DNS
Subdomain discovery
Enumerate assets through Certificate Transparency, common subdomain lists, RapidDNS scraping, and CNAME expansion.
Defensive exposure monitoring
Find exposed
deployment artifacts
before attackers do.
DeploySentry is a Python CLI/TUI scanner for authorized security teams.
It enumerates subdomains, resolves DNS, probes live web services, and safely checks
for exposed .env files, Git metadata, debug logs, source maps, and backups.
Built for defensive validation only. No exploitation. No secret dumping. No brute forcing.
deploysentry scan example.com
$ deploysentry scan example.com --report html ✓ Enumerating subdomains → Found app.example.com → Found staging.example.com ✓ Resolved DNS records → Probing https://staging.example.com ! CRITICAL /.env exposed ! HIGH /.git/config exposed ✓ Report generated report: ./deploysentry-reports/example.com/latest/report.html
Signal without noise.
DeploySentry focuses on high-risk deployment mistakes and avoids aggressive vulnerability scanning.
HTTP
Live service probing
Probe HTTP and HTTPS services, follow redirects, capture titles, headers, content types, and safe service metadata.
LEAK
Dangerous file checks
Safely check known deployment leak paths like /.env,
/.git/HEAD, debug logs, SQL dumps, and source maps.
404
Soft-404 filtering
Random baseline paths help reduce false positives from wildcard 200 responses and custom error pages.
NET
Network verification
Optional Tor and proxy routing help authorized teams validate CDN, WAF, geo, and network-path differences.
RPT
Safe reports
Export JSON, Markdown, and HTML reports with redacted evidence. Secret values are never stored.
Built for the terminal.
DeploySentry ships with a cyberpunk Textual TUI for live asset discovery, findings, logs, network mode, and report generation.
- Interactive TUI and direct CLI scan mode
- Live asset and findings tables
- Tor, proxies, and Pro Verification controls
- Configurable JSON wordlists for paths and subdomains
- Safe, metadata-only evidence handling
interactive dashboard
How it works.
A safe pipeline for authorized deployment exposure monitoring.
01
Discover
Find subdomains through CT logs, common names, RapidDNS, and CNAME expansion.
02
Resolve
Collect A, AAAA, and CNAME records for every discovered asset.
03
Probe
Check HTTP and HTTPS availability using conservative timeouts and concurrency.
04
Report
Generate clean reports with severity, recommendations, and redacted evidence.
Install. Scan. Report.
Use the direct CLI for automation, or launch the TUI for live monitoring.
Python 3.11+
Textual
httpx
dnspython
Pydantic
Jinja2
commands
# interactive mode deploysentry # direct scan deploysentry scan example.com # reports deploysentry scan example.com --report html deploysentry scan example.com --report json deploysentry scan example.com --report markdown # network verification deploysentry scan example.com --tor deploysentry scan example.com --proxies proxies.txt --proxy-mode rotate SURFACEZERO_API_KEY=your-key deploysentry scan example.com --pro
Ready to watch your deployment surface?
Start with your own root domain, review safe evidence, and close the leaks before they show up in someone else’s scanner.
Authorized use only
Defensive by design.
DeploySentry is intended for authorized defensive scanning only. Only scan domains you own or have explicit permission to test. It does not exploit vulnerabilities, dump secrets, clone repositories, brute-force credentials, bypass authentication, or perform aggressive scanning.
- Known safe-path requests only
- Secret values are redacted and never stored
- Reasonable concurrency, timeout, and per-host limits
- Tor/proxy modes are for authorized verification and reachability testing
