About Exarlo
Automated Security.
Human Intelligence.
Exarlo was built to bridge the gap between expensive, slow, human-led penetration tests and noisy, unactionable automated vulnerability scanners.
Our Methodology
We use an OWASP-inspired reconnaissance methodology to map your public attack surface exactly how a real attacker would. We don't rely on intrusive, destructive exploits. Instead, we use passive and semi-passive techniques to read what your infrastructure is broadcasting to the world.
From DNS zone transfers and DMARC evaluation to deep TLS cipher analysis and known-CVE fingerprinting, our engine correlates dozens of signals into a single, prioritized risk score.
We publish the full breakdown — every engine we run, what it inspects, and how findings map to OWASP, CVE/NVD and compliance frameworks — on our methodology page.
Privacy Respecting by Design
We believe security scanning shouldn't require installing agents or handing over your private keys.
- Zero Agents: We only test your external, public-facing perimeter.
- No Production Impact: Our scans are heavily rate-limited and purely diagnostic.
- Authorized Testing: We adhere to strict legal and ethical boundaries, performing scans only when explicitly requested by domain owners.
Why Just $149?
By automating the reconnaissance and report generation phases of traditional security auditing, we can offer enterprise-grade insights at a fraction of the cost. We don't charge recurring subscriptions because we believe a security baseline should be accessible to everyone.
Ready to secure your domain?
Your scan runs in minutes; the full report and PDF are emailed to you, guaranteed within 48 hours.