Know Your Attack Surface
Before Attackers Do
Continuously discover subdomains, scan for vulnerabilities, and monitor your external attack surface in real time. All through a single dashboard.
See It in Action
A real-time view of your attack surface, all in one dashboard.
Attack Surface Overview
www.example.com
200 OK
Nginx
api.example.com
200 OK
Node.js
admin.example.com
401
Apache
staging.example.com
200 OK
React
old.example.com
Timeout
-
Scanning example.com
What Lorikeet ASM Does
Automated discovery and continuous monitoring of your entire external attack surface.
Subdomain Discovery
Automatically enumerate and discover all subdomains associated with your domains, including shadow IT and forgotten assets.
Vulnerability Scanning
Continuous scanning against 1,969+ vulnerability signatures powered by industry-leading tools and AI enrichment.
Technology Detection
Identify the technology stack running on every asset frameworks, CMS platforms, server software, and versions.
Port & Service Mapping
Discover open ports, exposed services, and network entry points across your entire external infrastructure.
Change Detection
Get alerted when new assets appear, configurations change, or new vulnerabilities are discovered on your perimeter.
Email Exposure Monitoring
Track exposed email addresses across breaches, paste sites, and dark web sources to prevent credential attacks.
How It Works
Get started in minutes with three simple steps.
Connect
Add your root domains to the Lorikeet ASM dashboard. We handle the rest no agents, no installations required.
Discover
Our scanner automatically discovers subdomains, IPs, open ports, technologies, and vulnerabilities across your attack surface.
Monitor
Receive real-time alerts for new findings, track remediation progress, and export reports all from your client portal.
Everything in Your Dashboard
A comprehensive view of your external security posture.
Asset Inventory
Complete inventory of all discovered domains, subdomains, IPs, and services.
Vulnerability Findings
Prioritized findings with severity ratings, descriptions, and remediation steps.
AI-Powered Enrichment
Each finding enriched with AI-generated context from our vulnerability knowledge base.
Screenshot Evidence
Automated screenshots of discovered web assets for visual verification.
SSL/TLS Analysis
Certificate monitoring, expiration alerts, and configuration security checks.
Executive Reports
Monthly reports with trends, risk scores, and remediation progress tracking.
Choose Your Plan
All plans include full ASM capabilities. Pick the size that fits your organization.
- Continuous asset discovery
- Subdomain enumeration
- Automated vulnerability scanning
- Real-time alerts
- Client portal access
- AI-powered enrichment
- Everything in Personal
- Monthly executive reports
- Priority scanning
- Email exposure monitoring
- Change detection alerts
- Screenshot evidence capture
- Everything in Professional
- Unlimited domains
- API access for integration
- Custom scan scheduling
- Dedicated support channel
- Compliance-ready reports
Frequently Asked Questions
Common questions about Lorikeet ASM.
What is Attack Surface Management?
Attack Surface Management (ASM) is the continuous discovery, monitoring, and analysis of your organization's internet-facing assets. It identifies subdomains, open ports, technologies, and vulnerabilities that attackers could exploit giving you visibility before they find them.
Do I need to install anything?
No. Lorikeet ASM is fully external it scans your attack surface from the outside, just like an attacker would. Simply add your root domains and we handle everything else. No agents, no firewall changes, no installations required.
How is this different from a penetration test?
A penetration test is a point-in-time, deep-dive assessment. ASM is continuous and broad it monitors your entire external perimeter 24/7. Think of ASM as always-on reconnaissance while pentests are targeted surgical operations. Many organizations use both together.
What scanning tools do you use?
Our scanner pipeline uses industry-leading tools including subfinder for subdomain discovery, httpx for HTTP probing, nuclei for vulnerability detection, nmap for port scanning, and custom AI enrichment powered by our vulnerability knowledge base of 1,969+ entries.
Can I cancel anytime?
Yes. All plans are month-to-month with no long-term contracts. You can cancel your subscription at any time through the client portal or by contacting support.
Do all plans get the same scanning capabilities?
Yes. Every plan includes our full scanning pipeline subdomain discovery, vulnerability scanning, technology detection, and port mapping. Plans differ in scale, reporting, and support level to match different organization sizes.
Ready to See Your Attack Surface?
Start monitoring in minutes. No installation required.
