Splorix
Start 3-Day Trial

Monitor your real-world attack surface

Find vulnerable assets before attackers do.

Continuously discover and monitor domains, subdomains, endpoints, technologies, ports, firewall coverage, typosquatting registrations, and credential leak signals across your real attack surface.

Start 3-Day Trial See pricing

9+

external security signals in one workspace

$1

for 3-day trial

0

scanner infrastructure for your team to operate

splorix / external exposure console

selected domain

yourdomain.com

Active

Score

72

Vulnerabilities

9

Next run

Sat

Tech stack

Nuxt, Spring, PostgreSQL

Endpoints

184 mapped paths

Typosquatting

7 lookalikes

Firewall

WAF detected

Admin interface exposed without authentication

https://yourdomain.com/api

Critical

Server-side request flow open to abuse

https://yourdomain.com/api

High

Security headers missing on sensitive paths

https://yourdomain.com/api

Medium

how it works

Start domain security scanning without scanner infrastructure.

Add the domain you control, confirm authorization, choose the cadence, and let Splorix turn each external attack surface scan into a clear queue your team can work through.

01

Add the domain you own

Register a clean root domain and keep every monitored asset grouped inside one workspace.

02

Confirm authorization

Every domain requires an explicit confirmation that you are allowed to run security testing.

03

Set the scan rhythm

Choose the day, time, and alert threshold, then launch a manual run any time you need fresh signal.

04

Move on the findings

Review the evidence, affected paths, reproduction notes, and remediation guidance in one place.

why teams use splorix

Turn exposed domains into a managed cybersecurity workflow.

Public websites, APIs, and domain records change constantly. Splorix gives teams a repeatable way to monitor external exposure, validate vulnerabilities, and keep remediation moving without building scanner infrastructure.

  • Discover the external attack surface

    Track authorized domains, live subdomains, ports, SSL data, Whois records, security.txt, and scan history from one workspace.

  • Run focused vulnerability scanning

    Launch authorized scans on approved domains and receive findings with severity, evidence, reproduction notes, and fix guidance.

  • Enrich every asset with security context

    Review technology stacks, discovered endpoints, firewall signals, credential leak exposure, and registered typosquatting domains around your scope.

  • Keep continuous security monitoring active

    Schedule recurring scans, receive email alerts, and keep billing aligned with active paid domains.

platform

One console for attack surface, findings, and follow-up.

Splorix launches an isolated scan on approved targets, inventories reachable assets, checks for known weakness patterns, and brings external attack surface management, endpoint discovery, technology fingerprinting, typosquatting monitoring, credential leak checks, firewall intelligence, actionable reporting, notifications, and billing into one workflow your team can keep up with.

Scope stays tied to the approved domain.

Each run receives only the target, the time limit, and a one-shot callback token. Results go back to Splorix, and the runner can disappear after the job.

  • Expand the surface

    The root domain is expanded into subdomains, ports, and reachable web assets, then cleaned so the scan stays focused.

  • Map exposed endpoints

    Reachable applications are crawled to surface URLs, routes, parameters, and sensitive entry points.

  • Fingerprint technologies

    Splorix enriches live assets with detected tech stacks, SSL, Whois, security.txt, and firewall context.

  • Monitor adjacent risk

    Typosquatting registrations and credential leak exposure are checked alongside the owned attack surface.

  • Check for weaknesses

    Known vulnerability patterns are tested against the mapped surface and classified into clear severities.

  • Publish the result

    Splorix scores the run, attaches evidence, and stores findings and security signals in the domain timeline.

  • External attack surface visibility

    Track approved domains, scan state, discovered subdomains, ports, SSL intelligence, Whois data, and exposed web assets from one workspace.

  • Domain vulnerability scanning

    Keep a predictable scan cadence and launch on-demand authorized penetration testing runs whenever something changes.

  • Tech stack fingerprinting

    See frameworks, CMS, libraries, analytics tools, and platform hints detected on your public-facing assets.

  • Endpoint inventory

    Collect crawled URLs and exposed paths so teams understand what applications make reachable on the internet.

  • Typosquatting monitoring

    Detect registered lookalike domains across configured extensions and inspect permutation type, DNS, mail, and similarity data.

  • Credentials leak monitoring

    Check whether credentials related to your monitored domain appear in breach intelligence and route the signal into the same workflow.

  • Firewall and WAF detection

    Review whether a web application firewall is detected and keep the raw provider response available for verification.

  • Evidence-rich findings

    Each finding comes with severity, affected asset, technical context, reproduction notes, and fix guidance.

  • Signal-based notifications

    Alert the right people when findings cross the severity threshold you set for each domain.

outcomes

Less noise. Better security response.

  • Reduce blind spots by keeping approved domains under continuous security monitoring instead of relying on occasional checks.

  • Understand what runs publicly with tech stack, endpoint, SSL, Whois, firewall, and security.txt context.

  • Catch adjacent risks such as typosquatting registrations and credential leak signals before they become incident work.

  • Prioritize vulnerabilities that matter with clearer severity signal, affected assets, and better remediation context.

  • Give engineering and security teams a report they can move on without rebuilding the story behind each issue.

  • Avoid stitching together scanner infrastructure, schedules, spreadsheets, and report storage yourself.

pricing

Pricing that stays understandable as scope changes.

Start scanning your first authorized domain in minutes, then keep billing predictable as your monitored scope grows.

  • Authorized external attack surface scanning.
  • Weekly scan scheduling with security issue tracking.
  • Tech stacks, endpoints, firewall, typosquatting, and credential leak signals.
  • Email alerts and patch recommendations.

First domain offer

$1for 3-day trial

Then $99/month. Cancel anytime during trial.

Start 3-Day Trial View full pricing

Each paid slot covers one root domain. Deleted domains free their slot during the current paid period.

guardrails

Built for authorized security work.

Splorix is designed for domains you own or have explicit permission to assess.

Explicit authorization

Every domain requires a rights confirmation before scans can begin.

Scoped workspace

Domains, reports, billing, sessions, and audit events stay contained inside the workspace.

Auditable activity

Account, billing, scan, and deletion actions are recorded so teams keep operational traceability.

ready to move

Bring your approved domains into Splorix and keep visibility on by default.

Create the workspace, schedule the first scan, and give your team a live record of exposure, findings, and remediation progress.

Launch workspace Sign in

Shared visibility

See domains, subdomains, endpoints, technologies, scans, and issues in one place.

Actionable reports

Give teams the evidence and guidance needed to move from finding to fix.

Billing clarity

Understand exactly what is billed in the month without spreadsheets or guesswork.