Map your attack surface
before someone else does

ApifyForge helps security teams map their external attack surface by combining subdomain discovery, DNS lookups, NVD CVE searches, and certificate transparency actors. Best for weekly asset inventory and vulnerability triage across 10-200 domains. Less suitable for continuous real-time perimeter monitoring. Costs $0.05-$0.15 per scan.

The problem

Security teams need to continuously discover their external attack surface — subdomains, exposed services, vulnerable software, and certificate issues. Commercial ASM platforms cost $10,000+/year. Manual OSINT takes hours per domain.

The solution

Apify actors connect to public security databases: NVD for CVEs, crt.sh for certificate transparency, DNS lookups for infrastructure mapping, and CISA KEV for actively exploited vulnerabilities. Run batch queries and get structured results for your security team.

How it works

List your domains

Start with your primary domains and known subdomains. Certificate transparency searches often reveal subdomains you did not know existed.

Run discovery actors

Use crt.sh search for subdomain discovery, DNS record lookup for infrastructure mapping, and NVD CVE search for vulnerability identification.

Prioritise findings

Cross-reference discovered assets with CISA's Known Exploited Vulnerabilities catalog. Focus remediation on actively exploited CVEs first.

Monitor continuously

Schedule weekly runs to catch new subdomains, certificate changes, and newly disclosed vulnerabilities affecting your tech stack.

Actors we recommend

These Apify actors are listed on ApifyForge with real-time pricing, usage stats, and quality scores.

Attack Surface Intelligence — Certificate Transparency

Turn Certificate Transparency logs into attack-surface intelligence. Find new subdomains, exposed admin/VPN/DevOps services, brand-abuse look-alikes, and infrastructure drift, each with a risk score, recommended action, and investigation priority. Findings and executive summary included.

$0.00/certificate fetched

Domain Security & Email Deliverability — DNS, SPF, DMARC, DKIM

Audit a domain portfolio for email spoofing, broken SPF, DMARC enforcement, DNSSEC and shadow-SaaS senders. Returns a posture score, what to fix first, vendor dependencies and drift alerts — not just records. Bulk DNS / SPF / DMARC / DKIM lookup, no API keys.

$0.00/dns looked up

NVD CVE Vulnerability Search

Search the NIST National Vulnerability Database for CVEs. Filter by keyword, CVSS v3 severity, date range, and CPE product name. Returns CVSS scores, attack vectors, CWE weaknesses, and references. Free API, no key required.

$0.00/cve fetched

CISA Known Exploited Vulnerabilities Search

Search & monitor the CISA KEV catalog of actively exploited CVEs. Filter by vendor, product, keyword, date range, and ransomware usage. Get structured JSON with NVD links for vulnerability management and compliance.

$0.00/vulnerability fetched

Personal Data Exposure Report — Privacy Operations Intelligence

A Privacy Operations Intelligence API. Per subject, one call returns where data is exposed, a severity risk score, the threat scenarios it enables, a remediation queue ranked by impact-per-minute, and monitoring that tracks whether removals stick. For privacy and executive-protection teams.

$0.50/exposure report

What does it cost?

Scanning 50 domains across 4 security databases costs $5-10 in PPE charges. Weekly monitoring of 20 domains: $10-20/month. Compared to $10,000+/year for commercial ASM.

Estimate your cost →

Useful tools

Security Tools Comparison Cost Calculator Actor Recommender Browse security reconnaissance actors Find more actors →

Ready to get started?

Sign in in under 2 minutes. Your Apify token is encrypted at rest (AES-256-GCM) and revocable any time — or stay 100% local with the CLI.

Open dashboard

Related workflows

Lead Generation with Apify Actors— Extract business contacts from Google Maps, websites, and directories using Apify actors.
Price Monitoring with Apify— Track competitor prices daily across e-commerce sites and marketplaces.
SEO Data Collection with Apify— Scrape SERPs, meta tags, and backlinks without enterprise SEO subscriptions.
Competitor Research with Apify— Monitor competitor websites, pricing, reviews, and social presence.
Recruitment Data with Apify— Pull job listings and candidate data from boards and career pages.
Managing an Apify Actor Portfolio— Fleet dashboard for health, revenue, and quality across all your actors.
Web Scraping Compliance with Apify— Assess GDPR, CCPA, and ToS risk before scraping any site.
Data Enrichment with Apify— Enrich partial CRM data with emails, phones, and social profiles.
Workflow Automation with Apify— Connect actor output to CRMs, Slack, and n8n with pre-built templates.
Real Estate Data Collection with Apify— Scrape property listings, pricing history, and agent contacts.
Brand Reputation Monitoring with Apify— Track reviews, ratings, and mentions across Trustpilot, Google, and BBB.
Financial Market Research with Apify— Pull SEC filings, insider trades, and economic indicators from public databases.
Academic Research Data with Apify— Search PubMed, OpenAlex, and Semantic Scholar for literature reviews.
Compliance & Due Diligence Screening with Apify— Screen entities against OFAC, Interpol, and 40+ global watchlists.
Government Contract Intelligence with Apify— Monitor SAM.gov opportunities, grants.gov funding, and Federal Register changes.
Ecommerce Intelligence for Online Sellers— Analyse competitor Shopify stores, marketplace prices, and tech stacks.
Building AI Agents with Apify MCP Servers— Connect Claude, Cursor, and Windsurf to 80+ data tools via MCP.

Map your attack surfacebefore someone else does