Getting Started MSP Scanning Workers and Agents Billing and Plans API and Webhooks Platform Administration Security

Dark Web Monitoring

Continuously monitor breach databases, paste sites, and darknet sources for your domains, emails, and keywords. Get alerted when credentials or sensitive data appear in the wild.

1Overview

Dark Web Monitoring scans multiple intelligence sources for mentions of your organization's assets — domains, email addresses, and custom keywords. When a match is found, a finding is created with severity classification, source details, and remediation guidance.

Dark Web Monitoring is available on Pro plans and above. Free plans can view the feature but cannot configure monitoring assets.

2Setup Wizard

Navigate to Intelligence → Dark Web in the sidebar to access the monitoring dashboard.

Add Domains — Enter your organization's domains (e.g., company.com). These are checked against breach databases.

Add Email Addresses — Add key personnel emails to monitor. Each email is checked for credential exposures.

Add Keywords — Custom search terms for paste sites and forums (e.g., project names, internal codenames).

Save & Scan — Save your configuration and optionally trigger an immediate scan. Scheduled scans run automatically.

3Data Sources

Vulnios aggregates intelligence from multiple sources, deduplicating findings by fingerprint to avoid noise.

Have I Been Pwned (HIBP)Breach Database

Checks domains against 700+ known data breaches. Identifies exposed email accounts and breach details.

LeakCheckCredential Enrichment

Deep credential search across leaked databases. Returns leaked passwords, sources, and exposure timestamps.

Intelligence XPaste Monitoring

Monitors paste sites, darknet forums, and data dumps for keyword and domain mentions.

4Plan Limits

Plan	Domains	Emails	Keywords	Scan Freq	Findings
Free	—	—	—	—	—
Pro	3	5	3	Weekly	100
Pro+	10	25	10	Daily	500
Enterprise	50	100	50	Hourly	Unlimited

5Findings & Severity

Each finding is automatically classified by severity based on the type of exposure:

CriticalPlaintext credentials, active sessions, or API keys found in breaches

HighHashed passwords, personal data, or sensitive internal documents

MediumEmail addresses appearing in breach datasets without credentials

LowDomain mentions in paste sites or public forums

Findings are deduplicated by fingerprint — the same breach won't generate duplicate alerts. Dismissed findings are hidden from the dashboard but retained for audit purposes.

6Alerts & Notifications

When new critical or high-severity findings are discovered, Vulnios triggers alerts through your configured notification channels (email, webhooks). Alert events include:

{
  "type": "dark_web_finding",
  "severity": "critical",
  "source": "hibp",
  "asset": "company.com",
  "finding": "Domain found in 3 breaches",
  "breaches": ["LinkedIn 2021", "Adobe 2013", ...],
  "timestamp": "2026-03-12T10:00:00Z"
}

What's Next?

Alerts & Webhooks

Configure alert delivery channels

Billing & Plans

Compare plan limits and upgrade

Scanning & Results

Run file and container scans

Getting Started

First-time setup guide