rorix
Sign In

Pentesting

Rorix runs Nuclei vulnerability scans and optional API fuzzing against web targets. Provide a URL, and Rorix checks it for common web vulnerabilities — no agents or installations required.

How It Works

  1. You provide a target URL (and optionally an OpenAPI spec URL for API fuzzing)
  2. Rorix queues a pentest job and runs the selected scanners against the target
  3. Results are grouped by severity and available in the dashboard, API, or as exports

Standalone Pentests

Go to /dashboard/pentest and enter any URL to run a one-off scan. This is useful for quick checks on staging environments or external services.

Project-Scoped Pentests

When a project has a configured target URL, you can run pentests directly from the project view. Results are linked to the project for tracking over time.

Scanners

Nuclei

A template-based vulnerability scanner that checks for common web vulnerabilities including:

  • SQL injection (SQLi)
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Server misconfigurations
  • Exposed sensitive files
  • Known CVEs in web technologies

API Fuzz

Requires an OpenAPI/Swagger specification URL. The fuzzer parses the spec and tests each endpoint with malformed and unexpected input to uncover security issues such as injection flaws, broken authentication, and improper error handling.

Results

Findings are grouped by severity: Critical, High, Medium, Low, and Info. Each finding includes:

  • The target URL and matched path
  • A description of the vulnerability
  • Remediation advice

Export

Export your pentest results as CSV or JSON from the results page.

Limits

| Plan | Pentests per Month | |---|---| | Free | 1 | | Pro | Unlimited | | Business | Unlimited |

API Usage

Create a pentest job:

curl -X POST https://rorix.io/api/pentest \
  -H "Authorization: Bearer rxk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "targetUrl": "https://example.com",
    "specUrl": "https://example.com/openapi.json",
    "projectId": "proj_abc123"
  }'

Poll the job status:

curl https://rorix.io/api/pentest/job_xyz789 \
  -H "Authorization: Bearer rxk_your_api_key"

See the Pentest API reference for full details.

PolicyIntegrations