Passive Attack Surface Intelligence

Map everything you expose. Touch nothing.

Meteoryte inventories your internet-facing footprint from public intelligence, tracks every change, and surfaces the assets you forgot you owned — without a single packet reaching your targets.

10+passive sources
0packets to target
change history
The principle

Reconnaissance from a distance. Never a scan.

Every other ASM tool eventually probes your hosts. Meteoryte queries the world's passive intelligence about your surface — certificate transparency, passive DNS, scan databases, ASN ownership — and correlates it. Discovery only ever suggests; nothing is scanned until a human confirms it.

packets sent
to your targets
// intelligence sources
cli.sh
The platform

An external surface, fully accounted for.

From first discovery to remediation — inventory, change, risk, and threat context in one continuous loop.

Discover

Find every host

Enumerate subdomains and resolve them to live hosts across CT logs, passive DNS, and scan databases — apex to edge.

Track change

See what moved

An append-only ledger records what's new, changed, or disappeared since the last sweep. Answer "what changed?" not just "what exists?"

Enrich

Full context

Open ports, TLS certificates, device classification, and known CVEs attached to every asset the moment it's found.

Threat intel

Know what's hot

Cross-reference assets against malware, C2, and adversary reporting — so a compromised host surfaces the moment it's named.

Expand

What you forgot you own

Passive pivots — shared cert SANs, ASN ownership — suggest domains and netblocks you own but aren't tracking, for review.

Remediate

Close the loop

Risk, assignee, and status on every asset — with Jira issues and email notifications built into the triage workflow.

How it works

Five passive stages, on a loop.

Every target flows through the same spine on each cycle — and the diff between cycles is where the value lives.

01

Enumerate

CT logs, passive DNS, and OSINT surface every hostname under the domain.

02

Resolve

Hostnames map to live IPs; the dead and historical fall away.

03

Probe

Passive TLS and service intelligence enrich each host — never a scan.

04

Reconcile

Diff against the last sweep; emit new / changed / gone events.

05

Discover

Pivot outward to unowned assets and queue them for human review.

Change ledger

Your surface, as a timeline.

Meteoryte doesn't just hold current state — it remembers. Every port opened, certificate rotated, service changed, or host that vanished is one immutable row. Triage the delta, not the whole inventory.

Event ledgercorp.com
newapi-staging.corp.com appeared → 104.21.9.122m
changededge-02.corp.com port 8443 opened2m
vulnlegacy-jboss.corp.com CVE-2021-4422814m
changedwww.corp.com certificate rotated · expires 89d1h
goneold-vpn.corp.com no longer observed1h
newcorp-partners.com discovered via cert SAN3h
Start watching

Know what you expose before anyone else does.

Seed a domain. Meteoryte maps the rest — passively, continuously, and with a full history of everything that changes.