Domains
Add and verify domains, discover subdomains, detect technologies, and scan for vulnerabilities with Seenty.
Domains
Domains are the primary asset type in Seenty. When you register a domain, Seenty pulls its DNS records and WHOIS information immediately. After you verify ownership, the platform unlocks a full security scanning pipeline that runs automatically on a nightly schedule.
Adding a domain
- Navigate to Assets > Domains in the sidebar.
- Click Add Domain.
- Enter your root domain (e.g.,
example.com). Do not include subdomains or protocol prefixes. - Click Add.
Seenty will immediately retrieve and display:
- DNS records (A, AAAA, MX, NS, TXT, CNAME, SOA)
- WHOIS registration data (registrar, creation date, expiration date)
These are available on all plans, even without verification.
Verifying domain ownership
Verification proves to Seenty that you own or control the domain. This unlocks the full scanning pipeline and scheduled scans.
Get your verification token
On the domain detail page, you will see a verification section with a unique token. Copy the full verification value (e.g., seenty-verify=abc123def456).
Add the DNS TXT record
Go to your DNS provider's management console (e.g., Cloudflare, Route 53, GoDaddy, Namecheap) and add a new TXT record:
- Host / Name:
_seenty-verify - Type: TXT
- Value: the token from the previous step
The full record will look like: _seenty-verify.example.com TXT "seenty-verify=abc123def456"
Complete verification
Return to Seenty and click Verify. Seenty will query DNS for the TXT record and confirm ownership.
If successful, your domain status will change to Verified and a full scan will begin automatically.
DNS propagation can take anywhere from a few minutes to 48 hours depending on your DNS provider and TTL settings. If verification fails, wait and try again later. You can leave the TXT record in place permanently -- it does not affect your domain's functionality.
What verification unlocks
| Feature | Without verification | With verification |
|---|---|---|
| DNS records | Yes | Yes |
| WHOIS information | Yes | Yes |
| Subdomain discovery | No | Yes (Starter+) |
| Technology detection | No | Yes (Pro+) |
| CVE vulnerability scanning | No | Yes (Ultra+) |
| Nightly scheduled scans (3 AM UTC) | No | Yes (Starter+) |
| Manual re-scan | Yes | Yes |
Scanning pipeline
Once verified, Seenty runs the following scan pipeline. Each stage feeds into the next:
DNS scan
Seenty queries all DNS record types and checks for common misconfigurations: dangling CNAME records, missing SPF/DKIM/DMARC, zone transfer vulnerabilities, and more.
Subdomain discovery
Seenty discovers subdomains using certificate transparency logs and passive reconnaissance techniques. Each discovered subdomain is added to your domain inventory automatically.
Subdomain discovery requires a Starter plan or higher.
Technology detection
For each discovered host (root domain and subdomains), Seenty identifies the technologies in use -- web servers (Nginx, Apache), frameworks (React, Next.js, WordPress), CDNs (Cloudflare, AWS CloudFront), and more. Each technology is reported with a confidence score.
Technology detection requires a Pro plan or higher.
CVE vulnerability scanning
Detected technologies are checked against known vulnerability databases. If a technology version matches a known CVE, Seenty creates a vulnerability finding with the CVE ID, severity score (CVSS), description, and remediation guidance.
CVE scanning requires an Ultra plan or higher. It also requires technology detection to be available (Pro+), since CVE lookups depend on the detected technology stack.
Subdomain discovery
Seenty uses passive subdomain discovery via certificate transparency (CT) logs. This means it does not send any traffic to your infrastructure during discovery -- it simply queries public CT log databases for certificates issued to subdomains of your domain.
Discovered subdomains appear on the domain detail page under the Subdomains tab. Each subdomain shows:
- IP address resolution
- HTTP status (if reachable)
- Technologies detected (Pro+)
- Associated findings
You cannot manually add subdomains. They are discovered automatically during the scan pipeline.
Technology detection
The technology detection engine identifies software running on your domains and subdomains by analyzing HTTP response headers, HTML content, JavaScript libraries, cookies, and other signals. Results include:
- Technology name (e.g., Nginx, React, WordPress)
- Version (when detectable)
- Category (Web Server, JavaScript Framework, CMS, CDN, etc.)
- Confidence score (how certain the detection is)
Technology data is used as input for CVE scanning and appears in the domain detail view under the Technologies tab.
Manual re-scan
You can trigger a manual scan at any time by clicking the Scan button on the domain detail page. Manual scans run the same pipeline as scheduled scans.
On the Hobby plan, manual re-scan is available but only the DNS stage will run (subdomain discovery, technology detection, and CVE scanning require higher plans).
Scheduled scans
For verified domains on Starter plans or higher, Seenty runs a full scan automatically every night at 3:00 AM UTC. This ensures your domain inventory and security findings stay up to date without any manual intervention.
The scan includes all stages that your plan supports (DNS, subdomains, technologies, CVEs).
Removing a domain
To remove a domain, go to the domain detail page and click Delete Domain in the settings section. This will:
- Remove the domain and all its subdomains from your inventory
- Remove all findings associated with the domain
- Stop any scheduled scans
Deleting a domain is permanent and cannot be undone. All associated data, including historical scan results and findings, will be deleted.