Last month, a client came to us after a breach. The attacker’s entry point? A staging server on a subdomain that nobody remembered existed. It had been spun up two years ago for a demo, never decommissioned, and was running an unpatched version of WordPress with default credentials.
This story plays out constantly. Companies invest heavily in securing their known assets while forgotten infrastructure quietly accumulates risk in the shadows. The uncomfortable truth is that most organizations have no idea what their actual external attack surface looks like.
That’s why we built Lorikeet.
What Is Lorikeet?
Lorikeet is our Attack Surface Management platform—a continuous monitoring service that discovers and tracks every internet-facing asset tied to your organization. Subdomains, open ports, exposed services, outdated software, misconfigured DNS, weak TLS… if it’s visible from the outside, Lorikeet finds it.
This isn’t a one-time scan. Lorikeet runs continuously, so when your dev team spins up a new subdomain at 2am or someone accidentally exposes a database port, you know about it before an attacker does.
Starting at $1,200/month, it’s the cheapest insurance policy you’ll ever buy.
What Lorikeet Monitors
Lorikeet continuously scans and monitors your entire external footprint. That includes subdomains and IP addresses, open ports and running services, web applications and their technology stacks, SSL/TLS configurations and certificate health, DNS records and email server security, and third-party services connected to your infrastructure.
The platform automatically discovers new assets as your infrastructure evolves. No manual inventory updates, no hoping someone remembered to document that new server.
How It Works
Lorikeet uses the same reconnaissance techniques that real attackers use—just continuously and on your behalf.
The methodology runs through eight stages. First, automated subdomain discovery and enumeration finds every subdomain associated with your domains. Then continuous port scanning and service detection identifies what’s actually running and exposed. Technology fingerprinting and version detection tells you exactly what software versions are in play. Vulnerability scanning with industry-standard tools catches known CVEs. SSL/TLS security assessment flags weak configurations, expiring certs, and protocol issues. DNS and email security analysis catches SPF/DKIM/DMARC misconfigurations and DNS hijacking risks. Change detection and monitoring alerts you when something new appears or changes. Finally, integration with threat intelligence feeds correlates your exposure against active exploit trends.
The PTaaS Portal: Real-Time Visibility
Here’s where Lorikeet really shines. Everything flows into our PTaaS (Penetration Testing as a Service) portal, giving you a single dashboard for your entire security posture.
The portal provides a comprehensive asset inventory showing every discovered subdomain, IP, and service in one place. Findings are displayed in real-time with vulnerability details, severity ratings, and remediation guidance as soon as they’re discovered. The change timeline gives you a historical view of your attack surface evolution so you can see what’s new, what’s changed, and what’s disappeared. Real-time alerts notify you via email, Slack, or webhook the moment critical findings emerge. Executive reporting generates monthly summaries for leadership and compliance audits. And API access lets you integrate findings directly into your existing security tools and workflows.
No more waiting for quarterly pentest reports to find out you have a problem. No more spreadsheets tracking assets across teams. One portal, real-time updates, actionable intelligence.
What We Actually Find
The vulnerabilities Lorikeet catches aren’t theoretical—they’re the same issues we exploit during penetration tests. Forgotten subdomains and shadow IT are extremely common: staging.yourcompany.com, dev-api.yourcompany.com, that random subdomain someone pointed at their home IP for testing. We find exposed development and staging environments that often run with debug mode enabled, default credentials, or production data copies. Outdated software versions with known CVEs running on assets nobody’s patched because nobody knew they existed. Misconfigured DNS records including dangling CNAMEs pointing to decommissioned services (hello, subdomain takeover). Weak SSL/TLS configurations with expired certs, TLS 1.0 still enabled, weak cipher suites. Exposed admin panels with phpMyAdmin, WordPress admin, cPanel, and server management interfaces open to the internet. Open database ports where MongoDB, MySQL, Redis, and Elasticsearch are directly exposed. Information disclosure via banners revealing software versions, internal paths, and stack traces.
Who This Is For
Lorikeet is built for organizations where the attack surface moves faster than manual tracking can keep up.
Fast-growing SaaS companies spinning up infrastructure weekly need this. Organizations with complex infrastructure spanning multiple clouds, data centers, and legacy systems benefit significantly. Companies with multiple acquisitions inheriting unknown assets from M&A activity find it invaluable. DevOps-heavy organizations with CI/CD pipelines constantly deploying new services need continuous monitoring. Cloud-first businesses with dynamic infrastructure that scales up and down need real-time visibility. And anyone needing continuous monitoring for NIST CSF, PCI-DSS, SOC 2, ISO 27001, or GDPR compliance requirements will find Lorikeet meets those needs.
Compliance-Ready
Lorikeet’s continuous monitoring and reporting directly supports compliance requirements across major frameworks. For PCI-DSS, it addresses requirement 11.2 for quarterly vulnerability scans with continuous coverage instead. SOC 2’s CC6.1 requiring asset inventory and CC7.1 requiring vulnerability management are both covered. ISO 27001’s A.12.6 technical vulnerability management requirements are met. And GDPR’s Article 32 requiring appropriate technical measures is supported through continuous monitoring.
Monthly executive reports are formatted for auditor consumption. When your auditor asks “how do you maintain visibility of your external assets?” you hand them the Lorikeet dashboard.
Getting Started
Onboarding is simple. You give us your root domains, we handle the rest. Within 24 hours you’ll have a complete inventory of your external attack surface with findings prioritized by risk.
No agents to install. No network changes required. Just visibility you didn’t have before.
Attack Surface Management starts at $1,200/month as an ongoing service. For most organizations, that’s less than the cost of a single incident response engagement—or a few hours of breach cleanup.
Stop Flying Blind
Every day you operate without attack surface visibility is a day you’re trusting that nothing’s been forgotten, nothing’s misconfigured, and nothing new has appeared that shouldn’t be there. That’s a lot of trust in an environment that changes constantly.
Lorikeet gives you the same external view of your organization that attackers have—continuously, automatically, and before they find something you missed.
Get Started with Lorikeet — Schedule a demo and see your attack surface in 24 hours.
Parrot CTFs — Continuous security monitoring for organizations that can’t afford blind spots.
Leave a Reply