Sold by: HailBytes
Deployed on AWS
Free Trial
Automated reconnaissance platform for security teams. Continuous attack surface monitoring with AI-powered vulnerability analysis.
Overview
Image
Scan Engine Creation Wizard
Image
Branding Customization
Image
Pre-made Scan Engines
Video
Product video
Enterprise Attack Surface Management & Automated Reconnaissance
HailBytes ASM is an enterprise-grade automated reconnaissance platform that transforms weeks of manual security testing into hours through intelligent automation, AI-powered analysis, and continuous monitoring.
What You Get
- 20+ integrated security tools orchestrated in automated workflows
- AI-powered vulnerability analysis with GPT-4 and local LLM support
- Continuous attack surface monitoring with automated change detection
- Multi-project collaboration with role-based access control
- Container-based deployment with GPU support for AI workloads
- REST API for automation and CI/CD integration
- Standard support included (3-5 day response) - upgrade available
Perfect For
- Penetration testers conducting client reconnaissance
- Red teams automating reconnaissance workflows
- Security consultancies managing multiple client assessments
- Corporate security teams monitoring attack surface continuously
- DevSecOps teams integrating security into CI/CD pipelines
Key Features
Automated Reconnaissance Workflow
- Subdomain Discovery: Subfinder, Amass, Assetfinder integration
- Port Scanning: Nmap, Masscan automated scanning
- Technology Detection: Wappalyzer, WhatWeb, Webanalyze
- Vulnerability Scanning: Nuclei templates (10,000+ CVEs)
- Directory Bruteforcing: FFUF, Dirsearch, GoBuster
- Screenshot Capture: Automated visual reconnaissance
- DNS Analysis: Comprehensive DNS enumeration
- Certificate Transparency: CT log monitoring
AI-Powered Analysis
- GPT-4 Integration: Cloud-based AI vulnerability assessment
- Ollama Support: On-premise LLM for air-gapped environments
- GPU Acceleration: Optional GPU instances for faster AI processing
- Automatic Report Generation: AI-generated executive summaries
- Exploitation Guidance: Context-aware attack suggestions
- Natural Language Queries: Ask questions about your findings
Continuous Monitoring
- Scheduled Scans: Automated periodic reconnaissance
- Change Detection: Alert on new subdomains, endpoints, vulnerabilities
- Historical Tracking: Trend analysis and attack surface growth visualization
- Real-time Notifications: Slack, Discord, Telegram integration
- Mean Time to Discovery: Catch vulnerabilities before attackers
Collaboration & Workflow
- Multi-Project Support: Isolate client engagements or business units
- Role-Based Access: Admin, Auditor, Viewer permissions
- Team Collaboration: Shared notes and findings
- Workspace Isolation: Secure multi-tenant architecture
- API Integration: Automate workflows and exports
Data Management & Reporting
- Centralized Database: PostgreSQL with full-text search
- Export Capabilities: JSON, CSV, PDF reports
- Custom Report Templates: Brand reports for clients
- SIEM Integration: Send findings to Splunk, ELK, Azure Sentinel
- Historical Analysis: Compare scans over time
Deployment Details
Infrastructure Included
- Compute: EC2 instance (t3.medium to d8s_v3/GPU instances)
- Database: PostgreSQL (included in VM pricing)
- Cache: Redis for performance optimization
- Storage: S3-compatible storage for screenshots and artifacts
- Networking: VPC, security groups, load balancer optional
Setup Time
- 5-10 minutes automated CloudFormation deployment
- Pre-configured with all 20+ security tools
- Production-ready out of the box
- Optional GPU acceleration for AI workloads
Security & Compliance
- SOC 2 Type II compliant infrastructure
- Data encryption at rest and in transit
- Private VPC deployment
- Role-based access control
- Audit logging enabled
- GDPR/CCPA compliant
Why HailBytes ASM?
vs. Manual Reconnaissance
- 80% time savings - weeks to hours
- Consistent methodology - repeatable processes
- Centralized data - no more scattered CSV/JSON files
- Continuous monitoring - vs. point-in-time assessments
vs. Commercial ASM Platforms (Censys, Shodan, etc.)
- 50-70% cost savings - $350/mo vs. $20K-50K/year
- Complete data ownership - all data in your AWS account
- Full customization - modify scans, add custom tools
- No vendor lock-in - portable container architecture
- GPU acceleration - optional for AI workloads
Getting Started
- Subscribe on AWS Marketplace (uses your AWS committed spend)
- Deploy using our CloudFormation template (5-10 minutes)
- Configure your first reconnaissance project
- Launch automated scans and review AI-powered insights
Highlights
- 20+ integrated security tools with automated workflows
- AI-powered vulnerability analysis with GPT-4 and Ollama
- Continuous monitoring with real-time change detection
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Ubuntu 24.04.1
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
t3.xlarge Recommended | $0.96 |
c5a.12xlarge | $11.52 |
c5a.8xlarge | $7.68 |
t3.large | $0.48 |
t3.2xlarge | $1.92 |
c5a.16xlarge | $15.36 |
c5.4xlarge | $3.84 |
Vendor refund policy
HailBytes Refund Policy: Full refunds available within 24 hours of deployment for unresolved technical issues only.
To request a refund: Stop all instances Email support@hailbytes.com with Instance ID and issue details
Refunds not available for: Usage beyond 24 hours Non-technical reasons Multiple deployment attempts Changed requirements
Contact our Discord community for immediate technical support. Enterprise customers refer to contract terms.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
HailBytes ASM v1.5082 - May 20, 2026
This release brings major platform upgrades, expanded integrations, broader cloud coverage, and high-availability parity with HailBytes SAT.
Platform and framework updates include an upgrade to Django 5.2, completion of the Celery-to-Hatchet migration for scheduled work, migration of the legacy jQuery frontend to TypeScript with security hardening via DOMPurify, and added Spanish and Brazilian Portuguese language support. Self-hosted opt-in product analytics replace Mixpanel, and the first-time onboarding experience has been refined.
High-availability and operational reliability now reach full parity with SAT. A new instancemigrate app provides backup and restore endpoints, with admin-gated APIs at /api/instance/export, /api/instance/import, and /api/instance/schema-version. A migrate_locked management command uses Postgres advisory locks to prevent migration races across replicas. New pre-patch and post-patch shell scripts ship to /opt/hailbytes/bin/ via Packer, and a new AWS HA deployment runbook is included.
Cloud attack surface coverage expands significantly with a new cloudConnectors module offering native integrations for AWS (Route53, EC2, ELBv2, CloudFront, S3, RDS, API Gateway, Lambda), Azure (DNS, App Service, Storage, Front Door), GCP (Cloud DNS, Compute, Cloud Run, GCS), and Cloudflare (DNS, Workers, R2). An inbound asset webhook with HMAC-SHA256 signing supports custom asset sources. Exposure clustering and a force-directed exposure graph view help visualize relationships across discovered assets.
Reporting and compliance gains seven new framework reports, bringing the total to ten: ISO/IEC 27001:2022, HIPAA Security Rule, CIS Controls v8 IG1, GDPR Article 32, FedRAMP Moderate, CIS Controls v8 IG2, and NYDFS 23 NYCRR Part 500. Scheduled PDF reports can now be delivered per project on daily, weekly, or monthly cadence. Vulnerability export adds SARIF 2.1.0 format for GitHub Code Scanning and OpenVEX format for software supply chain workflows.
Ticketing and notifications now include Jira, ServiceNow, GitHub Issues, and GitLab Issues dispatchers, plus PagerDuty Events v2 and Opsgenie Events v2 alert channels with severity-floor filtering.
DevSecOps and automation integrations include an official GitHub Action, CI templates for GitLab CI, Jenkins, CircleCI, and Azure Pipelines, and a Zapier integration covering Slack, Asana, Linear, Notion, and other downstream tools.
Identity and access management adds SCIM 2.0 provisioning for Okta, Azure AD, Google Workspace, and OneLogin, plus an LDAP and Active Directory direct-bind authentication backend for organizations not yet on SAML or OIDC.
Threat intelligence introduces a bring-your-own-key model with integrations for Shodan, Censys, GreyNoise, VirusTotal, AbuseIPDB, HIBP, MISP, OpenCTI, and AlienVault OTX. Bug bounty ingestion pulls triaged reports from HackerOne and Bugcrowd directly into the vulnerability workflow. A STIX 2.1 and TAXII 2.1 server makes each project available as a TAXII collection for downstream consumers.
Security and secrets management adds pluggable PAM backends supporting HashiCorp Vault, Azure Key Vault, and AWS Secrets Manager references in configuration.
Migration notes: existing deployments continue working without changes. Customers using the asm-aws-ha or asm-aws-autoscale Terraform modules should rebuild the marketplace AMI from main before their next SSM-driven patch cycle.
Additional details
Usage instructions
Initial Setup
- Launch the HailBytes ASM instance from AWS Marketplace.
- Recommended instance type: t3.large (minimum: 2 vCPU, 8 GB RAM, 40 GB disk).
- Default OS user: ubuntu (SSH key-based auth on port 22).
- Configure network security:
- Inbound TCP/443 (HTTPS) from your admin CIDR for the HailBytes ASM web UI.
- Inbound TCP/22 (SSH) from your admin CIDR for instance management.
- Outbound 443 to the public internet so scan tools (nuclei, subfinder, amass, etc.) can reach target assets and update their data feeds.
- First boot (5 to 10 minutes):
- The instance bootstraps PostgreSQL, Redis, the Django web app, Hatchet workers, and the bundled recon toolchain (30+ tools) automatically.
- Wait until cloud-init completes before browsing to the UI.
- Access the web console:
- Navigate to https://<EC2-public-DNS>/ in your browser.
- You will see a self-signed TLS warning on first launch; accept it or install your own certificate (see "TLS and Custom domain" below).
- Create the first admin account:
- SSH to the instance: ssh ubuntu@<EC2-public-DNS>
- Run: sudo docker compose exec web python manage.py createsuperuser
- Log in to the web UI with the credentials you just created.
Configuration
- API keys for AI analysis (OpenAI, OpenRouter, Ollama), notification webhooks (Slack, Discord, Telegram, PagerDuty, Opsgenie), ticketing (Jira, ServiceNow, GitHub Issues, GitLab Issues), and SIEM integrations (Splunk HEC, Microsoft Sentinel, generic Syslog or Webhook) are all configured from Settings inside the web UI. No file edits required.
- Cloud asset discovery for AWS, Azure, GCP, and Cloudflare is configured under Settings, Cloud Connectors.
- Threat intelligence providers (Shodan, Censys, GreyNoise, VirusTotal, AbuseIPDB, HIBP, MISP, OpenCTI, AlienVault OTX) are added under Settings, Threat Intelligence.
- Identity provisioning via SCIM 2.0 (Okta, Azure AD, Google Workspace, OneLogin) and LDAP or Active Directory direct-bind authentication are configured under Settings, Identity.
- Scan engines can be customized through the in-app Engine Wizard (Goal, Depth, Notifications) without writing YAML.
- Scheduled and continuous scans are managed under Targets, Schedule.
- Recurring PDF report delivery (daily, weekly, monthly) is configured per project under Reports, Schedule.
TLS and Custom domain
- Replace /etc/nginx/certs/{cert.pem,key.pem} with your own certificate.
- Restart the proxy: sudo docker compose restart proxy
Upgrades
- Pull the latest images and restart: sudo docker compose pull && sudo docker compose up -d
- Database migrations run automatically on container start, protected by a Postgres advisory lock so multi-replica deployments upgrade safely.
Support and Documentation
- Product docs: https://hailbytes.com/asm
- Support: support@hailbytes.com
- Issues and feature requests: https://github.com/HailBytes/hailbytes-asm/issues
Resources
Vendor resources
Support
Vendor support
Support Resources
- Email: security-support@hailbytes.com
- Documentation: https://hailbytes.com/pages/documentation/
- Product Page: https://hailbytes.com/asm/
- Support Plans: https://hailbytes.com/pages/support-pricing/
Questions? Visit https://hailbytes.com or email sales@hailbytes.com
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Enterprise phishing simulation platform. One-click AWS deployment with email integration, campaign management, and analytics.
Secure your connections with HailBytes SOCKS5 Proxy on Ubuntu. This powerful and easy-to-use proxy server allows you to mask your IP address, encrypt your traffic, and bypass internet restrictions. Whether you're accessing the web, streaming content, or running automated scripts, HailBytes SOCKS5 Proxy ensures your online privacy and security. With fast setup and reliable performance, this AWS Marketplace solution is ideal for businesses and individuals looking for a cost-effective proxy server solution.
Deploy HailBytes SOCKS5 Proxy in your AWS environment to meet your scalability, resiliency, security and performance requirements.
Deploy GoPhish certified by HailBytes in your AWS environment to meet your scalability, resiliency, security and performance requirements.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.