF policy exists and is sufficient.


Detects if the security.txt standard is being used.  Finds any untrusted SSL certificates in use.

Website security

Identifies missing or misconfigured CSP and HTTP Strict Transport policies. Finds all JavaScript vulnerabilities on websites. Checks for several OWASP top 10 issues.  Checks if site is using a Web Application Firewall. Gathers SSL certificate information and reports on expired and expiring certificates.

External/User added findings

Manually add findings from penetration test reports or other external sources – so all external attack surface findings are in one place.


Checks if your website Favicon is in use by other sites.  Finds domains names that are similar to your scanned domain.

See and track what external assets you have


Informational findings about your external attack surface that can be used to keep track of all your internet-facing assets and cloud services. Automatically keep track of:


All web technologies used (CMS, JavaScript libraries etc).


All domains, subdomains, domain contacts, domain registrars.

IP and ports

IP addresses, ports and services running on ports, IP address owners.

Website assets

Websites, webpages, URL redirects, URL status, favicons.

Cloud and SaaS

M365 tenants, SaaS providers and clouds like Azure and AWS.

Social profiles

Github, Facebook, Instagram, X and every other major network.

Understand risks, track progress, get notified


Results are presented in a visual and easy to understand dashboard to track risks, priorities and remediation activities.

Actionable tips

Use the clear and concise descriptions to understand how to resolve issues and risks. Actionable results at its best, with explanations suited to cyber and non-cyber experts.

Weekly status emails

Get a weekly status email update of what has changed in your attack surface.

Premium support

24x7 chatbot and help website plus email support on all plans.

Share results

Download and share your PDF report with your team. Share links to individual findings or groups of findings. Export filtered views, or all findings as colour-coded Excel files.

Notifications and integrations

Set up notification rules to get updates on new findings sent to your tool of choice. With Glasstrail’s advanced support for webhooks and cURL, any system with an API can receive updates from Glasstrail. E.g. get new account password breaches direct into your service desk tool, monitoring system or MS Teams. If preferred, our support team can set it up for you.

Scale up

Multi-brand management

Create secondary scan groups to segment your risk profile.

Big portfolios supported

Scan up to 200 root domains in a single account. Add a multi-organisation plan to scan even more.

Vendor scans

Scan your vendor domains to find top-level issues and risks.

Secure access

Admin and read-only roles secured by Microsoft work accounts for easy management.

For Partners


See all your customers from one dashboard. Optionally provide direct access for your customers. Read-only or admin roles supported.


Get notifications from Glasstrail into your MSP tool of choice – Autotask, Connectwise and more using our cURL and Webhooks integrations.

Custom scan schedule

You and your customer can decide how often to run scans, from monthly up to once a year.

Customise reports

Add your own commentary to the scan reports before downloading or sending from Glasstrail.  See a history of all scans and all generated reports.


Download and share findings view as Excel. Use to make your own reports.


Use Microsoft accounts for single sign-on and easier onboarding and offboarding of users.

Glasstrail gives us the insights we need quickly. We were up and running within an hour and soon knew where to focus our efforts. Plus the scheduled scan gives us comfort that we’ll know about new issues early.

- Andrew Taylor, Head of Product, EVA Check-in

Try Glasstrail for free

Just enter your domain. You'll have your results shortly.
(Your results are confidential - always.)

Get started
White Arrow