About Exarlo

Automated Security.
Human Intelligence.

Exarlo was built to bridge the gap between expensive, slow, human-led penetration tests and noisy, unactionable automated vulnerability scanners.

Our Methodology

We use an OWASP-inspired reconnaissance methodology to map your public attack surface exactly how a real attacker would. We don't rely on intrusive, destructive exploits. Instead, we use passive and semi-passive techniques to read what your infrastructure is broadcasting to the world.

From DNS zone transfers and DMARC evaluation to deep TLS cipher analysis and known-CVE fingerprinting, our engine correlates dozens of signals into a single, prioritized risk score.

We publish the full breakdown — every engine we run, what it inspects, and how findings map to OWASP, CVE/NVD and compliance frameworks — on our methodology page.

Privacy Respecting by Design

We believe security scanning shouldn't require installing agents or handing over your private keys.

  • Zero Agents: We only test your external, public-facing perimeter.
  • No Production Impact: Our scans are heavily rate-limited and purely diagnostic.
  • Authorized Testing: We adhere to strict legal and ethical boundaries, performing scans only when explicitly requested by domain owners.

Why Just $149?

By automating the reconnaissance and report generation phases of traditional security auditing, we can offer enterprise-grade insights at a fraction of the cost. We don't charge recurring subscriptions because we believe a security baseline should be accessible to everyone.

Ready to secure your domain?

Your scan runs in minutes; the full report and PDF are emailed to you, guaranteed within 48 hours.

Public-only checks. Your report is emailed to you, guaranteed within 48 hours. One-time payment, no subscription.