I'd like to try to identify potential attack vectors of a network from the outside as a potential bad actor could try.
It would be best if it accepted a domain name as the starting point of the scan.
I've used <a href="https://pentest-tools.com" rel="nofollow">https://pentest-tools.com</a> in the past. It's not exhaustive, but can be a good starting point.