HONEST DEMO · No login · no tracking · no data stored · scanners hit public APIs (Google DNS · crt.sh · CISA KEV) and return live results for the asset YOU paste · how this works
Free · No login · Real public-API data

Run Aria's scanners against your real domain
in 30 seconds.

Three production scanners — exactly the ones a logged-in tenant runs in /aegis. No fake demo numbers, no pre-baked results, no "Acme Corp." Paste your apex domain and we hit Google's public DNS, the Certificate Transparency log corpus, and the CISA Known-Exploited-Vulnerabilities catalogue in real time. Results are yours. Nothing is logged.

SCANNER · 01 📧 SPF + DMARC + MX audit DNS-over-HTTPS · Google · live

Audits your email-authentication posture. We resolve the apex domain's SPF, DMARC, and MX records via Google's public DNS-over-HTTPS endpoint and report the verdict the same way Aria's Mail Shield does for a live tenant.

No subdomains, no auth tokens, no email content — just public DNS. Sample: cisa.gov · rbi.org.in
SCANNER · 02 🎯 Lookalike domain hunt crt.sh · CT logs · live

Finds domains that share certificate-transparency entries with your brand keyword — phishing kits, typosquats, and dev/staging exposures. Same data source as Aria's Identity Shield uses for takedown case workflows.

Searches crt.sh's CT-log corpus for any certificate where the requested name contains your keyword. Sample: paypal · hdfc
SCANNER · 03 🛡 CISA KEV vulnerability search CISA · live catalogue

Searches the live CISA Known-Exploited-Vulnerabilities catalogue (the gold-standard list of CVEs being actively exploited in the wild). Match by vendor, product, or CVE ID. Same feed Aria's Threat Intel uses to prioritise patching.

Loads the CISA KEV JSON catalogue (cached 1h locally). Sample: Fortinet · Microsoft Exchange
HOW · IT · WORKS ⚙ Why these results are real no backend · no logging

Every scanner above runs entirely in your browser — your domain query goes directly to a public API, the response renders here, nothing transits Aria's servers. We've designed it that way deliberately:

// network calls made by /try.html SPF / DMARC : https://dns.google/resolve Lookalike : https://crt.sh/?q=KEYWORD&output=json CISA KEV : https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json // what we DON'T do ✗ No analytics call when you scan ✗ No persistence of your queries on our side ✗ No "freemium tracking" pixel

If you want to verify, open Chrome DevTools → Network tab while you scan. Every request is to one of the three public endpoints above. This is the standard you should hold every cybersecurity vendor to.

Liked what you saw? Open a tenant.

The full Aria platform (7 shields · CERT-In Annexure-II auto-draft · WhatsApp alerts · DPDP-aware compliance) lives behind a free Vidya tier. Or if you're BFSI / mid-cap and want a Hinglish synthetic-deepfake red-team drill, see Synthetic Shield.

Start free tenant See Synthetic Shield