Continuous External Attack Surface Monitoring

Know What's Exposed.
Fix What Matters.

SwarmHawk scans every internet-facing domain you own, maps how an attacker would move through them, and delivers a prioritized action plan — not another 500-page vulnerability report.

Start Free — No Credit Card → See How It Works
60M+
Domains Monitored
27
Security Checks
3,000+
CVE Templates
<60s
First Scan Result
🌍 150+ countries covered worldwide
🔍 Detects CVEs, blacklists, GitHub leaks
⚡ Scans update every 4 hours
🔒 Read-only, passive — no agents installed
🛡️ Built on MITRE ATT&CK framework
Who It's For

Built for Every Team
That Cares About Exposure

One platform, four entry points. Pick yours below.

For Domain Owners

Your domain is live.
Is it safe?

You built the business. You set up the domain. But is it showing up on a blacklist? Is someone spoofing it to phish your customers? Do you have an exposed login page you forgot about?

Most small businesses find out the hard way. SwarmHawk tells you before that happens.

  • You don't know what you don't know. Subdomains accumulate. Old staging environments get forgotten. One exposed admin panel is all it takes.
  • Security tools are built for IT teams, not founders. You don't have time to learn CVSS scores or read 80-page reports.
  • You find out when it's already a problem. Blacklisting kills email deliverability overnight. Breach notices destroy customer trust.
How SwarmHawk Solves It

Add your domain. Get a risk score (0–100) and a plain-English list of the 3 things to fix right now. We monitor continuously and email you the moment something changes. No security expertise required.

Risk Score Dashboard Email Alerts Blacklist Monitoring CVE Detection SPF/DMARC Check Port Scanning Subdomain Enumeration CMS Fingerprinting Plain-English Fixes
Start Free — 1 Domain → See How It Works
swarmhawk.com/dashboard
72
Risk Score — High
Priority Actions
Criticalmail.yourdomain.com — listed on Spamhaus SBL
CriticalCVE-2024-1234 (CVSS 9.1) on staging.yourdomain.com
HighMissing DMARC policy — phishing risk
Highadmin.yourdomain.com exposed without WAF
FixedSPF record valid ✓
1
Sign up, add your domain
Takes 30 seconds. Paste your domain name. Done.
2
Get your risk score in <60s
23 checks + 3,000+ active CVE templates run instantly. No waiting, no setup.
3
Fix what matters, ignore the rest
We tell you the top 3 issues. Plain English. Direct links to fix guides.
4
Sleep knowing you're covered
Continuous monitoring alerts you if anything changes.
For Developers

Domain security intel,
wherever you build.

You're building a product, a platform, or a pipeline. Domain risk data should flow into your workflow automatically — not require logging into yet another portal and clicking export.

  • Security checks live outside your CI/CD pipeline. By the time someone runs a scan, the build is already in production.
  • Your customers' domains are your reputational risk. If their domain sends spam, your platform gets associated with it.
  • Building your own scanner costs months. Threat intel feeds, CVE matching, blacklist APIs — we already built it.
How SwarmHawk Solves It

A clean REST API plus an MCP server so AI coding agents can query domain risk as a native tool call. Webhooks push new findings to Slack, PagerDuty, or your own endpoint. Use it in 5 minutes.

REST API MCP Server Webhooks Batch Upload JSON Responses API Key Auth
Explore API Docs → Get API Key
terminal
# Scan any domain via REST API curl https://swarmhawk.com/api/scan/example.com \ -H "Authorization: Bearer YOUR_KEY" # Response { "domain": "example.com", "risk_score": 72, "max_cvss": 9.1, "blacklisted": true, "dmarc_status": "missing", "priority_actions": [...] } # Or use via MCP in Claude / Cursor swarmhawk_scan({ domain: "example.com" }) swarmhawk_breach_paths({ org: "acme-corp" })
1
Sign up, grab your API key
Available in your dashboard under API Keys. No approval process.
2
Call GET /scan/{domain}
Full risk profile in JSON. Batch upload via POST /admin/batch-upload.
3
Wire up webhooks or MCP
Push findings to Slack. Or let your AI agent query SwarmHawk directly.
For Security Teams

Attack paths mapped.
Choke points found.

You manage 50, 100, maybe 300 domains across subsidiaries and acquired brands. Individual risk scores don't tell you which vulnerability connects to your ERP. SwarmHawk does.

  • No one sees the full picture. Subsidiaries, old brands, dev environments — they accumulate. Attackers discover them before your team does.
  • Findings without context are noise. Knowing mail.acme.com has a CVE is not enough. You need to know it's a stepping stone to your admin panel.
  • Enterprise EASM tools cost $200k/yr. And still don't show you the breach path across your specific organization graph.
How SwarmHawk Solves It

The Org Graph clusters all your domains by organization. The Breach Path Engine builds a directed attack graph showing every viable route from internet entry point to critical asset. Choke point analysis tells you the minimum remediations that break the most paths.

Org Graph Breach Path D3 Visualization Choke Point Analysis CTEM Workflow MITRE ATT&CK Labels XDR Integration
See Enterprise Platform → Request Demo
Org Graph — acme-corp.com
3
Entry Points
4
Choke Points
11
Breach Paths
Highest Priority Choke Point
api.acme.com
Appears in 8 of 11 breach paths → admin panel + ERP
Fix this first Breaks 73% of all attack paths
MITRE ATT&CK: T1190 · T1566 · T1021 · T1078
1
Run migration + org compute
One click in the admin dashboard clusters all domains by organization.
2
Review the breach path graph
Interactive D3.js visualization — drag nodes, hover for MITRE details.
3
Fix choke points, not everything
3 remediations → 80% path reduction. Assign to Jira. Track SLA.
For Hosting Providers

Turn your domain
portfolio into ARR.

You manage tens of thousands of customer domains. You're sitting on an untapped security revenue stream — and a growing abuse problem you're handling reactively. SwarmHawk fixes both.

  • Compromised domains hurt your IP reputation. One blacklisted mail server on your network affects all your customers.
  • Your abuse team is firefighting. Reactive incident response. No proactive visibility into which domains are already compromised.
  • Security is an untapped upsell. Your customers want it. You just don't offer it yet.
How SwarmHawk Solves It

Push your domain list via bulk API. Get daily risk feeds for your entire network. White-label the dashboard with your branding and offer it as an add-on. You earn a 30% revenue share on every subscription. We do the scanning — you clip the ticket.

Bulk API Feed White-Label Dashboard Daily Abuse Digest Revenue Share 30% Reseller Portal Co-Branded Reports
Become a Partner
Partner Revenue Calculator
Your domain portfolio
500,000 domains
25,000
Customers at 5%
$75k
Your ARR / yr
Revenue formula
500k domains × 5% conversion × $10/domain/yr × 30% share = $75,000 ARR with zero scanning cost
1
Sign Partner Agreement
Quick NDA + revenue share contract. Done in a week.
2
Push your domain list via API
Bulk upload your portfolio. We scan everything and return risk feeds.
3
Offer white-label to customers
Add "Domain Security" to your control panel. We handle the product.
4
Collect revenue share monthly
30% of every subscription sold through your panel, paid monthly.
New — OSINT Intelligence

Beyond the Scan.
What's Already Public About You.

Most scanners check your domain from the outside. SwarmHawk also checks what attackers find on GitHub, CISA, and across the open web — before they can use it against you.

🔓
GitHub Credential Leak Scan
Searches all public GitHub code for your domain name alongside credential keywords — passwords, API keys, tokens. Catches accidental .env commits before attackers do. Score impact: up to +20.
💣
GitHub PoC Exploit Hunter
Fingerprints your live tech stack (server, CMS, framework), then searches GitHub for public proof-of-concept exploit repos targeting those exact products. Escalates to CRITICAL if weaponised code (100+ stars) is found. Score impact: up to +15.
🛡️
CISA KEV Direct Matching
Matches your detected software stack against the full CISA Known Exploited Vulnerabilities catalog (1,200+ entries, updated daily). Flags ransomware-linked CVEs inline. Cached locally — zero extra network calls per scan. Score impact: up to +18.
📬
Security Contact Discovery
Verifies RFC 9116 security.txt presence, then falls back to scanning your public web pages via Jina Reader for a discoverable security contact. Required for GDPR Art.33 breach response and NIS2 Art.23 incident notification.

All 4 checks run automatically on every scan. Results appear in the same grouped sections as all other findings — dashboard, PDF report, and API response. Read the docs →

The Platform

One Engine. Every Team's Needs.

SwarmHawk runs a single continuous scanning engine across 100M+ global domains. Every customer segment draws from the same live data — what changes is how you access it.

SwarmHawk Data Engine
100M+ domains · 27 checks · 3,000+ CVE templates · CISA KEV · GitHub OSINT · Org Graph · Breach Paths
Dashboard
REST API
MCP Server
Bulk Feed
🏠
Domain Owners
Web dashboard, risk score, email alerts, priority action plan
⚙️
Developers
REST API, MCP tools, webhooks, JSON responses, batch upload
🏢
Security Teams
Org graph, breach paths, choke points, CTEM workflow, XDR bridge
🌐
Hosting Providers
White-label portal, daily abuse feed, reseller dashboard, rev-share
How It Works

Up and Running in 60 Seconds

No agents to install. No firewall rules to change. SwarmHawk works entirely from the outside — the same view an attacker has.

🌐1

Add Your Domain

Sign up and paste a domain name — or upload a .txt / .json list of hundreds at once. We never need access to your servers.

🔍2

We Scan Everything

23 checks + 3,000+ active nuclei CVE templates run: CVE matching with active exploit confirmation, blacklist lookups, SPF/DMARC validation, active port scanning, subdomain enumeration, CMS fingerprinting, DAST probes, WAF detection, IP reputation, and more. Results in under 60 seconds.

3

Get Your Action Plan

A risk score, prioritized next steps for every finding (linked to our knowledge base), and — for enterprise — a full breach path graph showing exactly how an attacker would move through your assets.

Pricing

Start Free. Scale When You're Ready.

No per-seat fees. One free domain scan to get started — upgrade for ongoing monitoring, API access, and portfolio-scale coverage.

Free
$0
Scan your first domain for free — no credit card needed.
  • 1 domain
  • Full security scan
  • Risk score dashboard
  • PDF report download
  • Multiple domains
  • API & MCP access
  • Ongoing monitoring
Get Started Free
Most Popular
Pro
$79/mo
For developers and domain owners who need full coverage.
  • Up to 10 domains
  • Unlimited rescans
  • Full 22-check scan engine
  • PDF reports + email alerts
  • API & MCP access
  • NIS2 compliance check
  • Domain ownership verification
Upgrade to Pro →
Business
$299/mo
For security teams and agencies managing large portfolios.
  • Up to 100 domains
  • Everything in Pro
  • Shodan attack surface intel
  • Breach intel (ParanoidLab)
  • Authenticated scan
  • Supply chain monitoring
  • Bulk domain import
Upgrade to Business →

Start with a free scan — no credit card required. Need custom volume? Talk to us.

Why SwarmHawk

Not Just Another Scanner

Most tools tell you what's vulnerable. SwarmHawk tells you how an attacker would actually use it — and what single fix breaks the most attack paths.

Capability SwarmHawk Traditional Scanners Enterprise EASM ($200k/yr)
External asset discovery
Continuous, no agents needed
Breach path visualization
How the attacker moves through your assets
Choke point prioritization
Minimum fixes, maximum path reduction
 Partial
Global domain depth
All ccTLDs + gTLDs, 150+ countries
 ✓ 100M+ domains Partial Global only
GitHub PoC & leak intelligence
Public exploit code + credential leaks for your domain
CISA KEV software matching
Direct match of your tech stack against known-exploited CVEs
 Partial
MCP server for AI agents
Works with Claude, Cursor, Copilot
B2B reseller programme
White-label + revenue share
Accessible pricing
Starts free, not at $200k/yr
 ✓ Free → $79/mo Varies $200k+/yr
What Teams Say

Trusted Across Europe

"We found a blacklisted subdomain that was silently tanking our email deliverability. SwarmHawk caught it before a single customer noticed."
M
Martin K.
CTO, SaaS startup · Prague
"I added SwarmHawk's API to our CI pipeline. Every deployment now auto-checks the target domain. It's become part of our security baseline."
A
Ana V.
Senior DevOps Engineer · Warsaw
"The breach path graph showed us that fixing two domains would break 9 out of 11 attack paths across our entire subsidiary network. That's not something our previous tool could do."
T
Tomáš R.
CISO · Financial services · Vienna
Get Started

Your attack surface is already visible
to attackers. Is it visible to you?

Start with one domain, for free. No credit card. No setup. First result in under 60 seconds.

Start Free — No Credit Card → Talk to a Human