Map your attack surface
before someone else does
ApifyForge helps security teams map their external attack surface by combining subdomain discovery, DNS lookups, NVD CVE searches, and certificate transparency actors. Best for weekly asset inventory and vulnerability triage across 10-200 domains. Less suitable for continuous real-time perimeter monitoring. Costs $0.05-$0.15 per scan.
The problem
Security teams need to continuously discover their external attack surface — subdomains, exposed services, vulnerable software, and certificate issues. Commercial ASM platforms cost $10,000+/year. Manual OSINT takes hours per domain.
The solution
Apify actors connect to public security databases: NVD for CVEs, crt.sh for certificate transparency, DNS lookups for infrastructure mapping, and CISA KEV for actively exploited vulnerabilities. Run batch queries and get structured results for your security team.
How it works
List your domains
Start with your primary domains and known subdomains. Certificate transparency searches often reveal subdomains you did not know existed.
Run discovery actors
Use crt.sh search for subdomain discovery, DNS record lookup for infrastructure mapping, and NVD CVE search for vulnerability identification.
Prioritise findings
Cross-reference discovered assets with CISA's Known Exploited Vulnerabilities catalog. Focus remediation on actively exploited CVEs first.
Monitor continuously
Schedule weekly runs to catch new subdomains, certificate changes, and newly disclosed vulnerabilities affecting your tech stack.
Actors we recommend
These Apify actors are listed on ApifyForge with real-time pricing, usage stats, and quality scores.
SSL Certificate Transparency Search
Search Certificate Transparency logs via crt.sh to find SSL/TLS certificates for any domain. Enumerate subdomains, monitor certificate issuance, detect unauthorized certs, and audit certificate sprawl. Returns deduplicated subdomains or individual certificate records.
DNS Record Lookup — MX, SPF, DMARC & Email Security Checks
Bulk DNS record lookup for domains. Query A, AAAA, MX, NS, TXT, CNAME, SOA records. Email security audit with SPF, DMARC, DKIM detection. No API keys needed. Structured JSON output.
NVD CVE Vulnerability Search
Search the NIST National Vulnerability Database for CVEs. Filter by keyword, CVSS v3 severity, date range, and CPE product name. Returns CVSS scores, attack vectors, CWE weaknesses, and references. Free API, no key required.
CISA Known Exploited Vulnerabilities Search
Search & monitor the CISA KEV catalog of actively exploited CVEs. Filter by vendor, product, keyword, date range, and ransomware usage. Get structured JSON with NVD links for vulnerability management and compliance.
What does it cost?
Scanning 50 domains across 4 security databases costs $5-10 in PPE charges. Weekly monitoring of 20 domains: $10-20/month. Compared to $10,000+/year for commercial ASM.
Estimate your cost →Useful tools
Ready to get started?
Sign in and set up the CLI in under 2 minutes. Your Apify token stays on your machine.
Related workflows
- Lead Generation with Apify Actors— Extract business contacts from Google Maps, websites, and directories using Apify actors.
- Price Monitoring with Apify— Track competitor prices daily across e-commerce sites and marketplaces.
- SEO Data Collection with Apify— Scrape SERPs, meta tags, and backlinks without enterprise SEO subscriptions.
- Competitor Research with Apify— Monitor competitor websites, pricing, reviews, and social presence.
- Recruitment Data with Apify— Pull job listings and candidate data from boards and career pages.
- Managing an Apify Actor Portfolio— Fleet dashboard for health, revenue, and quality across all your actors.
- Web Scraping Compliance with Apify— Assess GDPR, CCPA, and ToS risk before scraping any site.
- Data Enrichment with Apify— Enrich partial CRM data with emails, phones, and social profiles.
- Workflow Automation with Apify— Connect actor output to CRMs, Slack, and n8n with pre-built templates.
- Real Estate Data Collection with Apify— Scrape property listings, pricing history, and agent contacts.
- Brand Reputation Monitoring with Apify— Track reviews, ratings, and mentions across Trustpilot, Google, and BBB.
- Financial Market Research with Apify— Pull SEC filings, insider trades, and economic indicators from public databases.
- Academic Research Data with Apify— Search PubMed, OpenAlex, and Semantic Scholar for literature reviews.
- Compliance & Due Diligence Screening with Apify— Screen entities against OFAC, Interpol, and 40+ global watchlists.
- Government Contract Intelligence with Apify— Monitor SAM.gov opportunities, grants.gov funding, and Federal Register changes.
- Ecommerce Intelligence for Online Sellers— Analyse competitor Shopify stores, marketplace prices, and tech stacks.
- Building AI Agents with Apify MCP Servers— Connect Claude, Cursor, and Windsurf to 80+ data tools via MCP.