DefendFlow Radar – An Attacker-View Recon Engine for Domains
Original: Show HN: DefendFlow Radar – An attacker-view recon engine for domains
Mood
informative
Sentiment
positive
Category
startup_launch
Key topics
I’ve been working on a security tool called DefendFlow Radar, and I’d love to get feedback from the community.
The idea behind it is simple: What does your domain look like from the attacker’s point of view? A surprising amount of security exposure comes from misconfigured DNS, forgotten services, exposed subdomains, expired DMARC, and stale SaaS entries. We built tools to detect these issues quickly and automatically.
What Radar does • Enumerates domains/subdomains using multiple recon techniques • Checks DNS hygiene, DMARC/SPF/DKIM correctness • Identifies stale/exposed endpoints and unintended public surfaces • Maps attack surface across services & SaaS providers • Generates a digestible “risk snapshot” of the domain
Here you can give it a free trail: https://radar.defendflow.xyz/
Why we built it
My co-founder is a penetration tester, and we found ourselves repeatedly running 15–20 different tools to get a clear picture of an organization’s external footprint. We wanted something that: 1. Gives a single attacker-view perspective 2. Is fast enough to use during initial recon 3. Doesn’t require installing a big agent or pipeline 4. Shows useful misconfigurations non-security engineers can understand
So we built this as a side project. Over time it evolved into a more complete recon engine.
How it works (technical highlights) • Uses layered probing (DNS, HTTP metadata, MX checks, SSL, cloud service inference) • Performs domain validation • Incorporates passive and active signal collection • Surface mapping logic written mostly in Rust • No agent, crawler, or network access needed from the user side • Outputs everything as structured JSON behind the scenes
Happy to answer any questions about how it works internally.
Looking for feedback
I’m especially interested in feedback from: • security engineers • SRE/DevOps folks • people who maintain DNS/SPF/DMARC at work • anyone who’s had to clean up legacy SaaS footprint
If something is unclear or missing, I’d really appreciate the critique.
Thanks for taking a look!
Try out link again: https://radar.defendflow.xyz/
DefendFlow Radar: An attacker-view recon engine for domains
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
44s
Peak period
1
Hour 1
Avg / period
1
Key moments
- 01Story posted
Nov 26, 2025 at 3:02 PM EST
6h ago
Step 01 - 02First comment
Nov 26, 2025 at 3:03 PM EST
44s after posting
Step 02 - 03Peak activity
1 comments in Hour 1
Hottest window of the conversation
Step 03 - 04Latest activity
Nov 26, 2025 at 3:03 PM EST
6h ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Also happy to scan any domains you want to test — just share them (or DM if preferred).
Appreciate all feedback, including criticism.
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.