Real-time reconnaissance engine β€” now with AI scoring

Cyber reconnaissance,
elevated to intelligence.

Scan IPs, domains and CIDR ranges across 13 modules. Discover open ports, TLS weaknesses, exposed services and misconfigurations β€” then let AI prioritize the risks that matter.

100+
TCP ports probed
TLS 1.3
Cipher analysis
0–100
Risk score
JSON/CSV/MD
Export formats
Capabilities

Everything a recon operator needs

From Shodan-style exposure to Nmap-grade service detection, unified in one polished console.

πŸ›°οΈ

Distributed scanning

Scan targets without serverless function limits. Probes IPs, subdomains and ports concurrently with optimized rate limits.

πŸ”

Deep SSL/TLS analysis

Certificate chain, expiry, cipher suites, negotiated TLS versions and weak-configuration detection with a letter grade.

🧠

AI Exploit PoC Suggestions

Portinel AI analyzes findings and suggests secure, defensive Proof-of-Concept commands to quickly verify exposures.

πŸ“‘

HTTP fingerprinting

Headers, redirects, cookies, compression, server & framework detection, CMS identification and security-header auditing.

πŸ—ΊοΈ

Attack-surface mapping

Animated network topology, port heatmap, geolocation and findings donut to visualize exposure at a glance.

πŸ“„

Reporting & sharing

One-click Markdown, JSON and CSV exports, shareable links and a printable report β€” plus full scan history with diffs.

13 scan modules

Comprehensive, composable reconnaissance

Run one module or chain them into a deep scan. Each adds a layer of intelligence.

⚑
Quick Scan
Top 20 ports + HTTP, DNS, SSL
πŸ”¬
Deep Scan
Everything β€” ports, SSL, DNS, WHOIS, subdomains
πŸ₯·
Stealth Scan
Slow, low-concurrency port probing
🧩
Service Detection
Banner grabbing & versioning
πŸ–₯️
OS Detection
Heuristic host fingerprinting
πŸ”’
SSL Analysis
Certificates, ciphers, TLS versions
🌐
DNS Analysis
Full DNS record enumeration
πŸ“‡
WHOIS
Registration via RDAP
πŸ”„
Reverse DNS
PTR record lookups
πŸ“‘
HTTP Analysis
Headers, redirects, cookies
🧠
Technology Detection
Stack & CMS fingerprinting
πŸ•ΈοΈ
Subdomain Enumeration
CT logs + DNS brute-force discovery
πŸ“‹
Header Analysis
Security header auditing
πŸ›‘οΈ
WAF Detection
Cloudflare, AWS WAF, Akamai & more
πŸ“
Directory Discovery
Brute-force paths, admin panels, backups
🌐
Web Recon
robots.txt, sitemap, security.txt, CORS
πŸ”Œ
CORS Audit
Cross-origin & HTTP method analysis
Workflow

From target to triage in seconds

01

Define the target

Enter an IP, domain, hostname or CIDR range and pick your modules.

02

Portinel probes

DNS, TCP, TLS and HTTP engines gather real signal in parallel.

03

AI prioritizes

Get a graded risk score, deductions explained, and an executive summary β€” exportable anywhere.

Ready to map your attack surface?

Join security teams using Portinel to find exposures before attackers do.

Sign in