Real exposure visibility
Security teams can review the pages, APIs, scripts, files, and application routes that are actually reachable during authorized monitoring.
Endpoint tracker
Track every discovered endpoint in one inventory.
Splorix turns authorized crawl and scan output into a searchable endpoint inventory for your domains. Review URLs, resource types, last-seen timestamps, filters, pagination, and CSV exports from the Endpoints page.
Discovered URL inventory
Review reachable URLs collected from authorized scans and crawls for the selected root domain or subdomain.
Resource type classification
Splorix classifies endpoints as HTML, API, JavaScript, JSON, CSS, image, document, archive, font, XML, or other resource types.
Last-seen visibility
See when each endpoint was last observed so stale, newly exposed, or frequently rediscovered URLs are easier to triage.
CSV export for review
Export filtered endpoint inventories with type, URL, and last-seen fields for evidence, review, or downstream workflows.
What is endpoint tracking?
A practical map of reachable web paths.
Endpoint tracking turns crawl and scan output into a practical inventory of public URLs your organization exposes. Instead of treating every discovered path as a temporary scanner artifact, Splorix keeps the endpoints visible by domain, classifies their resource type, and shows when they were last seen so teams can understand what their web applications make reachable from the internet.
Why it matters
Exposed endpoints are where users, systems, and attackers meet your application.
A clean endpoint inventory helps teams move from vague attack surface awareness to concrete review. Public URLs can include authentication flows, APIs, scripts, exports, forgotten documents, and legacy routes. Seeing them together makes cleanup and prioritization less dependent on guesswork.
Risk prioritization
Login flows, admin paths, API routes, JSON data, archived files, and old documents deserve different levels of review and remediation.
Change awareness
Last-seen timestamps make it easier to notice new exposure after releases, disappearing paths after cleanup, and endpoints that keep returning.
Evidence for teams
CSV export helps security, engineering, and compliance teams share a concrete endpoint list without copying rows by hand.
How it works
From scan output to a reviewable endpoint inventory.
01
Choose a monitored domain or subdomain
The Endpoints page uses the selected workspace domain and can narrow the inventory to a specific discovered subdomain when the user opens that context.
02
Collect reachable URLs during scans
Authorized crawling and scan workflows feed discovered URLs into Splorix so endpoints are tied to the same external monitoring program as vulnerabilities and assets.
03
Classify endpoint resource types
Splorix resolves each URL into readable categories such as HTML page, API, JavaScript, JSON, CSS, image, document, archive, font, XML, or other.
04
Filter by type
Users can switch from all endpoints to a specific resource type, making it faster to review API routes, scripts, documents, or other high-signal groups.
05
Review last-seen timestamps
Each row shows when the endpoint was last observed, which helps teams separate active exposure from older paths that may need confirmation.
06
Export the inventory
The page can export the current endpoint set as CSV, including Type, URL, and Last seen, for reporting, handoff, or offline review.
Review signals
Understand what each endpoint represents.
Endpoint type filters help teams avoid one giant URL list. A product owner may start with HTML pages, an API team may filter for API and JSON routes, and a security reviewer may look for documents, archives, or scripts that reveal sensitive application context.
HTML pages
Public pages, login screens, dashboards, forms, and application views that users or scanners can reach.
API and JSON routes
Endpoints that may expose application behavior, data contracts, integrations, or authentication-sensitive operations.
JavaScript and CSS assets
Client-side bundles and stylesheets that can reveal route names, feature flags, API paths, or third-party dependencies.
Documents and archives
Files such as PDFs, office documents, backups, compressed archives, or exports that may deserve manual review.
Images and fonts
Static resources that help distinguish normal website assets from unusual or newly exposed file paths.
Other resources
Unclassified paths that still matter because attackers often investigate unusual extensions, legacy routes, and forgotten files.
Security actions
Turn endpoint visibility into cleanup and validation work.
Review sensitive routes first
Start with API, JSON, admin-looking, authentication, upload, export, debug, and document endpoints where business impact is usually higher.
Verify authorization boundaries
Endpoint visibility does not prove a vulnerability, but it gives teams a map for checking authentication, authorization, and tenant scoping.
Remove stale exposure
Use the inventory to find old files, unused routes, deprecated assets, and forgotten paths that no longer need to be public.
Harden high-value endpoints
Apply rate limits, safe headers, logging, monitoring, and testing coverage where public reachability creates meaningful risk.
Share evidence with owners
Export CSV evidence for application teams so cleanup and review can happen in the systems where engineering work is tracked.
Compare after releases
Revisit the Endpoints page after deployments, migrations, and incident fixes to confirm what changed on the public surface.
FAQ
Endpoint tracker questions.
Short answers for teams evaluating endpoint inventory inside their external attack surface workflow.
What is the Splorix Endpoint tracker?
Endpoint tracker is the Splorix feature that lists URLs discovered during authorized monitoring, classifies them by resource type, and shows when each endpoint was last seen.
Where do endpoint records come from?
Endpoint records come from Splorix scan and crawl workflows for domains and subdomains in your authorized workspace scope. The feature is designed to organize discovered URLs, not to crawl targets outside your permission.
What endpoint types can Splorix show?
Splorix groups endpoints into readable types such as HTML page, JavaScript, JSON, CSS, image, font, XML, document, archive, API, and other.
Can I filter endpoint inventory?
Yes. The Endpoints page supports filtering by resource type so teams can focus on API routes, scripts, documents, HTML pages, or other groups without scanning the full table manually.
Can I export endpoints?
Yes. Users can export endpoint rows as CSV with Type, URL, and Last seen fields, including filtered views, for reporting, evidence, or engineering handoff.
Is endpoint tracking the same as vulnerability scanning?
No. Endpoint tracking maps what is reachable. Vulnerability scanning looks for security issues. The inventory helps teams decide which exposed paths need deeper testing, cleanup, or monitoring.
Who should use endpoint inventory?
Security teams, engineering teams, SaaS operators, compliance owners, and incident responders can all use endpoint inventory to understand public application exposure and coordinate remediation.
Endpoint visibility
Start reviewing the endpoints your public applications expose.
Use Splorix to connect endpoint inventory with domains, scans, vulnerabilities, and security context in one workspace.