Skip to main content
The Attack Surface Map is an interactive visualisation of everything Odin knows about your external attack surface. It renders your assets as nodes and the relationships between them as edges, so you can see your infrastructure at a glance and spot risk concentrations.

What the map shows

  • Nodes represent individual assets (domains, subdomains, IPs)
  • Edges represent relationships between assets (domain hierarchy, DNS resolution, shared certificates)
The layout arranges nodes by their relationships, so related assets cluster together. Each node shows the asset’s name, type, and any open findings linked to it.

Node types

Odin classifies nodes based on the asset’s characteristics:
Node typeClassification
Root DomainA top-level domain in your workspace
SubdomainA subdomain beneath a root domain
ServerAn IP address serving web traffic
DatabaseAn IP with database ports open (3306, 5432, 27017, 1433, 6379)
Auth GatewayAn IP or subdomain running an authentication service

Filtering

Use the controls above the map to narrow what’s displayed:
  • Search: jump to a specific asset by name
  • Domain navigator: drill into a particular root domain and its descendants
  • Finding status: highlight nodes by their finding status
Nodes with open findings display a coloured ring matching the highest severity, so areas of risk stand out at a glance.

Interacting with the map

  • Click a node to open the asset detail panel
  • Pan by clicking and dragging the background
  • Zoom with the scroll wheel or pinch gesture
  • Fit to view with the toolbar control to recentre the canvas
The asset detail panel that opens is the same panel used on the Assets page, so you can review metadata, recon results, related findings, and more without leaving the map.