AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
-
Updated
Apr 8, 2024 - Python
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
OWASP Web Recon & Directory Discovery Platform
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.
Scan 30+ AWS services. Find cost waste. Detect security gaps. Map your attack surface. One command.
WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.
Find and govern AI attack surfaces in application code at PR time. Free, OSS, runs offline.
Site-Scanner - Web application vulnerability assessment tool.
Command-line tool for discovering SaaS platforms a company uses via DNS enumeration
Seekolver is a tool focused on attack-surface mapping. It performs searches for subdomains associated with root domains and root domains associated with organisations using open sources, additionally, it resolves these domains and subdomains in search of HTTP and HTTPS services and then filters the information obtained based on their response.
Pentest Coverage Tracker is a Burp Suite extension that helps penetration testers monitor testing coverage in real time. It logs discovered endpoints and tracks whether their parameters are actually tested in Burp Suite. This helps highlight untested attack surfaces and provides clear visibility of coverage for security teams.
OSINT tool for precise version fingerprinting of open-source web software
Passive attack-surface scanner: turn a domain into a risk grade, copy-paste fixes, and a client-ready report. Safe DNS, HTTP, TLS, email, and certificate-transparency checks.
Intelligence-driven reconnaissance framework for bug bounty hunters and security professionals.
Modular OSINT and attack surface analysis platform for authorized security research, with risk scoring, attack paths, and report generation.
ssb=simple subdomain bruteforcer
Self-hosted external attack surface scanner. Subdomain enumeration + takeover detection, ports, CVEs, TLS, SSH, web vulns, EPSS/KEV prioritisation. 19 tools, 12 attack vectors, one `docker run`. MIT-licensed.
Cent Nuclei Templates generated through the cent tool.
fully autonomous credential intelligence platform that discovers, │ │ extracts, correlates, verifies, and reports exposed secrets across your │ │ target's entire attack surface.
A learning-focused yet production-structured Attack Surface Monitoring engine emphasizing clarity, scope control, and explainable risk assessment.
A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices.
Add a description, image, and links to the attack-surface topic page so that developers can more easily learn about it.
To associate your repository with the attack-surface topic, visit your repo's landing page and select "manage topics."