RedGem docs

RedGem is an external attack surface management platform. It continuously discovers everything an attacker can see about your organization — subdomains, IPs, open ports, services, and exposed credentials — then scans for weaknesses and alerts you the moment something changes.

Work is organized into workspaces; inside a workspace you add domains as monitors, and RedGem keeps each monitor's inventory, findings, and alerts up to date on a schedule.

1. Sign in at app.redgem.net — a default workspace is created for you automatically.
2. Open Discover and click Add Discover, then enter a root domain (e.g. your-company.com).
3. RedGem runs an initial discovery and begins scanning on a schedule.
4. Open the monitor to explore subdomains, IPs, ports, findings, and leaks — and set up notifications so you hear about changes automatically.

The Free plan includes 1 domain and 1,000 monthly credits — see pricing for higher tiers.

A workspace isolates a set of monitors, findings, and members. Invite teammates and give them access per workspace; plans determine how many workspaces and seats you get (1 / 3 / 20 on Free / Starter / Team).

The left navigation gives you Scans, Monitor, Security Alerts, General Settings, and Plan.

Discover is the home for your monitors. Each row is a monitored domain with its live counts. Use Add Discover to add a domain, Export Excel to download the table, the page-size and pager controls to move through long lists, and the Notifications / Findings / Graph filters to focus the view.

Opening a monitor reveals its full workspace, organized into tabs. The Overview tab summarizes subdomains, IPs, open ports, notifications, leakage, and findings; the remaining tabs drill into each area.

The Surface tab lists every security finding across the monitor's assets, ranked by severity: Critical, High, Medium, Low, and Info. Findings are deduplicated and each one links back to the exact subdomain, IP, and port it was found on.

Triage with the status workflow — mark findings Pending, Resolved, or False Positive — filter by severity or status, and export the list. Continuous re-scanning reopens a finding if a fix regresses.

Leak check surfaces leaked credentials tied to your domain and its people, gathered from infostealer logs, breach databases, combolists, and dark-web and Telegram channels. Results separate site/credential leaks from employee email leaks so you can force resets where it matters most.

Browse 62,000+ CVEs in the Explorer with charts for severity, top vendors, and trends. Save any filtered view as an alert rule — by severity, CVSS score, vendor, product, or keyword — and get notified when a matching CVE, exploit, or security-news item appears.

The scanner runs integrated tools — Nmap, Nuclei, WPScan, Dirsearch, and more — against your live assets on a schedule. Targets are dynamic: newly discovered subdomains, IPs, and ports are scanned automatically, and results feed into your aggregated, severity-ranked findings.

Route alerts to the channels your team already uses — Telegram, Slack, Microsoft Teams, email, and webhooks. Configure multiple channels at once so a new critical finding or fresh credential leak reaches the right people instantly.

API access (Starter and Team plans) lets you pull assets, findings, and alerts into your own tooling, and webhooks push events into SIEMs and automation pipelines.

curl https://app.redgem.net/api/monitors \
  -H "Authorization: Bearer $REDGEM_API_KEY"

RedGem is credit-based. Your plan sets your limits and a monthly credit allowance (1,000 / 5,000 / 20,000 on Free / Starter / Team); credits are deducted only as you run discovery, scans, and lookups. Top up your wallet any time you need more. See pricing for full details.