37 مستودعات
Processes for discovering and documenting internet-facing assets to identify organizational exposure.
Distinct from External Asset Trackers: Specific to security perimeter discovery rather than file or emoji asset mapping.
Explore 37 awesome GitHub repositories matching security & cryptography · Attack Surface Mapping. Refine with filters or upvote what's useful.
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
Discovers and documents internet-facing assets to visualize the total reachable footprint of an organization.
Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove
Maps cloud inventory and findings into directed graphs to visualize potential lateral movement and attacker exploitation routes.
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Uses a graph database to map cloud inventory and visualize potential attack paths.
Subfinder is a passive subdomain enumeration tool and DNS discovery utility designed to identify valid subdomains and hostnames associated with a specific organization or domain. It functions as a passive reconnaissance tool, gathering information about target domains by querying online databases without sending network traffic to the target infrastructure. The tool utilizes a pluggable provider architecture to separate discovery logic into independent modules, allowing for the integration of multiple passive-source APIs. It employs a concurrent-worker request model to execute network request
Identifies the complete range of public-facing assets for a domain to map organizational exposure.
Subfinder is a passive subdomain enumeration tool and DNS asset discovery utility designed for mapping the external attack surface of a domain. It functions as a passive reconnaissance framework that identifies subdomains by querying curated third-party data sources and APIs without interacting directly with the target infrastructure. The tool utilizes a modular provider interface to integrate various passive sources and employs concurrent request orchestration to manage simultaneous network queries. It includes wildcard DNS filtering to identify and remove catch-all records, ensuring the res
Maps the external attack surface of a domain by discovering all public internet assets.
Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a bro
Maps the web attack surface by discovering hidden paths and sensitive files through directory enumeration.
Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security
Identifies accessible services and open ports across a network of subdomains to map the attack surface.
BloodHound is a graph-based security analysis tool designed to map trust relationships and attack vectors within Active Directory environments. It functions as an attack path mapper and risk assessment system that uses graph theory to identify hidden relationships and paths leading to high-privilege accounts. The tool specializes in network attack surface mapping and privilege escalation pathfinding. It quantifies security risks by measuring the reliability of attack paths to critical targets, allowing for the prioritization of vulnerability elimination. The system provides capabilities for
Uses graph-based representations to visualize potential lateral movement routes and security vulnerabilities.
Bloodhound is an Active Directory attack path mapper and security auditor designed to visualize trust relationships and permission chains. It serves as an attack surface management tool that identifies paths to domain administrator and other high-privileged accounts. The project uses a graph database analyzer to map complex identity and access relationships. It quantifies the risk of privilege escalation by identifying misconfigured permissions and trust links within Windows domains. The system provides capabilities for Active Directory security analysis, identity and access auditing, and ne
Provides graph-based visualizations of trust relationships to identify the easiest routes for system compromise.
This project is a comprehensive security suite and knowledge base focused on the engineering and construction of trustworthy digital and physical systems. It provides a systematic framework for security engineering design, covering the establishment of high-assurance architectures and the implementation of security models that govern how a system achieves its safety goals. The project is distinguished by its focus on formal assurance and adversarial deterrence. It includes methodologies for creating security assurance cases and proofs to verify system trustworthiness, alongside economic and t
Provides methodologies for analyzing potential attack routes through graph-based visualization of assets and configurations.
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Discovers and monitors internet-facing assets to identify unknown exposures and track changes in the organizational perimeter.
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
Crawls DNS names, IP ranges, and organizations to discover all reachable public-facing infrastructure.
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
Stores assets and their relationships in a structured database to track changes in attack surfaces over time.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Maps the external attack surface by discovering subdomains via passive enumeration and certificate logs.
EyeWitness هو أداة لرسم خرائط البنية التحتية للويب والاستطلاع مصممة لأتمتة الرسم البصري لخدمات الويب المكشوفة. يعمل كأداة لالتقاط لقطات شاشة بمتصفح بدون رأس وأداة استطلاع HTTP تلتقط أدلة بصرية وتستخرج رؤوس الخادم من قوائم أهداف الويب. يحدد النظام تقنيات الخادم ويدقق في بيانات الاعتماد الإدارية الافتراضية الشائعة لرسم سطح الهجوم الخارجي للمؤسسة. يقوم بإنشاء تقارير أمان HTML قابلة للبحث تجمع بين لقطات الشاشة، وكود مصدر الصفحة، ونتائج التحليل المصنفة لتقييم الثغرات. تتضمن الأداة قدرات لاستطلاع خادم الويب ورسم خرائط سطح الهجوم، باستخدام معالجة الأهداف متعددة الخيوط وإدارة الموارد القائمة على المخزن المؤقت للتعامل مع المسح عالي الحجم. يدعم استيراد قوائم الأهداف من صيغ النص وXML.
Discovers and documents internet-facing assets by capturing screenshots to identify an organization's external attack surface.
Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet
Discovers and maps all internet-facing assets to understand the full attack surface of an organization.
recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte
Automates the discovery and documentation of internet-facing assets to map an organization's digital footprint.
Learn-Web-Hacking هو دليل دراسي منظم لأمن الويب وقاعدة معرفية لاختبار الاختراق. يوفر مجموعة من ملاحظات البحث التي تركز على تحديد واستغلال الثغرات في تطبيقات الويب وبروتوكولات الشبكة. يتضمن المشروع أطر عمل متخصصة لتقييم المخاطر الأمنية في النماذج اللغوية الكبيرة لمنع حقن الأوامر (prompt injection)، بالإضافة إلى أدلة لتعزيز البنية التحتية السحابية، بما في ذلك معايير الحاويات وأدوات التنسيق. كما يغطي تحليل معايير الهوية وبروتوكولات المصادقة. تغطي المواد نطاقاً واسعاً من القدرات الأمنية، بما في ذلك تحليل بروتوكولات الشبكة، وجمع المعلومات لرسم خرائط سطح الهجوم، واختراق الشبكات الداخلية بما في ذلك الحركة الجانبية والاستمرارية. كما يفصل الاستراتيجيات الدفاعية مثل معمارية الثقة الصفرية (zero-trust) وكشف التسلل.
Provides a framework for discovering and documenting internet-facing assets to identify organizational exposure.
ThreatMapper هي منصة حماية تطبيقات سحابية أصلية وماسح ضوئي لأمان البنية التحتية. تعمل كنظام لإدارة الثغرات وجامع بيانات تتبع البنية التحتية السحابية مصمم لمراقبة أعباء العمل واكتشاف مخاطر الأمان عبر بيئات السحابة والحاويات. تتميز المنصة بمصور حركة مرور الشبكة الذي يستخدم التعلم الآلي لتصنيف أنماط الاتصال ونظام رسم خرائط الهجوم القائم على الرسم البياني لتحديد المسارات عالية المخاطر بين الثغرات وتبعيات الشبكة. تغطي قدراتها الأوسع تدقيق امتثال البنية التحتية السحابية مقابل معايير الأمان، واكتشاف تهديدات الإنتاج للبرمجيات الضارة والأسرار المكشوفة، وجمع حزم الشبكة وبيانات تتبع أعباء العمل عبر مستشعرات موزعة. تتم إدارة نشر مكونات المسح عبر بيئات السحابة، والعناقيد، والأجهزة الافتراضية من خلال أدوات الحاويات والبنية التحتية ككود.
Maps security vulnerabilities and network dependencies into a visual graph to identify high-risk attack paths.
Nettacker هو إطار عمل لاختبار الاختراق المؤتمت مصمم لتنسيق الاستطلاع، وفحص المنافذ، واكتشاف الثغرات الأمنية. يعمل كأداة لاستطلاع الشبكة وماسح للثغرات الأمنية يقوم بتحديد المنافذ المفتوحة، وبصمات الخدمات، وفحص الأنظمة مقابل قواعد بيانات الثغرات الأمنية المعروفة. يتميز إطار العمل بدمج زاحف لتطبيقات الويب لاكتشاف المسارات المخفية عبر الـ fuzzing مع نظام لإدارة الثغرات الأمنية يحتفظ بنتائج الفحص في قاعدة بيانات لتتبع التقييمات التاريخية. كما يتضمن قدرات متخصصة لتعداد النطاقات الفرعية، وهجمات القوة الغاشمة (brute forcing) على بيانات الاعتماد، والقدرة على توجيه حركة المرور عبر وكلاء (proxies) لإخفاء الهوية. يغطي النظام نطاقاً واسعاً من القدرات الأمنية، بما في ذلك اكتشاف أصول الشبكة، وتدقيق الخدمات متعددة البروتوكولات، وتدقيق التكوين. ويدعم الفحص متعدد الأهداف عبر نطاقات IP وكتل CIDR، ويوفر أدوات لتوليد تقارير أمنية بتنسيقات متعددة. التحكم البرمجي متاح عبر واجهة REST، مما يسمح بدمج إطار العمل في خطوط أنابيب الأمان وسير عمل الأتمتة.
Maps internet-facing assets and hidden subdomains to identify and document organizational exposure.