# CyberFurl
> External security posture scanner for DNS, email auth, subdomains, headers, breaches, and internet-facing exposure.

## Core
- [Security Report](https://cyberfurl.com/security-report): Public external posture entrypoint for any domain
- [Pricing](https://cyberfurl.com/pricing): Product plans and usage model
- [Features](https://cyberfurl.com/features): Public feature overview

## High-Priority Features
- [DNS Posture](https://cyberfurl.com/features/dns-posture): Track live records, delegation, DNSSEC, and drift on the domains that carry your web, mail, and brand traffic.
- [Email Authentication](https://cyberfurl.com/features/email-authentication): Audit SPF, DKIM, DMARC, MX, MTA-STS, TLS-RPT, and BIMI in one place so spoofing resistance and deliverability are easier to own.
- [Web Security Headers](https://cyberfurl.com/features/web-security-headers): Inspect the exact headers your public edge serves, including CSP, HSTS, framing, and referrer policy, and catch regressions after releases or CDN changes.
- [SSL / TLS](https://cyberfurl.com/features/ssl-tls): Monitor certificate trust, expiry, protocol support, and HTTPS enforcement so renewals and edge changes do not become public outages.
- [Vulnerability Surface](https://cyberfurl.com/features/vulnerability-surface): Review exposed routes, detectable technologies, and weak public web surfaces, then keep that footprint on a schedule as releases and vendors change.
- [Breach Exposure](https://cyberfurl.com/features/breach-exposure): See whether identities tied to the domain appear in known breach datasets and use that signal to prioritize phishing resilience, MFA, and brand-trust work.

## Public Tools
- [DNS Tools](https://cyberfurl.com/dns-tools): Public DNS tooling hub
- [DNS Benchmark](https://cyberfurl.com/dns-tools/dns-benchmark): Resolver benchmark tool
- [DNS Caching](https://cyberfurl.com/dns-tools/dns-caching): DNS caching checker
- [DNS Leak](https://cyberfurl.com/dns-tools/dns-leak): DNS leak check
- [DNS Speed Test](https://cyberfurl.com/dns-tools/dns-speed-test): Resolver speed testing
- [DoT Support](https://cyberfurl.com/dns-tools/dot-support): DNS-over-TLS support check
- [EDNS Support](https://cyberfurl.com/dns-tools/edns-support): EDNS capability check

## Vertical Pages
- [MSPs](https://cyberfurl.com/for/msps): One compromised RMM can turn into every client calling at once.
- [Ecommerce](https://cyberfurl.com/for/ecommerce): A checkout skimmer does not need permission. It just needs one weak edge.
- [SaaS](https://cyberfurl.com/for/saas): Your next deal does not die in the questionnaire. It dies in the exposed basics.
- [Real Estate](https://cyberfurl.com/for/real-estate): Wire-fraud mail hits hardest when your domain still looks easy to spoof.
- [Insurance](https://cyberfurl.com/for/insurance): Identity-driven ransomware starts long before the ransom note.
- [Government](https://cyberfurl.com/for/government): One weak vendor domain can still turn into a public-sector incident.
- [Healthcare](https://cyberfurl.com/for/healthcare): A healthcare outage starts with the public doors attackers can already see.
- [Finance](https://cyberfurl.com/for/finance): Four business days is not much time if your public surface is already a mess.
- [Agencies](https://cyberfurl.com/for/agencies): A deepfake call becomes expensive when your domain still does the rest of the lying.

## Learn
- [DMARC](https://cyberfurl.com/learn/dmarc): Learn how DMARC uses SPF and DKIM alignment to control spoofed mail and reporting.
- [SPF](https://cyberfurl.com/learn/spf): Understand how SPF authorizes senders, where it breaks, and how lookup limits create drift.
- [DKIM](https://cyberfurl.com/learn/dkim): See how DKIM signing, selectors, and key length shape sender trust and deliverability.
- [BIMI](https://cyberfurl.com/learn/bimi): Learn how BIMI depends on DMARC enforcement and brand validation to display logos safely.
- [MTA-STS](https://cyberfurl.com/learn/mta-sts): Review how MTA-STS reduces SMTP downgrade and MX impersonation risk for modern mail flows.
- [TLS-RPT](https://cyberfurl.com/learn/tls-rpt): Understand how TLS-RPT exposes mail transport failures that otherwise stay invisible.
- [DANE](https://cyberfurl.com/learn/dane): See how DANE uses DNSSEC and TLSA records to bind mail transport to expected certificates.
- [ARC](https://cyberfurl.com/learn/arc): Learn how ARC preserves authentication context for forwarding and mailing-list workflows.
- [Email Spoofing](https://cyberfurl.com/learn/email-spoofing): Understand how spoofing works, what defenses fail first, and how to harden domain trust.
- [Phishing](https://cyberfurl.com/learn/phishing): Review how phishing operations exploit weak mail controls, exposed brands, and user trust.
- [DNSSEC](https://cyberfurl.com/learn/dnssec): Learn how DNSSEC adds authenticity to DNS answers and why deployment errors still matter.
- [Zone Walking](https://cyberfurl.com/learn/zone-walking): Understand how NSEC-based zone walking can expose DNS inventory and operational clues.
- [Cache Poisoning](https://cyberfurl.com/learn/cache-poisoning): See how forged or manipulated DNS responses can redirect traffic and break trust.
- [DNS Hijacking](https://cyberfurl.com/learn/dns-hijacking): Learn how registrar, NS, or record-level changes can redirect web or mail traffic silently.
- [NS Drift](https://cyberfurl.com/learn/ns-drift): Review why unexpected nameserver movement is a high-signal indicator for outage and takeover risk.
- [Dangling CNAME](https://cyberfurl.com/learn/dangling-cname): Understand how stale CNAMEs lead to subdomain takeover and cloud-service reuse risk.
- [DNS Tunneling](https://cyberfurl.com/learn/dns-tunneling): See how attackers abuse DNS queries for covert traffic, command channels, or data exfiltration.
- [CAA Records](https://cyberfurl.com/learn/caa-records): Learn how CAA limits which certificate authorities can issue certs for the domain.
- [Content Security Policy](https://cyberfurl.com/learn/csp): Review how CSP constrains browser execution and where policy design commonly breaks.
- [HSTS](https://cyberfurl.com/learn/hsts): Understand how HSTS pins browsers to HTTPS and what settings matter for preload and subdomains.
- [X-Frame-Options](https://cyberfurl.com/learn/x-frame-options): Learn how framing protections reduce clickjacking on public web applications.
- [Referrer-Policy](https://cyberfurl.com/learn/referrer-policy): See how referrer handling can leak URLs, tokens, or user context across origins.
- [Permissions-Policy](https://cyberfurl.com/learn/permissions-policy): Understand how browser capability restrictions reduce unnecessary feature exposure.
- [SSL / TLS](https://cyberfurl.com/learn/ssl-tls): Review certificate trust, protocol support, and HTTPS posture for customer-facing domains.
- [Certificate Transparency](https://cyberfurl.com/learn/certificate-transparency): Learn how CT logs expose unexpected certificate issuance and improve issuance visibility.
- [Subdomain Takeover](https://cyberfurl.com/learn/subdomain-takeover): Understand how unclaimed third-party resources and stale DNS combine into takeover risk.
- [Credential Stuffing](https://cyberfurl.com/learn/credential-stuffing): See how reused credentials from breaches turn into login abuse against public applications.
- [Typosquatting](https://cyberfurl.com/learn/typosquatting): Learn how lookalike domains exploit user mistakes and brand trust for phishing and abuse.
- [Data Breach](https://cyberfurl.com/learn/data-breach): Review the operational and financial realities of breaches and why early detection matters.
- [Attack Surface Management](https://cyberfurl.com/learn/attack-surface-management): Understand why unknown assets, exposed paths, and weak internet-facing controls need continuous review.

## Markdown Mirrors
- [Learn markdown index](https://cyberfurl.com/llms-full.txt): Full AI-readable knowledge base
- [Features markdown](https://cyberfurl.com/features.md)
- [DMARC markdown](https://cyberfurl.com/learn/dmarc.md)
- [SPF markdown](https://cyberfurl.com/learn/spf.md)
- [DKIM markdown](https://cyberfurl.com/learn/dkim.md)
- [BIMI markdown](https://cyberfurl.com/learn/bimi.md)
- [MTA-STS markdown](https://cyberfurl.com/learn/mta-sts.md)
- [TLS-RPT markdown](https://cyberfurl.com/learn/tls-rpt.md)
- [DANE markdown](https://cyberfurl.com/learn/dane.md)
- [ARC markdown](https://cyberfurl.com/learn/arc.md)
- [Email Spoofing markdown](https://cyberfurl.com/learn/email-spoofing.md)
- [Phishing markdown](https://cyberfurl.com/learn/phishing.md)
- [DNS Posture markdown](https://cyberfurl.com/features/dns-posture.md)
- [Email Authentication markdown](https://cyberfurl.com/features/email-authentication.md)
- [Web Security Headers markdown](https://cyberfurl.com/features/web-security-headers.md)
- [SSL / TLS markdown](https://cyberfurl.com/features/ssl-tls.md)
- [Vulnerability Surface markdown](https://cyberfurl.com/features/vulnerability-surface.md)
- [Breach Exposure markdown](https://cyberfurl.com/features/breach-exposure.md)
- [MSPs markdown](https://cyberfurl.com/for/msps.md)
- [Ecommerce markdown](https://cyberfurl.com/for/ecommerce.md)
- [SaaS markdown](https://cyberfurl.com/for/saas.md)
- [Real Estate markdown](https://cyberfurl.com/for/real-estate.md)
- [Insurance markdown](https://cyberfurl.com/for/insurance.md)