Hunter-native continuous ASM

Wake up to attributed findings.

ASMHunter watches your bug bounty scope, catches asset drift, and tells you which scan surfaced the asset that earned the bounty — and you can drive all of it from Claude or Cursor over MCP.

Free tier. No credit card. Built by a hunter, for hunters.

The gap

Other ASMs report changes. ASMHunter tells you which one paid.

Attack surface monitoring (ASM) means continuously tracking every internet-facing asset in your bounty scope — subdomains, ports, endpoints — and catching the moment it changes. ASMHunter runs that monitoring for you and attributes every finding back to the scan that surfaced it.

Three reasons hunters miss money on programs they are already in.

Market

85%

do not run continuous monitoring.

The active hunter segment has not adopted any existing platform. Greenfield, not self-host churn.

Drift

~12/wk

new subdomains per public program.

Bounty scopes ship constantly. A weekly sweep is the floor — serious assets move every day.

Attribution

$0

credit for findings you cannot trace.

If you cannot say which scan, which asset, and which day surfaced the bounty, the tool that earned it is the tool you cancel.

Figures based on ASMHunter platform monitoring data and founder market research.

01

No VPS, cron, or queue babysitting.

02

Continuous diff feed for assets, ports, endpoints, and findings.

03

Every finding carries scan, asset, and date metadata.

The workflow

For hunters who need coverage while they are away from the laptop.

ASMHunter is built around the pains that cause missed bounties: asset gap, first-to-file pressure, tool sprawl, and the inability to prove which paid tool actually earned anything.

Diff feed

Today is not yesterday.

New subdomains, ports, HTTP fingerprints, URLs, and findings land in one chronological feed.

Managed runs

Hunt, do not maintain infra.

Scheduled sweeps run without self-host stacks, workers, cron jobs, or manual dedupe scripts.

Scope first

Stay inside the program.

Targets are tied to bounty scope so the system is shaped around authorized hunting.

API-ready

Feed your own stack.

Use the API as a substrate for Caido, custom scripts, or AI agents. ASMHunter does not replace your methodology.

A tour of the ASMHunter console — monitored programs, your live attack surface, and findings attributed to the scan that surfaced them.

AI & MCP

Hunt with AI. Natively.

ASMHunter ships a Model Context Protocol server, so you can drive recon, hunt sessions, and reports straight from Claude, Cursor, or any MCP client — in plain language, without leaving your editor.

“Start a hunt session on Shopify with the goal ‘find IDOR in billing’, pull my newest assets, then draft the report.” — done from your AI client.

MCP server

Connect once.

Drop one config block into your MCP client. Your whole ASMHunter workspace becomes a toolset your AI can call.

Natural language

Skip the dashboards.

Ask for new assets, start goal-driven sessions, log leads and findings, and draft reports without leaving the chat.

Goal-driven

Stay on target.

Set a goal when you start a session; your AI reads it on every step and keeps the hunt focused on what pays.

Attribution loop

The renewal question is simple: what did this tool earn?

Each finding is stamped with the scan run, asset, timestamp, and source. When a report pays, you can connect the bounty back to the exact monitoring event.

Asset First seen Report
api-new.acme.example Scan #1847 paid
admin-v2.acme.example Scan #1851 triage
files-beta.acme.example Scan #1853 draft

Pricing

Pricing for solo hunters, not procurement teams.

Pick the sweep frequency and target count that match how often you hunt.

Free

$0

Weekly sweeps / 3 targets

  • Continuous monitoring stack
  • Diff feed and change detection
  • Telegram and email alerts
Start free
Best fit

Hunter

$49/mo

Daily sweeps / 10 targets

  • Full discovery and detection workflows
  • Attribution timeline per finding
  • Public API read access
Start hunting

Pro

$99/mo

6h sweeps / 25 targets

  • Everything in Hunter
  • Deep modules: XSS, SQLi, JS secret extraction
  • Deep, active permutation crawl
Start hunting

Legend

$199/mo

Hourly sweeps / unlimited targets

  • For heavy public-program coverage
  • Fastest sweep cadence
  • Room for custom methodology
Start hunting

FAQ

Questions hunters ask before signing up.

What is continuous attack surface monitoring?

Attack surface monitoring (ASM) is the practice of continuously discovering and tracking every internet-facing asset tied to a target — subdomains, IPs, ports, HTTP services, and endpoints — and detecting when that surface changes. A one-off scan is a snapshot; continuous ASM re-runs discovery on a schedule and surfaces only the diff: what is new, what moved, what disappeared. For bug bounty hunters this matters because scopes ship new assets constantly, and the person who sees a new subdomain first has the best shot at the bounty. ASMHunter runs this monitoring for you and delivers the changes as an alert feed instead of raw scan output.

How is ASMHunter different from other ASM tools?

Most ASM platforms tell you that your attack surface changed. ASMHunter also tells you which change earned money. Every finding is stamped with the scan run, the asset, the timestamp, and the source that surfaced it, so when a report pays out you can trace the bounty back to the exact monitoring event that found the asset. This is the attribution loop, and it answers the only question that matters at renewal: what did this tool actually earn? ASMHunter is also built specifically for solo hunters rather than enterprise security teams — pricing, scope handling, and alerting are all shaped around one person hunting public and private bug bounty programs.

Do I need my own servers or infrastructure?

No. ASMHunter runs scheduled sweeps on managed infrastructure, so there is no VPS to rent, no cron jobs to maintain, no scan queue to babysit, and no dedupe scripts to write. You add a target that matches your bounty scope, pick a sweep cadence, and the platform handles discovery, detection, diffing, and alerting. This is the main difference from self-hosted recon stacks like a personal server running subfinder and nuclei on cron: those break silently, drift out of date, and demand ongoing maintenance. ASMHunter exists so you spend your time hunting the findings rather than keeping the pipeline alive. See the full ASMHunter vs self-hosted recon comparison for an honest side-by-side.

Can I use ASMHunter with bug bounty programs?

Yes — that is exactly what it is built for. Targets are tied to bounty scope so the system is shaped around authorized hunting. You may only configure scan targets that you own, that you are explicitly authorized to test, or that are listed in a public bug bounty program with in-scope assets that match. By adding a target you confirm you have legal authority to run automated security testing against it. ASMHunter monitors both public and private program scope, which is where continuous coverage pays off most: private invites and freshly added assets are where first-to-file advantage is largest.

What does the free tier include?

The free tier gives you weekly sweeps across 3 targets with the full continuous monitoring stack: the diff feed, change detection, and Telegram and email alerts. No credit card is required to start. Paid tiers increase both sweep frequency and target count — Hunter is $49/month for daily sweeps and 10 targets, Pro is $99/month for 6-hour sweeps and 25 targets, and Legend is $199/month for hourly sweeps and unlimited targets. Annual billing is priced at ten months (for example Hunter is $490/year). You can upgrade at any time as your scope grows, and downgrade or cancel from account settings.

How does the AI and MCP integration work?

ASMHunter ships a Model Context Protocol (MCP) server, so you can drive recon, hunt sessions, and reports directly from Claude, Cursor, or any MCP client in plain language. You drop one config block into your MCP client and your entire ASMHunter workspace becomes a toolset the AI can call: pull your newest assets, start a goal-driven hunt session, log leads and findings, and draft a report without leaving the chat. The MCP server is published on PyPI as the asmhunter-mcp package. Because sessions are goal-driven, the AI reads your stated objective on every step and keeps the hunt focused on what actually pays.

Where is my data stored?

Your account and scan data live in a Postgres database hosted by Supabase in the Frankfurt (EU) region, encrypted at rest with TLS in transit. Scan artifacts and raw tool output are stored in Backblaze B2 (US region), and sweeps run on a Hetzner worker fleet in the EU that retains no scan output after upload. ASMHunter runs no third-party analytics, advertising, or session-replay tools — no Google Analytics, no Mixpanel, no tracking pixels — and does not sell your data or train any AI model on your scan results. You can export or delete your account data at any time; hard deletion runs seven days after the request. See our privacy policy for the full subprocessor list.

How do refunds and cancellation work?

ASMHunter offers a 7-day, no-questions refund on paid plans. You can cancel or change your plan at any time from account settings; billing is handled by LemonSqueezy as the merchant of record, so card details never touch ASMHunter's own systems. When you cancel, your account data is retained for a 7-day grace period in case you change your mind, then hard-deleted. Because the free tier costs nothing and requires no credit card, the lowest-risk way to evaluate the product is to run it against your real scope on the free plan first and upgrade only once you have seen it surface changes you care about.

Get started

Be the first hunter on the new tier.

Free tier, no credit card. Start monitoring your scope in minutes.

Start free

Upgrade anytime as your scope grows. How we handle data