shield_with_heart
Zondex for Penetration Testers
Passive reconnaissance, attack surface mapping, and vulnerability discovery — powered by 85M+ indexed hosts.
travel_explore
Passive Reconnaissance
Enumerate an organization's external footprint without sending any traffic. Search by ASN, IP range, or organization name to discover all public-facing assets.
bug_report
Vulnerability Discovery
Find hosts running software with known CVEs. Filter by specific CVE IDs or search for outdated product versions that are known to be vulnerable.
hub
Attack Surface Mapping
Identify exposed admin panels, databases, CI/CD pipelines, and development tools. Map the complete attack surface before active testing begins.
lock_open
Exposed Credentials & Misconfigurations
Discover services with default credentials, misconfigured TLS, open debug endpoints, and unsecured management interfaces.
terminal Example Queries for Pentesters
port:3389 country:US
Find exposed RDP services in the United States
product:Apache cve:CVE-2021-41773
Apache servers vulnerable to path traversal
port:9200 service:http
Exposed Elasticsearch instances
port:27017
Exposed MongoDB databases
service:ssh port:22
SSH servers for banner grabbing and version detection
Start Your Reconnaissance
Search 85M+ hosts. No traffic to targets. Instant results.
search Open Search