19 repositorios
Platforms for discovering, inventorying, and monitoring internet-facing assets to maintain visibility into external security posture.
Distinguishing note: Specifically targets the discovery and monitoring of external-facing assets rather than internal network security.
Explore 19 awesome GitHub repositories matching security & cryptography · Attack Surface Management. Refine with filters or upvote what's useful.
Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ
Maps and monitors internet-facing assets, subdomains, and cloud infrastructure to maintain a comprehensive view of organizational exposure.
Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno
Generates a sitemap of discovered endpoints and paths to provide a clear overview of application structure and entry points.
SpiderFoot is an open-source reconnaissance and intelligence automation framework designed to streamline the collection and correlation of data for security investigations. It functions as a comprehensive platform that automates the querying of hundreds of public data sources to map digital footprints, identify exposed assets, and uncover potential security threats across an organization's external perimeter. The platform distinguishes itself through a modular, plugin-based architecture that executes data gathering tasks in parallel, supported by a directed graph data model that tracks relati
Identifies and monitors internet-exposed digital assets to reduce organizational risk and uncover shadow IT.
Anubis is a command-line security reconnaissance framework designed for subdomain enumeration and attack surface mapping. It functions as a utility for security professionals to identify, catalog, and visualize the external digital footprint of an organization by discovering all subdomains associated with a target domain. The tool distinguishes itself through a modular resolver pipeline that integrates passive reconnaissance from third-party security APIs and public certificate transparency logs. It combines this data with active discovery methods, including recursive DNS brute-forcing and al
Maps the external digital footprint by discovering and inventorying all subdomains linked to a target domain.
theHarvester is a command-line utility designed for gathering open-source intelligence and mapping an organization's external attack surface. It functions as a security information gathering framework that automates the collection of publicly available data to assist in reconnaissance and threat analysis. The tool utilizes a plugin-based architecture to execute isolated queries against various search engines and public databases. It employs asynchronous task execution to run multiple discovery operations in parallel, while a centralized pipeline aggregates and deduplicates findings from these
Identifies public-facing digital assets to map an organization's external attack surface.
Hacker Roadmap is a community-driven repository that functions as a structured learning path and resource directory for cybersecurity and ethical hacking. It organizes complex security concepts into sequential modules, guiding users from fundamental knowledge to advanced technical exploitation skills through a curated collection of educational materials and professional development resources. The project distinguishes itself by acting as a centralized index that maps specialized third-party security software and isolated training environments to specific operational use cases. By aggregating
Maps domains and IP addresses to identify exposed entry points and potential security vulnerabilities.
Amass is an attack surface management tool designed to identify, map, and inventory an organization's internet-facing digital assets. It functions as a security asset discovery engine that systematically expands an organization's known infrastructure footprint through recursive domain name resolution and the collection of intelligence from diverse public data sources. The platform distinguishes itself by utilizing a graph-based modeling approach to organize discovered resources. By maintaining a persistent graph database, it tracks the relationships between infrastructure components and norma
Provides a platform for mapping organizational digital assets to identify security vulnerabilities across the network.
Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc
Maps internet-exposed infrastructure and cloud assets to maintain visibility into an organization's total attack surface.
Azure Docs is the official technical documentation repository for Microsoft Azure, the cloud computing platform. It provides comprehensive guidance on the full spectrum of Azure services, covering everything from core infrastructure components like virtual machines, Kubernetes clusters, and serverless computing to platform services for AI, machine learning, data analytics, and storage. The documentation details how to provision, manage, and govern cloud resources at scale, including policy enforcement, identity management, and cost optimization. The documentation distinguishes Azure through i
Documents Microsoft Defender for Cloud for discovering internet-exposed resources and managing attack surface.
httpx is a suite of tools and libraries for HTTP reconnaissance, infrastructure discovery, and DNS resolution. It functions as a command line toolkit for extracting metadata and status codes from HTTP targets and CIDR ranges, as well as a Go library for integrating these probing capabilities into custom programs. The project distinguishes itself through specialized infrastructure profiling, using TLS fingerprinting to extract JARM hashes and certificate details. It identifies underlying components such as CDN usage, Autonomous System Numbers, and CNAMEs to map web server software and infrastr
Analyzes TLS certificates, JARM hashes, and security headers to evaluate the external security posture of a network.
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Discovers and monitors internet-facing assets using OSINT and DNS enumeration to identify organizational exposures.
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
Provides a platform for discovering, inventorying, and monitoring internet-facing assets to maintain visibility into the external security posture.
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
Maps subdomains and open ports to identify and monitor all internet-facing assets for an organization.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Provides a comprehensive platform for discovering, inventorying, and monitoring internet-facing assets.
Knock es una herramienta de gestión de superficie de ataque y framework de reconocimiento DNS utilizado para descubrir y mapear la infraestructura externa de una organización. Funciona como una herramienta de enumeración de subdominios y escáner de seguridad HTTP para identificar hosts alcanzables y activos organizacionales. El proyecto se distingue por utilizar una estrategia de enumeración híbrida pasiva-activa, combinando búsquedas de API externas con ataques de fuerza bruta de listas de palabras activos y transferencias de zona DNS. Incluye un pipeline de validación de múltiples etapas que detecta registros DNS comodín y verifica la conectividad del host para filtrar falsos positivos. El framework cubre el mapeo de la superficie de ataque, auditoría de seguridad DNS y reconocimiento de vulnerabilidades, incluyendo la detección de protocolos TLS heredados. Los hallazgos se gestionan a través de una base de datos buscable y pueden exportarse como informes HTML o JSON. Las opciones de ajuste de rendimiento permiten el ajuste de los niveles de concurrencia y tiempos de espera de red.
Provides a complete platform for discovering, inventorying, and monitoring internet-facing assets.
ShuiZe_0x727 es un framework de recolección de inteligencia de código abierto y herramienta de gestión de superficie de ataque. Funciona como un motor de descubrimiento de activos y agregador de ciberinteligencia diseñado para identificar activos expuestos a internet, mapear infraestructura de red y visualizar la exposición total de la red. El proyecto integra escaneo de vulnerabilidades y detección de fugas de datos sensibles para identificar debilidades de seguridad y puntos de acceso no autorizados. Emplea una combinación de consultas a APIs de espacio de red, análisis de logs de certificados y escaneo de repositorios públicos para extraer credenciales filtradas, claves de API y rutas administrativas internas. El framework proporciona capacidades para la recolección automatizada de información y la investigación de ciberinteligencia, utilizando un motor de escaneo basado en plugins para detectar vulnerabilidades en servicios web y puertos abiertos. Los datos de activos recopilados y los hallazgos de seguridad se exportan a hojas de cálculo formateadas para su análisis y auditoría offline.
Provides a comprehensive platform for discovering and monitoring internet-facing assets to manage total network exposure.
This project is a network reconnaissance framework and internet metadata database used for collecting, storing, and analyzing data from active scanners and passive traffic captures. It functions as a threat intelligence aggregator and passive traffic analysis tool, merging scan results from multiple tools into a unified dataset for security investigation. The system distinguishes itself through its ability to visualize network assets using heatmaps and geographic charts to correlate autonomous systems and domain names. It provides external attack surface management by aggregating metadata to
Aggregates scan results and metadata to visualize and monitor the security posture of public internet assets.
Findomain is a subdomain discovery tool and DNS resolver used for mapping an organization's external attack surface. It functions as a DNS infrastructure analyzer that searches for registered subdomains associated with a root domain to uncover undocumented infrastructure and services. The project includes an attack surface monitor that tracks changes to subdomains over time, using differential state monitoring to identify newly created or deleted assets. It provides real-time alerting via webhooks when changes in the monitored domain surface are detected. The system performs high-speed DNS r
Monitors the external attack surface by tracking subdomain changes and sending real-time alerts.
ScopeSentry es una plataforma de gestión de superficie de ataque distribuida diseñada para catalogar activos digitales y automatizar evaluaciones de seguridad en grandes entornos de red. Funciona como una herramienta de descubrimiento de activos de red y escáner de vulnerabilidades, proporcionando un framework para mantener la visibilidad sobre la infraestructura organizacional. La plataforma se distingue por una arquitectura distribuida que orquesta nodos trabajadores para ejecutar tareas de seguridad en paralelo. Utiliza un proceso de descubrimiento basado en eventos para identificar nuevos activos y subdominios, manteniendo un registro con estado de configuraciones y debilidades para facilitar la detección de cambios a largo plazo. El sistema admite un pipeline de ejecución modular que permite la integración de plugins personalizados y utilidades de seguridad de terceros. Esta extensibilidad permite un monitoreo integral de activos web, enumeración automatizada de subdominios y la identificación de configuraciones erróneas o fugas de información sensible a través de entornos distribuidos.
Provides a security framework for mapping network assets, enumerating subdomains, and automating vulnerability scanning across distributed infrastructure.