Skip to content
The platform

One workflow.
Three phases.

Hax is built around a single belief: your team should spend time fixing what matters, not triaging false positives. Recon, analyse, act — in one platform, with an AI co-pilot that knows what your business actually cares about.

Phase 1 — Recon

Continuous attack surface realisation

Hax discovers every internet-facing asset attached to your organisation — domains, subdomains, IPs, services, certificates — using the same techniques and intelligence sources adversaries use during their own reconnaissance.

  • Subdomain enumeration via certificate transparency logs, DNS brute-forcing, and OSINT
  • Service fingerprinting across all open ports
  • Continuous monitoring — new exposure detected within minutes
  • Per-asset ownership attribution and tagging
Hax attack surface dashboard showing discovered assets and exposures
Phase 1 — Recon

Cryptographic posture and TLS hygiene

TLS misconfigurations, expired certs, weak ciphers, and pre-quantum exposure all surface in one view. With the move toward post-quantum cryptography accelerating, Hax flags algorithms that will need replacement before quantum-vulnerable migrations bite.

  • Certificate inventory with expiry tracking
  • Cipher suite auditing across all exposed services
  • Pre-quantum algorithm flagging
  • CAA record validation
Hax cryptographic threat assessment view
Phase 2 — Analyse

Real-time exposure alerts

When something changes — a new exposed service appears, a certificate is about to expire, a credential is offered for sale — your team knows in minutes. Alerts are delivered where your team already operates: WhatsApp, Slack, Teams, email, or webhook.

  • WhatsApp priority support channel for premium tiers
  • Slack, Teams, email, webhook, and SIEM integrations
  • Configurable alert routing by severity, asset, and time of day
  • Suppression and de-duplication intelligence
Hax real-time alerting dashboard
Phase 2 — Analyse

Compliance mapping that works

Every Hax finding is auto-mapped to the controls in POPIA, GDPR, ISO 27001 Annex A, NIST CSF, and PCI DSS. Your audit narrative writes itself — alongside the technical detail engineers need to remediate.

  • POPIA & GDPR (article-level mapping)
  • ISO 27001:2022 Annex A controls
  • NIST CSF 2.0 functions and categories
  • PCI DSS 4.0 requirements
Hax compliance mapping interface
Phase 3 — Act

Total clarity reporting

Two reports from one scan: a board-ready PDF executive summary that translates technical reality into business risk language, and a complete technical detail report your engineering team can work from immediately.

  • PDF executive summary with branded cover
  • Full technical findings export (JSON, CSV, SARIF)
  • Trend analysis vs prior scans
  • Per-finding remediation guidance with code examples where applicable
Hax executive summary report preview
Phase 3 — Act

VIP & executive watch

High-value targets — boards, founders, C-suite — get continuous monitoring across credential leaks, dark web mentions, and impersonation attempts. Alerts are routed through a separate, discreet channel reserved for executive protection.

  • Per-executive watch lists with personal and corporate identifiers
  • Stealer log forensics scoped to executive devices
  • Domain impersonation and brand abuse detection
  • Discreet alert routing through dedicated channels
Hax VIP threat dashboard

See it run against your domain.

A live, scoped 30-minute demo. Sample report whether you continue or not.

Request a demo See pricing