Lictor for Business · Patrol monitoring

We watch what you
accidentally leave open.

Lictor Patrol keeps watch on everything you expose to the public internet: your domains, your GitHub orgs, day and night. The moment something leaks, the people you choose hear what it is and how to fix it, long before an attacker would.

3,700+ critical and high-severity exposures found in the wild: leaked keys, exposed databases, open admin, claimable subdomains. None ever exploited.

56 seconds on what Patrol does: watch everything you expose, cut the noise, and tell you the second something leaks, fix attached.

What we watch for

Every plan runs the full sweep across the surface you authorize. These are the exposures most likely to bite a business first. We only look at what's already public, and every alert masks the real secret, so it's never stored or emailed in the clear.

🔑

Exposed secrets & API keys

Live API keys, cloud credentials, and tokens sitting in public files, debug pages, or pushed to a public repo by mistake.

🗄️

Open databases & buckets

Cloud storage and databases that answer with no password. Anyone can list your files, pull your backups, or read your records.

💾

Downloadable backups

Database dumps and site archives (backup.zip, db.sql.gz) sitting in the web root. Your whole database, one download away.

📦

Leaked source & version control

A public .git directory or source maps that hand over your codebase. The git history buried inside usually holds old secrets too.

✉️

Spoofable email

Missing or weak SPF/DMARC that lets anyone forge mail from your domain for CEO-fraud and phishing.

🔗

Dangling subdomains

A subdomain still pointing at a cloud resource you deleted. Anyone can claim it and serve malware from your own domain.

🛠️

Admin & debug surfaces

Admin consoles, phpMyAdmin, and debug pages reachable from the open internet with no password.

🧪

Exposed dev / staging

Pre-production environments left reachable instead of tucked behind a VPN. Usually the least-hardened thing you run.

🏥

Regulated data (PII / health / financial)

Customer records, SSNs, or card data sitting in publicly readable files. That's not a bug. That's a compliance incident.

20 detectors across 24 exposure types, plus 83 recognized secret formats. See the full catalog on the Coverage page.

How it works

Permission-based and observe-only, by design. We never scan anything you haven't authorized, and we never touch or change your systems. We only ever look at what's already public.

You authorize your assets

Add the domains and GitHub orgs you own and confirm they're yours. That consent is the only thing that tells us what to watch. Nothing else is ever touched.

Patrol watches, continuously

Our engine sweeps your authorized surface on a cadence. A newly added asset gets its first look within about a minute; everything is re-checked automatically after that.

You get the alert, secret masked

New exposures alert the people you designate, by email (SMS and phone escalation on higher plans). Every alert is plain-English, severity-ranked, and includes how to contain and fix it. The live secret is always masked.

Plans & pricing

Simple, per-month, no long-term contract. Every plan runs the full detection sweep. The tiers differ by how much surface you watch and how fast we can reach you. All prices are in US dollars (USD). Plans are monthly subscriptions that automatically renew each month at the listed price until you cancel — cancel anytime from Guardian › Billing or by emailing support@lictor-ai.com.

Silver
$49 / month

For a single site or founder getting started.

  • 1 monitored asset (domain or GitHub org)
  • Full detection sweep
  • Continuous monitoring
  • Email alerts
  • Redacted, plain-English findings
Get started
Diamond
$399 / month

For agencies, multi-brand, and regulated-data teams.

  • Unlimited monitored assets
  • Full detection sweep
  • Continuous monitoring
  • Email + SMS + phone escalation
  • Priority support
Get started

Every plan is self-serve: sign up, add your assets, and monitoring starts right away. By subscribing you agree to our Terms, Refund & Cancellation Policy, and Privacy Policy.

What Patrol does not do: Patrol monitors your public, internet-facing exposure only. It is not a penetration test, it does not access your internal systems or private networks, and no automated scan can guarantee detection of every possible issue.

Why Lictor

🗣️

Plain English, with the fix

Most tools hand you a list of jargon. We tell you what's exposed, what someone could do with it, and exactly how to close it.

🛡️

Safe by design

Consent-gated and observe-only. We watch only what you authorize, never modify your systems, and redact every secret before it's stored or sent.

💸

Built for real businesses

Enterprise scanners are priced for enterprises. We're the affordable middle for teams that were either running nothing, or overpaying for 5% of the features.

Get started

Lictor for Business is self-serve software. Create your account, add the domains and GitHub orgs you own, and Patrol starts watching within about a minute. Plans start at $49 per month and you can cancel anytime.

Start monitoring →

Questions? Email support@lictor-ai.com and we’ll reply within one business day.