Methodology

Passive-only recon. No packets at your origin. Lawful by design.

Every signal Dhara uses is already publicly observable. We assemble it faster and map it to the compliance framework you care about. That is the only thing we do.

The six stages

01

DNS enumeration

Enumerate your apex domain across passive DNS providers and public resolvers. We never perform a zone transfer or brute-force subdomains on your authoritative nameservers.

02

Certificate transparency

Query public CT logs for every certificate ever issued for your domain. This surfaces forgotten staging, pre-production, and third-party-hosted subdomains that your team may not track.

03

Historical URLs

Aggregate URLs your hostnames have served via third-party archives and crawl datasets. Finds parameters, endpoints, and artefacts that are no longer linked but still discoverable.

04

Passive pattern signals

CT-log issuer and SAN patterns, DNS posture (SPF, DMARC, DKIM), CDN and cloud-edge signatures derived from DNS, and technology hints inferred from archived URL paths. No active fingerprinting on the free-report path.

05

Framework mapping

Every raw finding is mapped to the framework(s) you selected at request time. A missing DMARC record becomes a HIPAA §164.308 item, not just a DNS quirk.

06

Executive delivery

The final report is one page per finding, plus a summary a non-security buyer can read in five minutes. PDF and HTML, plus a shareable link with an expiry.

Legal posture

Why passive matters — not just technically, legally.

Passive external reconnaissance uses only data that third parties already publish: DNS records, certificates in public logs, and archived web content. No traffic is directed at your origin infrastructure and no credentials are solicited.

Under the Information Technology Act, 2000 (India), §43 and §66 apply to “accessing” computer resources without permission. Observing data that a third-party has already published is not access.

Under the Computer Fraud and Abuse Act (United States, 18 U.S.C. §1030), liability attaches to unauthorized access to a protected computer. Querying public CT logs, passive DNS datasets, and web archives does not constitute access to your systems.

We do not perform authenticated scanning, exploitation, brute-force, denial-of-service, or any probing that modifies state on your assets. When a customer engages Dhara for active scanning, we require written authorisation and a scope-of-work document before any traffic is sent. The free exposure report is passive-only.

Responsible disclosure is published at /legal. If you find an issue with a Dhara-operated property, please report it there.

Ready to see what your own surface looks like?

Get your free exposure report