PentaTrail Logo

FAQ

Frequently Asked Questions

Find answers to common questions about PentaTrail/CTEM

PentaTrail is a CTEM (Continuous Threat Exposure Management) platform that automatically discovers and monitors your external attack surface.

Starting from the domains your organization owns, it continuously scans externally exposed assets and vulnerabilities from an attacker's perspective.

Key Features:

  • Automated discovery of hosts, IPs, ports, technology stacks, URLs, and cloud buckets
  • Web application and SSL/TLS vulnerability scanning
  • Real-time detection of asset changes
  • Risk quantification via proprietary scoring (TDL/TER)

CTEM (Continuous Threat Exposure Management) is a framework for continuously identifying, assessing, and remediating external threats.

PentaTrail covers the full CTEM lifecycle through 5 integrated stages:

  1. Scoping — Register domains and define your monitoring scope
  2. Discovery — Automatically discover subdomains, IPs, ports, technologies, and URLs
  3. Prioritization — Score each finding using TDL/TER metrics combining CVSS, EPSS, KEV, and business impact
  4. Validation — Verify exploitability with AI-powered deep scans
  5. Mobilization — Assign remediation tasks, track status, and generate reports
  1. Agree to Terms of Service & Create an Account — Sign up via Google OAuth or email + password
  2. Set Up MFA — Configure multi-factor authentication (TOTP) as a mandatory step during initial setup
  3. Register Your Domain — Add the domain you want to monitor from the dashboard
  4. Verify Domain Ownership — Add a DNS TXT record to confirm ownership. Propagation typically takes a few minutes to a few hours
  5. Automatic Scanning Begins — Once verification is complete, asset discovery starts automatically

Note: Free email addresses (gmail.com, yahoo.com, etc.) cannot be used for registration.

Yes. PentaTrail offers a 14-day free trial after account creation — credit card registration only, no upfront charges.

What's included in the trial:

  • Up to 3 origin domains
  • Full asset discovery (hosts, IPs, ports, technologies, URLs)
  • Complete dashboard access including risk scoring

Deep scanning is available as an add-on after subscribing to a paid plan.

You can start monitoring in as little as 5 minutes. No software installation or network configuration required.

  1. Agree to Terms of Service & create an account
  2. Register the domain you want to monitor
  3. Asset discovery begins automatically

Discovery results appear in your dashboard within a few hours. If you want deep scanning, DNS TXT domain ownership verification is required as a separate step.

No. PentaTrail uses non-intrusive, external observation — the same perspective an attacker would have.

  • No agents or internal network access required
  • Scans use only public information gathering (HTTP/HTTPS requests, DNS lookups)
  • Server load is comparable to normal web browsing
  • No write operations or data modifications are performed

Even during the Validation phase, exploitability is confirmed using non-destructive techniques.

Register origin domains from the dashboard:

  1. Add a domain from "Domain Management" in the dashboard
  2. Verify domain ownership via DNS TXT record
  3. Asset discovery begins automatically after verification

DNS verification typically takes a few minutes to a few hours, depending on DNS propagation.

Still have questions?

If the FAQ didn't resolve your issue, feel free to contact us.

Contact UsBack to Home