Secure Your External Perimeter.

AI-Powered Reconnaissance & Vulnerability Scanning that thinks like a hacker, providing actionable intelligence in minutes, not days.

Start Scanning

Simple 5-Step Process

From sign-up to actionable intelligence in minutes.

👤

1. Create Account

Sign up securely using Google Authentication.

📝

2. Authorize

Define your scope, accept Terms of Service, and sign the waiver.

3. Verify

Prove domain ownership instantly via a simple DNS TXT record.

💳

4. Execute

Pay $99 to launch the scan satellite securely via Stripe.

📩

5. Receive Intel

Get a detailed PDF report delivered to your email in ~4 hours.

Lightning Fast

Full spectrum scans complete in under 60 minutes using serverless Cloud Run infrastructure.

🔒

Compliance Ready

Detailed logs and reports help satisfy auditing requirements for SOC2, ISO27001, and more.

💰

Cost Effective

Enterprise-grade security scanning at a fraction of the cost of traditional pentesting firms.

Simple, Transparent Pricing

No subscriptions. No hidden fees. Pay as you go.

POPULAR

Single Domain Audit

$99

Per Scan / Per Domain

  • Full Reconnaissance (Subdomains & DNS)
  • Port & Service Scanning
  • Vulnerability Assessment
  • 6-Hour Execution Timeout
  • PDF Report via Email
Start Audit

Frequently Asked Questions

Expand All | Collapse All
🔍 What is this scan actually doing? +

Strix runs a penetration test simulation against your domain. It follows the same steps a real hacker would: Reconnaissance, Port Scanning, Vulnerability Probing, and Reporting.

✅ How do I verify my domain? +

You need to add a TXT Record to your DNS settings containing a unique token we provide. This proves ownership and prevents unauthorized scanning.

🌐 Why are `domain.com` and `api.domain.com` separate scans? +

Strict Scoping Rule: For legal and safety reasons, our scanner stays strictly within the exact hostname you provide. Subdomains like `api.domain.com` often reside on different infrastructure and require separate authorization.

🛡️ What vulnerabilities do you look for? +

We test for thousands of known issues, specifically targeting:

  • OWASP Top 10: SQL Injection, Cross-Site Scripting (XSS), and Broken Authentication.
  • Infrastructure Flaws: Open operational ports, outdated software versions, and weak SSL/TLS configurations.
  • Exposed Assets: Leaked API keys, backup files, and debug endpoints left public.
Expand All Collapse All

About Us

For more information, please contact [email protected].