Product — Scanner
See what an auditor sees
Scan any domain. DNS, email authentication, TLS configuration, and security headers — results in seconds, mapped to compliance frameworks.
How it works
Outside-in scanning
No credentials to configure for your first scan. Sudory queries public DNS records, negotiates TLS, and inspects HTTP responses — just like a real attacker would.
01
No agents needed
Sudory scans from the outside — the same vantage point attackers and auditors use. Enter a domain and get results in seconds.
02
Continuous, not one-time
Scans run on a schedule. Drift detection catches regressions before your next audit — not during it.
03
Framework-mapped results
Every check maps to ISO 27002, NIS2, SOC 2, DORA, and more. One scan produces evidence across all your frameworks.
Coverage
30+ checks per domain
Every scan checks DNS configuration, email authentication, transport security, and HTTP hardening — all from a single domain input.
DNS
- SPF record
- DKIM selector
- DMARC policy
- DNSSEC
- CAA records
- MX records
- NS records
- IPv6 (AAAA)
Email security
- SPF alignment
- DKIM key strength
- DMARC enforcement
- MTA-STS
- DANE/TLSA
TLS & HTTPS
- Certificate validity
- TLS version
- HSTS header
- HSTS preload
- Certificate transparency
HTTP headers
- Content-Security-Policy
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
- Cookie flags
Go beyond public signals
Connect Slack, Google Workspace, GitHub, and more to scan internal configurations against CIS benchmarks — with the same continuous, framework-mapped approach.