Monitor your real-world attack surface
Find vulnerable assets before attackers do.
Continuously discover and monitor domains, subdomains, APIs, ports, and internet-facing services across your real attack surface. Designed for authorized reconnaissance, exposure analysis, and open-source pentesting.
6k+
security checks ready for broad web coverage
$5
per paid domain each month
0
scanner infrastructure for your team to operate
splorix / external exposure console
selected domain
yourdomain.com
Score
72
Open
9
Next run
Sat
Admin interface exposed without authentication
https://yourdomain.com/api
Server-side request flow open to abuse
https://yourdomain.com/api
Security headers missing on sensitive paths
https://yourdomain.com/api
Billing this period
$5 / mo
how it works
Start domain security scanning without scanner infrastructure.
Add the domain you control, confirm authorization, choose the cadence, and let Splorix turn each external attack surface scan into a clear queue your team can work through.
Add the domain you own
Register a clean root domain and keep every monitored asset grouped inside one workspace.
Confirm authorization
Every domain requires an explicit confirmation that you are allowed to run security testing.
Set the scan rhythm
Choose the day, time, and alert threshold, then launch a manual run any time you need fresh signal.
Move on the findings
Review the evidence, affected paths, reproduction notes, and remediation guidance in one place.
why teams use splorix
Turn exposed domains into a managed cybersecurity workflow.
Public websites, APIs, and domain records change constantly. Splorix gives teams a repeatable way to monitor external exposure, validate vulnerabilities, and keep remediation moving without building scanner infrastructure.
Discover the external attack surface
Track authorized domains, live subdomains, SSL data, Whois records, and scan history from one workspace.
Run focused vulnerability scanning
Launch authorized scans on approved domains and receive findings with severity, evidence, reproduction notes, and fix guidance.
Keep continuous security monitoring active
Schedule recurring scans, enforce weekly scan limits, and keep billing aligned with active paid domains.
scan pipeline
A repeatable vulnerability scanning pipeline for approved targets.
Splorix launches an isolated scan, inventories reachable assets, checks the authorized domain for known weakness patterns, and turns the result into a report your team can act on.
Scope stays tied to the approved domain.
Each run receives only the target, the time limit, and a one-shot callback token. Results go back to Splorix, and the runner can disappear after the job.
Launch isolated run
A short-lived runner starts with the target, timeout, and return path for one scan only.
Run context ready
Expand the surface
The root domain is expanded into reachable web assets, then cleaned so the scan stays focused.
Surface inventory
Keep what is live
Only responsive web services stay in scope so the run concentrates on real exposure.
Reachable services
Map exposed paths
Reachable applications are explored to surface URLs, routes, parameters, and sensitive entry points.
Mapped routes
Check for weaknesses
Known vulnerability patterns are tested against the mapped surface and classified into clear severities.
Detected weaknesses
Publish the result
Splorix scores the run, attaches evidence, and stores the findings in the domain timeline.
Score and findings
capabilities
One console for attack surface, findings, and follow-up.
Splorix brings external attack surface management, scheduled vulnerability scanning, actionable reporting, notifications, and billing into one workflow your team can keep up with.
External attack surface visibility
Track approved domains, scan state, discovered subdomains, SSL intelligence, Whois data, and exposed web assets from one workspace.
Domain vulnerability scanning
Keep a predictable scan cadence and launch on-demand authorized penetration testing runs whenever something changes.
Evidence-rich findings
Each finding comes with severity, affected asset, technical context, reproduction notes, and fix guidance.
Signal-based notifications
Alert the right people when findings cross the severity threshold you set for each domain.
Billing you can explain
Track paid domain slots across the month with rules that stay simple when your scope changes.
Ephemeral cloud runners
Spin up isolated runners for the job, collect signed results, and shut the infrastructure back down.
outcomes
Less noise. Better security response.
Reduce blind spots by keeping approved domains under continuous security monitoring instead of relying on occasional checks.
Prioritize vulnerabilities that matter with clearer severity signal, affected assets, and better remediation context.
Give engineering and security teams a report they can move on without rebuilding the story behind each issue.
Avoid stitching together scanner infrastructure, schedules, spreadsheets, and report storage yourself.
pricing
Pricing that stays understandable as scope changes.
You pay $5 per active domain slot in the current monthly period. If an active domain is removed, its paid slot can be reused by another domain without growing the bill until renewal.
Authorized domain scanning
A domain is billed when it takes a paid slot, not when its first scan runs.
Create accountguardrails
Built for authorized security work.
Splorix is designed for domains you own or have explicit permission to assess.
Explicit authorization
Every domain requires a rights confirmation before scans can begin.
Scoped workspace
Domains, reports, billing, sessions, and audit events stay contained inside the workspace.
Auditable activity
Account, billing, scan, and deletion actions are recorded so teams keep operational traceability.
ready to move
Bring your approved domains into Splorix and keep visibility on by default.
Create the workspace, schedule the first scan, and give your team a live record of exposure, findings, and remediation progress.
Shared visibility
See domains, scans, issues, and change over time in one place.
Actionable reports
Give teams the evidence and guidance needed to move from finding to fix.
Billing clarity
Understand exactly what is billed in the month without spreadsheets or guesswork.