authorized external attack surface management
See what attackers see. Fix what matters first.
Splorix gives your team a focused security console for approved domains: continuous scans, evidence-rich findings, recurring schedules, notifications, and billing that stays easy to understand.
6k+
security checks ready for broad web coverage
$5
per scanned domain slot in the monthly period
0
scanner infrastructure for your team to operate
splorix / external exposure console
selected domain
yourdomain.com
Score
72
Open
9
Next run
Sat
Admin interface exposed without authentication
https://yourdomain.com/api
Server-side request flow open to abuse
https://yourdomain.com/api
Security headers missing on sensitive paths
https://yourdomain.com/api
Billing this period
$10 / mo
how it works
Go from approved domain to remediation-ready report.
Add the domain you control, confirm authorization, choose the cadence, and let Splorix turn each run into a clear queue your team can work through.
Add the domain you own
Register a clean root domain and keep every monitored asset grouped inside one workspace.
Confirm authorization
Every domain requires an explicit confirmation that you are allowed to run security testing.
Set the scan rhythm
Choose the day, time, and alert threshold, then launch a manual run any time you need fresh signal.
Move on the findings
Review the evidence, affected paths, reproduction notes, and remediation guidance in one place.
scan pipeline
Every run follows a tight, repeatable path.
Splorix launches an isolated scan, expands your reachable web surface, maps exposed paths, checks for known weakness patterns, and turns the result into a report your team can act on.
Scope stays tied to the approved domain.
Each run receives only the target, the time limit, and a one-shot callback token. Results go back to Splorix, and the runner can disappear after the job.
Launch isolated run
A short-lived runner starts with the target, timeout, and return path for one scan only.
Run context ready
Expand the surface
The root domain is expanded into reachable web assets, then cleaned so the scan stays focused.
Surface inventory
Keep what is live
Only responsive web services stay in scope so the run concentrates on real exposure.
Reachable services
Map exposed paths
Reachable applications are explored to surface URLs, routes, parameters, and sensitive entry points.
Mapped routes
Check for weaknesses
Known vulnerability patterns are tested against the mapped surface and classified into clear severities.
Detected weaknesses
Publish the result
Splorix scores the run, attaches evidence, and stores the findings in the domain timeline.
Score and findings
capabilities
One console for exposure, findings, and follow-up.
Splorix brings surface visibility, scheduled scans, actionable reporting, notifications, and billing into one workflow your team can actually keep up with.
External surface visibility
Track approved domains, scan state, and exposed web assets from one workspace.
Scheduled and manual runs
Keep a predictable scan cadence and launch on-demand runs whenever something changes.
Evidence-rich findings
Each finding comes with severity, affected asset, technical context, reproduction notes, and fix guidance.
Signal-based notifications
Alert the right people when findings cross the severity threshold you set for each domain.
Billing you can explain
Track scanned domain slots across the month with a ledger that still makes sense when scope changes.
Ephemeral cloud runners
Spin up isolated runners for the job, collect signed results, and shut the infrastructure back down.
outcomes
Less noise. Better response.
Reduce blind spots by keeping approved domains under continuous watch instead of relying on occasional checks.
Prioritize the issues that matter with clearer severity signal and better context.
Give engineering and security teams a report they can move on without rebuilding the story behind each issue.
Avoid stitching together scanner infrastructure, schedules, spreadsheets, and report storage yourself.
pricing
Pricing that stays understandable as scope changes.
You pay for scanned domain slots in the current monthly period. If a scanned domain is removed, it still counts for that month, but its slot can be reused by another scanned domain without growing the bill.
Authorized domain scanning
Domains can appear in billing before they are charged. A domain only becomes billable once its first scan is queued.
Create accountguardrails
Built for authorized security work.
Splorix is designed for domains you own or have explicit permission to assess.
Explicit authorization
Every domain requires a rights confirmation before scans can begin.
Scoped workspace
Domains, reports, billing, sessions, and audit events stay contained inside the workspace.
Auditable activity
Account, billing, scan, and deletion actions are recorded so teams keep operational traceability.
ready to move
Bring your approved domains into Splorix and keep visibility on by default.
Create the workspace, schedule the first scan, and give your team a live record of exposure, findings, and remediation progress.
Shared visibility
See domains, scans, issues, and change over time in one place.
Actionable reports
Give teams the evidence and guidance needed to move from finding to fix.
Billing clarity
Understand exactly what is billed in the month without spreadsheets or guesswork.