Get a heads up and head start protecting your organisation
Automatically detect issues and risks across your external attack surface
Finds any user accounts on your domain with password breaches and whether these are active Microsoft accounts. Finds breached email addresses for your domain (and whether they are active Microsoft Accounts). Finds webpages on your domains that are exposing a paid Google API key that could be abused.
DNS and domain security
Checks for missing or misconfigured DNSEC policy. Checks whether Certification Authority Authorization policy is implemented.
Checks whether DMARC policy is in use and configured correctly. Checks whether the SPF policy exists and is sufficient.
Detects if the security.txt standard is being used. Finds any untrusted SSL certificates in use.
External/User added findings
Manually add findings from penetration test reports or other external sources – so all external attack surface findings are in one place.
Checks if your website Favicon is in use by other sites. Finds domains names that are similar to your scanned domain.
See and track what external assets you have
Informational findings about your external attack surface that can be used to keep track of all your internet-facing assets and cloud services. Automatically keep track of:
All domains, subdomains, domain contacts, domain registrars.
IP and ports
IP addresses, ports and services running on ports, IP address owners.
Websites, webpages, URL redirects, URL status, favicons.
Cloud and SaaS
M365 tenants, SaaS providers and clouds like Azure and AWS.
Github, Facebook, Instagram, X and every other major network.
Understand risks, track progress, get notified
Results are presented in a visual and easy to understand dashboard to track risks, priorities and remediation activities.
Use the clear and concise descriptions to understand how to resolve issues and risks. Actionable results at its best, with explanations suited to cyber and non-cyber experts.
Weekly status emails
Get a weekly status email update of what has changed in your attack surface.
24x7 chatbot and help website plus email support on all plans.
Download and share your PDF report with your team. Share links to individual findings or groups of findings. Export filtered views, or all findings as colour-coded Excel files.
Notifications and integrations
Set up notification rules to get updates on new findings sent to your tool of choice. With Glasstrail’s advanced support for webhooks and cURL, any system with an API can receive updates from Glasstrail. E.g. get new account password breaches direct into your service desk tool, monitoring system or MS Teams. If preferred, our support team can set it up for you.
Create secondary scan groups to segment your risk profile.
Big portfolios supported
Scan up to 200 root domains in a single account. Add a multi-organisation plan to scan even more.
Admin and read-only roles secured by Microsoft work accounts for easy management.
See all your customers from one dashboard. Optionally provide direct access for your customers. Read-only or admin roles supported.
Get notifications from Glasstrail into your MSP tool of choice – Autotask, Connectwise and more using our cURL and Webhooks integrations.
Custom scan schedule
You and your customer can decide how often to run scans, from monthly up to once a year.
Add your own commentary to the scan reports before downloading or sending from Glasstrail. See a history of all scans and all generated reports.
Download and share findings view as Excel. Use to make your own reports.
Use Microsoft accounts for single sign-on and easier onboarding and offboarding of users.