HailBytes ASM
Attack Surface Management

Formerly reNgine Cloud

Self-Hosted Attack Surface Management Platform

Automated reconnaissance across 40+ tools, AI-agent orchestration through a built-in MCP server, and scheduled monitoring with Slack, Teams, Discord, Telegram, Lark, and Twilio SMS alerts. Deploy from the AWS or Azure Marketplace (including Azure Government) in minutes. Your account, your data, zero vendor lock-in.

Deploy on Azure Deploy on AWS Book a Demo

Deploys as a single VM, an HA pair across availability zones, or an auto-scaling group — MSSPs typically run auto-scaling for multi-customer tenants. See deployment topologies.

Q2 2026 Release Highlights

What’s New in HailBytes ASM

Major capability additions shipped April–May 2026 (∼800 commits)

Triage-First Dashboard

Redesigned for MSSP operators: diff-from-last-scan triage banner, status-filtered findings, real-time scan progress bars, and attack-path visualization with MITRE ATT&CK badges on findings.

11 Compliance Frameworks (NA-first)

Ordered for US Enterprise procurement: SOC 2 CC7.x, NIST CSF 2.0, HIPAA, GLBA, PCI DSS 11.3, FedRAMP Moderate, NYDFS 500, CIS Controls v8 IG1+IG2 lead, followed by LGPD (Brazil), and ISO 27001:2022 + GDPR Art. 32 globally. All generate exportable evidence reports.

OWASP Top 10 Hardened

Fixed IDOR in ReconNote (A01), command/regex/LDAP injection (A03), rate-limited scan initiation (A04), SSRF guards on all outbound webhooks (A10), and structured security event logging (A09).

New SIEM & Alert Channels

CrowdStrike Falcon LogScale and Wiz Issues added to native SIEM connectors. Twilio SMS joins PagerDuty, Opsgenie, Slack, and webhook channels for flexible incident alerting.

Hatchet Task Queue

Scan execution migrated to the Hatchet workflow runner (feature-flagged), replacing Celery for observable, retryable async task processing at enterprise scale.

Enterprise & Security Upgrades

Django upgraded to 5.2 LTS (CVE fixes), 4× faster CI with sharded tests, Playwright replaces Selenium for UAT, ES6+ JavaScript with ESLint security gates, and nightly OSV-Scanner.

SCIM 2.0 Auto-Provisioning

SCIM 2.0 endpoint at /api/v1/scim/v2/ lets a customer’s Okta or Entra ID push users and groups straight into their Project — no manual onboarding per client, deprovisioning handled at the IdP.

STIX 2.1 / TAXII 2.1 Server

Per-Project STIX 2.1 / TAXII 2.1 server endpoint exports discovered assets and findings as structured threat-intel objects, so federal and enterprise teams can pull ASM output into their existing TIP or share it downstream.

Full Changelog on GitHub →

See HailBytes ASM in Action

Watch a live walkthrough of automated reconnaissance, vulnerability triage, and continuous monitoring.

HailBytes ASM product demo video thumbnail

Full 11-minute walkthrough captured live from the product, no UI edits between steps.

The Reconnaissance Challenge

Most pen-test firms and MSSPs still chain subfinder, httpx, nmap, nuclei, ffuf, and a dozen other tools with bash scripts and spreadsheets, while attackers discover exposures faster.

Bash-Script Recon Pipelines

  • Each engagement starts from a half-broken script
  • Findings live in scattered text files and spreadsheets
  • One-time assessments miss new exposures between pentests
  • Commercial ASM platforms cost $50K–$500K/year
  • No correlation, no prioritization, no AI analysis

HailBytes ASM

  • 40+ tools orchestrated through a four-phase Hatchet pipeline
  • Every subdomain, port, tech, and finding correlated in one DB
  • Continuous monitoring with diffed findings and webhook alerts
  • Multi-tenant projects so one platform serves every client
  • AI analysis (OpenAI or local Ollama) and a built-in MCP server
Deploy HailBytes ASM →
VS

Built for Enterprise

Production-hardened, multi-tenant, and cloud-native. The pieces a pen-test firm or MSSP would otherwise have to build themselves: RBAC, 2FA, audit logging, scheduled scans, AI agent orchestration, and hardened marketplace images, all included.

Performance & Reliability

  • Async-first stack: Django 5.2 on ASGI (Gunicorn + Uvicorn) with WebSocket-driven live scan progress
  • PgBouncer pooling: Connection pooling in front of PostgreSQL 16 keeps Hatchet workers and the API responsive under load
  • Self-healing workers: Automatic recovery from common failure scenarios with health monitoring
  • Multi-arch images: Native ARM64 + AMD64 Docker builds and pre-compiled Go tool binaries cut deploy time by ~75%

Scheduling & Automation

  • Hatchet cron schedules: Hourly, daily, weekly, or custom-cron scans with new-finding diffing and alerts
  • Triage queue: Severity-ranked findings with status subtabs, deep-link filters, and one-click handoff
  • Auto-updating templates: Nuclei templates refresh on every run so coverage tracks new CVEs
  • Webhook fan-out: Slack, Microsoft Teams, Discord, Telegram, Lark, or any HTTP endpoint

User Experience & Support

  • In-App Tutorials: Guided onboarding and contextual help to speed time-to-value
  • Enhanced Documentation: Comprehensive guides for deployment, configuration, and best practices
  • Enterprise Support: 8am-5pm MT baseline support included, 24/7 available
  • Cloud-Native Deploy: One-click AWS/Azure deployment with auto-scaling
  • Multi-language UI: Available in English, Brazilian Portuguese, Spanish, Canadian French, German, Japanese, and Korean — set per tenant and applied platform-wide from the login screen onward

Security & Governance

  • Multi-tenant isolation: Project-scoped queries enforced at the API and middleware layers, so analysts assigned to Client A cannot see Client B’s scans, findings, or targets, even on a shared instance
  • RBAC + 2FA: Three roles (SysAdmin, Pen Tester, Auditor), eight granular permissions, TOTP MFA; assign senior analysts to multiple client projects or lock junior testers to a single engagement
  • Audit logging: 21 tracked action types with user, IP, user-agent, and resource attribution
  • Hardened images: Ubuntu 24.04 baseline, CSP nonces, hardened SSH, SHA-256-hashed API keys

Enterprise-ready from day one. Your infrastructure. Your data.

Deploy HailBytes ASM

See HailBytes ASM in Action

A real look at the platform your security team will use every day

HailBytes ASM dashboard with active scans, target counts, and recent findings
Live Scan Management

Track Every Scan in Real Time

The redesigned dashboard polls per-scan live status JSON, with severity-chip KPIs, a triage queue, and a target risk-score panel. Watch tool phases advance, findings roll in, and timelines update without ever hitting refresh.

HailBytes ASM Target Listing showing every subdomain, IP, and technology stack discovered
Asset Discovery

Complete Subdomain Visibility

Every subdomain, IP, open port, and technology stack mapped in one view. Filter, sort, and drill into any asset to see its full exposure profile. Know your attack surface before attackers do.

HailBytes ASM Scan Engine Listings page with pre-built and custom scan profiles
Scan Engines

Configure Exactly What You Need

Pre-built scan profiles for common use cases or define your own with full YAML control. Choose which tools run, in what order, and with what intensity. Commercial platforms don't give you this level of control.

HailBytes ASM Vulnerability List with severity ratings, affected hosts, and remediation guidance
Findings & Triage

Prioritized Vulnerability Insight

Severity-ranked findings with status subtabs, affected hosts, LLM-generated descriptions, and white-labeled HTML and compliance report templates. Hand-off ready for SIEM, SOAR, or your client’s bug-tracking system.

Deploy on Azure Deploy on AWS Book a Demo

Automated Reconnaissance Pipeline

Four-phase scanning pipeline - from subdomain discovery through AI-powered vulnerability analysis - all orchestrated automatically.

HailBytes ASM four-phase scanning pipeline. Phase 1 Discovery: subdomain enumeration with Subfinder, Amass, Assetfinder, BBOT, dnsx and more. Phase 2 Enumeration: HTTP probing, crawling and technology detection with HTTPx, Naabu, Nmap, Katana and more. Phase 3 Scanning: port and vulnerability scanning with Nuclei, Dalfox, CRLFuzz, FFUF and more. Phase 4 Intelligence: AI-powered analysis and reporting.

HailBytes ASM Reconnaissance Pipeline - Discovery, Enumeration, Scanning, Intelligence

HailBytes ASM scan engine presets, 40+ recon tools as one-click engines video thumbnail

Jump to the scan-engine presets chapter (4:10).

New in HailBytes ASM

Drive Recon with AI Agents

HailBytes ASM ships with a built-in MCP server exposing 16 tools that let AI coding and pentest agents start scans, query findings, and chain campaigns without anyone touching the UI.

What it does

  • Add targets, kick off scans, and pull findings programmatically
  • Suggest attack-surface coverage from a free-form goal
  • Chain into GoPhish for end-to-end recon → phishing engagements
  • Runs alongside Django over ASGI (no extra service to deploy)

Works with the agents you already use

  • Claude Desktop & Claude Code
  • Cursor and Windsurf
  • Anything built on the Anthropic SDK or any MCP-compatible client
  • Authenticates with the same SHA-256-hashed API keys as the REST API

Especially useful for pen-test firms and MSSPs scaling delivery: a senior tester drives an agent across 30 client engagements instead of 3.

HailBytes ASM no-code scan wizard - goal, depth, notifications video thumbnail

Jump to the no-code scan wizard chapter (8:50), the same surface an MCP agent drives.

Platform Architecture

Django 5.2 on ASGI with the Hatchet workflow runner, PostgreSQL 16 (PgBouncer-pooled), Redis, and 40+ integrated security tools, all running in multi-arch Docker containers on your infrastructure.

HailBytes ASM platform architecture showing Django backend, Hatchet workers, PostgreSQL database, Redis queue, and 40+ security tools

HailBytes ASM Platform Architecture - Django, Hatchet Workers, Security Tools, Data Layer

40+ Integrated Security Tools

Every major open-source reconnaissance and vulnerability scanning tool, orchestrated in a single pipeline.

Discovery

  • Subfinder
  • Amass
  • Assetfinder
  • Alterx
  • BBOT
  • dnsReaper
  • TLSX
  • Netlas
  • dnsx
  • Uncover

Probing & Crawling

  • HTTPx
  • Naabu
  • Nmap
  • Gospider
  • Hakrawler
  • Katana
  • Waybackurls
  • GAU

Vulnerability Scanning

  • Nuclei (auto-updating templates)
  • Dalfox (XSS)
  • CRLFuzz
  • S3Scanner
  • FFUF (fuzzing)
  • Dirsearch

OSINT

  • theHarvester
  • Shodan
  • Censys
  • SecurityTrails
  • VirusTotal

Detection

  • Wafw00f (WAF detection)
  • httpx (CMS & tech detection)
  • Wappalyzer
  • gowitness (screenshots)

Analysis & AI

  • OpenAI (GPT-class models)
  • Ollama (local, air-gapped LLM)
  • NVIDIA CUDA & AMD ROCm GPU acceleration
  • Built-in MCP server (16 tools)
  • Custom YAML scan engines
  • 40+ REST API endpoints
Download Full Tool Integration Map (PDF)

Powerful Features for Modern Security Teams

Everything you need for comprehensive reconnaissance and attack surface management.

Automated Discovery

Comprehensive subdomain enumeration using Subfinder, Amass, and Alterx. Discover hidden assets automatically.

Port & Service Scanning

Nmap and Naabu integration for fast port scanning and service detection with banner grabbing.

Endpoint Enumeration

Gospider, Hakrawler, and Katana crawling for comprehensive URL discovery and attack vectors.

Vulnerability Scanning

Nuclei templates (3,000+ CVEs), Dalfox for XSS, and S3Scanner for automated vulnerability detection.

AI-Powered Analysis

OpenAI or local Ollama models (with NVIDIA CUDA and AMD ROCm GPU acceleration) for air-gappable vulnerability assessment, exploitation guidance, and automated reporting.

Continuous Monitoring

Hatchet-scheduled scans with diffed findings and webhook alerts to Slack, Microsoft Teams, Discord, Telegram, Lark, and Twilio SMS.

See More Features Book a Demo
Security by Default

Encryption, Certificate Management & Compliance Evidence

Data is encrypted end-to-end and certificate health is tracked automatically. Every scan generates auditor-ready evidence for the compliance frameworks your clients care about most.

Encryption In-Transit & At-Rest

TLS 1.2+ everywhere for data in transit. AES-256 disk encryption via AWS EBS or Azure Storage. Application-layer AES-256-GCM for sensitive credentials (SMTP secrets, API tokens, cloud connector keys). Key management via Azure Key Vault or AWS KMS, so no secrets are ever stored in plaintext.

TLS Certificate Monitoring & Easy Management

TLSX and dnsx continuously track TLS certificates and zone-transfer exposure across every discovered asset. Expiring or mis-issued certs appear as findings before they become outages or compliance deficiencies. The platform’s own certificates are managed through the Settings UI, with no shell access or manual renewal scripts.

11 Compliance Frameworks, North-American-first Ordering

North American: SOC 2 Type II, NIST CSF 2.0, HIPAA, GLBA, PCI DSS 4.0, FedRAMP Moderate, NYDFS 23 NYCRR 500, CIS Controls v8 IG1 & IG2. Latin American: LGPD. Global: ISO/IEC 27001:2022, GDPR Art. 32. Each scheduled PDF report includes per-framework evidence sections your clients can hand directly to auditors.

View Compliance Coverage Talk to a Solutions Engineer

Built for Pen-Test Firms and MSSPs

Pen-Test Firms

Standardize Recon Across the Team

Every engagement starts the same way: a project, a scope, and a one-click scan engine. Junior testers ramp in weeks instead of months, senior testers drive the MCP server from their AI agent of choice, and 30+ client engagements stay isolated with project-scoped RBAC.

MSSPs

Sell Continuous ASM as a Service

Multi-tenant projects, white-label HTML and compliance reports, scheduled scans, and webhook fan-out into your SOC tooling let you package continuous external monitoring as a recurring deliverable, on infrastructure your client owns or yours.

Enterprise & DevSecOps

Deploy in Your VPC, GovCloud Included

For internal security teams running their own ASM program: deploy from AWS or Azure Marketplace (including AWS GovCloud and Azure Government), drive scans from CI/CD via the REST API, and stream findings into SIEM, SOAR, or ticketing systems via webhooks.

Get Started with HailBytes ASM

Transparent Pricing

Pay only for what you use. No per-asset fees. No vendor lock-in.

HailBytes ASM
$0.24/vCPU/hour
or $4,200/year for recommended 2 vCPU instance
30-Day Free Trial

What's Included

  • All 40+ integrated security tools
  • Unlimited targets and scans
  • Self-hosted deployment on your AWS/Azure
  • 30-day free trial on AWS or Azure
  • Baseline support (8am-5pm MT)

Multi-Year Reservations

  • Year 1 — standard rate
  • Year 2 — 10% discount
  • Year 3 — 15% discount

Multi-year pricing requires a signed order form. Talk to sales →

Free Trial on Azure Free Trial on AWS Book a Demo

Support Options

Standard

Free
  • Email support (3-5 days)
  • Community Discord
  • Public documentation
  • GitHub issue tracking

Professional

$550/month
  • Everything in Standard
  • Priority Discord support
  • Email support (72hr SLA, Mon-Fri)
  • Deployment assistance
★ Most Popular · Recommended

Enterprise

$1,650/month
  • Everything in Professional
  • 24/7 priority support
  • Dedicated Slack channel
  • 10 hours/month engineering
View Full Support Pricing → Contact Us to Learn More

Note: Pricing is $0.24/vCPU/hour via AWS or Azure Marketplace. This includes the software and infrastructure in a single marketplace bill. Typical deployments run on a 4-8 vCPU instance ($700-$1,400/month).

Platform-as-a-Service Pricing

One marketplace bill covers the software license, the infrastructure, and the updates. Enterprise ASM as a fully-managed Platform-as-a-Service.

Commercial SaaS ASM Platform

Year 1 Total Cost:
License: $120,000
Implementation & onboarding: $25,000
Professional services: $10,000
Annual support contract: $20,000
Data leaves your environment: Included
= $175,000+

HailBytes ASM

Year 1 Total Cost:
Software license: Included in marketplace bill
Cloud infrastructure (Azure or AWS): Included
Updates and security patches: Included
Baseline support (8am-5pm MT): Included
Your data stays in your account: Always
$4,200/year (2 vCPU)

Full-featured enterprise ASM for the price of a single cloud line item.

Runs on your AWS or Azure account. You own the infrastructure, the data, and the budget line. No per-asset fees. No vendor lock-in. 5-year cost: HailBytes ASM $21,000 vs. SaaS $600,000+.

Free Trial on Azure Free Trial on AWS Book a Demo

HailBytes ASM vs Commercial ASM Platforms

FeatureHailBytes ASMCensys ASMShodan Enterprise
Annual Cost$4,200$120,000+$75,000+
Data PrivacyYour infrastructureThird-party SaaSThird-party SaaS
Scan CustomizationFull YAML controlLimitedPredefined only
Vulnerability Scanning3000+ Nuclei templatesBasic CVE matchingPort/service only
AI-Powered AnalysisGPT-class models / OllamaNoNo
API & Agent Access40+ REST endpoints + MCP serverLimitedSearch API only
GovCloud / Azure GovernmentDeployable in your sovereign cloudSaaS onlySaaS only
Multi-Tenant Project IsolationYes (per-client RBAC)NoNo

5-Year Cost: HailBytes ASM: $21,000 | Censys ASM: $600,000 | Shodan Enterprise: $375,000

Competitor figures are approximate entry-level annual list pricing per publicly available information as of May 2026; both vendors offer consumption-based and custom enterprise plans, so actual quotes vary. HailBytes figures reflect the recommended 2 vCPU marketplace deployment at $0.24/vCPU/hour. Verify current competitor pricing directly with each vendor.

Free Trial on Azure → Free Trial on AWS → Book a Demo

Frequently Asked Questions

What makes HailBytes ASM different from chaining open-source tools yourself?

HailBytes ASM replaces the bash-script-and-spreadsheet recon pipeline with a real platform. It orchestrates 40+ tools through Hatchet workers across a four-phase scan pipeline, correlates every subdomain, endpoint, port, technology, and finding in one relational database, and adds the parts you would otherwise have to build yourself: multi-tenant project isolation, RBAC, 2FA, audit logging, scheduled scans, AI analysis (OpenAI or local Ollama), a built-in MCP server, and white-labeled reporting. It ships as a hardened AWS or Azure Marketplace image (including Azure Government), so your team deploys in minutes.

How does the AI-powered analysis work?

Two paths: OpenAI via API for hosted analysis, or local Ollama models running on NVIDIA CUDA or AMD ROCm GPUs for fully air-gapped use. Either way, the platform analyzes findings, prioritizes risk, generates exploitation guidance, and drafts reports. A built-in MCP server exposes 16 tools so AI agents (Claude Desktop, Claude Code, Cursor, Windsurf, or any Anthropic-SDK app) can drive recon end-to-end. With the Ollama path, no scan data ever leaves your account.

How does data privacy work for reconnaissance data?

All scan data lives in YOUR cloud infrastructure. HailBytes ASM runs on your AWS/Azure account. We never see your scan results, target domains, or vulnerability findings. You control data retention, encryption keys, and access policies. True data sovereignty for sensitive security data.

Can I try HailBytes ASM before purchasing?

Yes! Deploy directly from AWS Marketplace or Azure Marketplace with a 30-day free trial. Community (free) support included. You only pay infrastructure costs during evaluation, with no software license fees and no sales call required.

See More FAQs Talk to a Solutions Engineer

Related Resources

Tutorial

Bug Bounty Recon Workflow

Optimize your bug bounty hunting with automated reconnaissance and AI analysis.

View Tutorial →
Tutorial

Continuous Subdomain Monitoring

Discover new subdomains and detect shadow IT before attackers do.

View Tutorial →
Tutorial

CI/CD Security Gates

Integrate security scanning into GitHub Actions, GitLab CI, or Jenkins.

View Tutorial →
Tutorial

SIEM Integration

Stream security events to Splunk, Sentinel, or ELK for centralized monitoring.

View Tutorial →
Blog Post

Eliminate the Reconnaissance Setup Tax

Learn why security teams waste 40+ hours on tool deployment and how to fix it.

Read Article →
Blog Post

Automated ASM vs Manual Reconnaissance

Why security teams are switching from manual recon to automated workflows.

Read Article →
Blog Post

Reselling Continuous ASM Between Pentests

How pen-test firms package continuous external monitoring as a recurring client deliverable.

Read Article →
Compare

HailBytes ASM vs Alternatives

See how HailBytes ASM compares to commercial attack surface management platforms.

Compare →
Documentation

Complete Documentation

Deployment guides, API references, and video tutorials for HailBytes ASM.

View Docs →
Deploy

Deploy on AWS or Azure

One-click deployment to AWS or Azure marketplace in under 5 minutes.

Deploy Now →

Complete Your Security Stack

Recommended Pairing

Complete with HailBytes SAT

After discovering vulnerabilities with HailBytes ASM, train your team to defend against social engineering attacks with HailBytes SAT. Technical controls are only half the battle - your people are the last line of defense.

  • Map attack surface with reconnaissance
  • Test employee security awareness
  • Build defense-in-depth strategy
Learn About HailBytes SAT →

Ready to automate your reconnaissance?

Deploy HailBytes ASM in minutes and discover your attack surface faster than ever before.

Deploy on AWS Deploy on Azure View Support Plans

Try HailBytes ASM Free

Get a free trial deployment on AWS or Azure. Our team will walk you through setup and help you run your first reconnaissance scan within 30 minutes.

  • 30-day free trial on AWS or Azure
  • Guided onboarding from our security team
  • No credit card required to start
  • 30+ security tools pre-configured

Request a Free Trial

We'll respond within one business day.

Get the Free HailBytes ASM Getting Started Guide

A 7-part email series covering everything from your first deployment to advanced configuration and real-world workflows. One email per day, no spam.