I built SurfaceSentinel to show what attackers can discover about a company's domain from the outside.

It checks DNS configuration, email security posture (SPF/DKIM/DMARC), TLS configuration, HTTP headers, and exposed services.

The goal was to keep it simple and fast — no login required, just a quick external snapshot of a domain.

Curious whether people find this useful or have suggestions for improving the report.