Network Subnet & Attack Surface Calculator

Calculate subnet details (usable hosts, network/broadcast addresses) and estimate your network attack surface score based on exposed ports and services.

Formulas Used

Subnet Mask: Set the first prefix bits to 1, remaining bits to 0 in a 32-bit field.

Network Address: IP & SubnetMask (bitwise AND)

Broadcast Address: NetworkAddress | WildcardMask (bitwise OR with inverse mask)

Total Addresses: 2(32 − prefix)

Usable Hosts: 2(32 − prefix) − 2  (subtract network & broadcast; /31 = 2, /32 = 1 per RFC 3021)

Attack Surface Score:

AS = (OpenPorts × 1.5) + (ExposedServices × 3) + (PublicIPs × 5)
   + (UnpatchedSystems × 10) + (log₂(UsableHosts + 1) × 2)

Risk Thresholds: Low < 30 | Moderate 30–74 | High 75–149 | Critical ≥ 150

Assumptions & References

  • Subnet calculations follow RFC 950 (subnetting) and RFC 1519 (CIDR).
  • Private address ranges per RFC 1918: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
  • /31 point-to-point links follow RFC 3021 (no network/broadcast reserved).
  • Attack surface weights are based on NIST SP 800-115 and OWASP Attack Surface Analysis guidelines.
  • Open ports weighted at 1.5× — each open port is a potential entry point.
  • Exposed services weighted at 3× — services have exploitable vulnerabilities beyond raw port exposure.
  • Public IPs weighted at 5× — directly reachable from the internet without NAT protection.
  • Unpatched systems weighted at 10× — highest risk factor per CVE/CVSS statistics.
  • Subnet factor uses log₂ to reflect that larger subnets increase surface area sub-linearly.
  • This tool provides an indicative score; a full risk assessment requires penetration testing and vulnerability scanning.

More Calculators

Browse All 1861 Free Calculators at National Calculator Authority

In the network

Network