Show HN: DefendFlow Radar – An attacker-view recon engine for domains

1•riyao_lin•2mo ago

Hi HN,

I’ve been working on a security tool called DefendFlow Radar, and I’d love to get feedback from the community.

The idea behind it is simple: What does your domain look like from the attacker’s point of view? A surprising amount of security exposure comes from misconfigured DNS, forgotten services, exposed subdomains, expired DMARC, and stale SaaS entries. We built tools to detect these issues quickly and automatically.

What Radar does • Enumerates domains/subdomains using multiple recon techniques • Checks DNS hygiene, DMARC/SPF/DKIM correctness • Identifies stale/exposed endpoints and unintended public surfaces • Maps attack surface across services & SaaS providers • Generates a digestible “risk snapshot” of the domain

Here you can give it a free trial: https://radar.defendflow.xyz/

Why we built it

My co-founder is a penetration tester, and we found ourselves repeatedly running 15–20 different tools to get a clear picture of an organization’s external footprint. We wanted something that: 1. Gives a single attacker-view perspective 2. Is fast enough to use during initial recon 3. Doesn’t require installing a big agent or pipeline 4. Shows useful misconfigurations non-security engineers can understand

So we built this as a side project. Over time it evolved into a more complete recon engine.

How it works (technical highlights) • Uses layered probing (DNS, HTTP metadata, MX checks, SSL, cloud service inference) • Performs domain validation • Incorporates passive and active signal collection • Surface mapping logic written mostly in Rust • No agent, crawler, or network access needed from the user side • Outputs everything as structured JSON behind the scenes

Happy to answer any questions about how it works internally.

Looking for feedback

I’m especially interested in feedback from: • security engineers • SRE/DevOps folks • people who maintain DNS/SPF/DMARC at work • anyone who’s had to clean up legacy SaaS footprint

If something is unclear or missing, I’d really appreciate the critique.

Thanks for taking a look!

Try out link again: https://radar.defendflow.xyz/

Comments

riyao_lin•2mo ago

Author here: adding a bit more context. The scanning code is mostly written in Rust, and I’m slowly breaking pieces of it out so they can be used as standalone CLI utilities. If there’s interest, I can open-source some of the passive/active DNS probing modules.

Also happy to scan any domains you want to test — just share them (or DM if preferred).

Appreciate all feedback, including criticism.

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

What the longevity experts don't tell you

Monzo wrongly denied refunds to fraud and scam victims

They were drawn to Korea with dreams of K-pop stardom – but then let down

Show HN: AI-Powered Merchant Intelligence

Bash parallel tasks and error handling

Let's compile Quake like it's 1997

Reverse Engineering Medium.com's Editor: How Copy, Paste, and Images Work

Go 1.22, SQLite, and Next.js: The "Boring" Back End

Laibach the Whistleblowers [video]

Slop News - HN front page right now as AI slop

Economists vs. Technologists on AI

Life at the Edge

RISC-V Vector Primer

Show HN: Invoxo – Invoicing with automatic EU VAT for cross-border services

A Tale of Two Standards, POSIX and Win32 (2005)

Ask HN: Is the Downfall of SaaS Started?

Flirt: The Native Backend

OpenAI's Latest Platform Targets Enterprise Customers

Goldman Sachs taps Anthropic's Claude to automate accounting, compliance roles

Ai.com bought by Crypto.com founder for $70M in biggest-ever website name deal

Big Tech's AI Push Is Costing More Than the Moon Landing

The AI boom is causing shortages everywhere else

Suno, AI Music, and the Bad Future [video]

Ask HN: How are researchers using AlphaFold in 2026?