38 repositorios
Processes for discovering and documenting internet-facing assets to identify organizational exposure.
Distinct from External Asset Trackers: Specific to security perimeter discovery rather than file or emoji asset mapping.
Explore 38 awesome GitHub repositories matching security & cryptography · Attack Surface Mapping. Refine with filters or upvote what's useful.
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
Discovers and documents internet-facing assets to visualize the total reachable footprint of an organization.
Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove
Maps cloud inventory and findings into directed graphs to visualize potential lateral movement and attacker exploitation routes.
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Uses a graph database to map cloud inventory and visualize potential attack paths.
Subfinder is a passive subdomain enumeration tool and DNS discovery utility designed to identify valid subdomains and hostnames associated with a specific organization or domain. It functions as a passive reconnaissance tool, gathering information about target domains by querying online databases without sending network traffic to the target infrastructure. The tool utilizes a pluggable provider architecture to separate discovery logic into independent modules, allowing for the integration of multiple passive-source APIs. It employs a concurrent-worker request model to execute network request
Identifies the complete range of public-facing assets for a domain to map organizational exposure.
Subfinder is a passive subdomain enumeration tool and DNS asset discovery utility designed for mapping the external attack surface of a domain. It functions as a passive reconnaissance framework that identifies subdomains by querying curated third-party data sources and APIs without interacting directly with the target infrastructure. The tool utilizes a modular provider interface to integrate various passive sources and employs concurrent request orchestration to manage simultaneous network queries. It includes wildcard DNS filtering to identify and remove catch-all records, ensuring the res
Maps the external attack surface of a domain by discovering all public internet assets.
Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a bro
Maps the web attack surface by discovering hidden paths and sensitive files through directory enumeration.
Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security
Identifies accessible services and open ports across a network of subdomains to map the attack surface.
BloodHound is a graph-based security analysis tool designed to map trust relationships and attack vectors within Active Directory environments. It functions as an attack path mapper and risk assessment system that uses graph theory to identify hidden relationships and paths leading to high-privilege accounts. The tool specializes in network attack surface mapping and privilege escalation pathfinding. It quantifies security risks by measuring the reliability of attack paths to critical targets, allowing for the prioritization of vulnerability elimination. The system provides capabilities for
Uses graph-based representations to visualize potential lateral movement routes and security vulnerabilities.
Bloodhound is an Active Directory attack path mapper and security auditor designed to visualize trust relationships and permission chains. It serves as an attack surface management tool that identifies paths to domain administrator and other high-privileged accounts. The project uses a graph database analyzer to map complex identity and access relationships. It quantifies the risk of privilege escalation by identifying misconfigured permissions and trust links within Windows domains. The system provides capabilities for Active Directory security analysis, identity and access auditing, and ne
Provides graph-based visualizations of trust relationships to identify the easiest routes for system compromise.
This project is a comprehensive security suite and knowledge base focused on the engineering and construction of trustworthy digital and physical systems. It provides a systematic framework for security engineering design, covering the establishment of high-assurance architectures and the implementation of security models that govern how a system achieves its safety goals. The project is distinguished by its focus on formal assurance and adversarial deterrence. It includes methodologies for creating security assurance cases and proofs to verify system trustworthiness, alongside economic and t
Provides methodologies for analyzing potential attack routes through graph-based visualization of assets and configurations.
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Discovers and monitors internet-facing assets to identify unknown exposures and track changes in the organizational perimeter.
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
Crawls DNS names, IP ranges, and organizations to discover all reachable public-facing infrastructure.
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
Stores assets and their relationships in a structured database to track changes in attack surfaces over time.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Maps the external attack surface by discovering subdomains via passive enumeration and certificate logs.
EyeWitness es una herramienta de mapeo de infraestructura web y reconocimiento diseñada para automatizar el mapeo visual de servicios web expuestos. Funciona como un capturador de capturas de pantalla de navegador headless y una utilidad de reconocimiento HTTP que captura evidencia visual y extrae cabeceras de servidor de listas de objetivos web. El sistema identifica tecnologías de servidor y audita credenciales administrativas predeterminadas comunes para mapear la superficie de ataque externa de una organización. Genera informes de seguridad HTML buscables que combinan capturas de pantalla, código fuente de página y resultados de análisis categorizados para la evaluación de vulnerabilidades. La herramienta incluye capacidades para el reconocimiento de servidores web y el mapeo de la superficie de ataque, utilizando procesamiento de objetivos multihilo y gestión de recursos basada en buffer para manejar escaneos de alto volumen. Admite la importación de listas de objetivos desde formatos de texto y XML.
Discovers and documents internet-facing assets by capturing screenshots to identify an organization's external attack surface.
Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet
Discovers and maps all internet-facing assets to understand the full attack surface of an organization.
recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte
Automates the discovery and documentation of internet-facing assets to map an organization's digital footprint.
Learn-Web-Hacking es una guía de estudio estructurada sobre seguridad web y una base de conocimientos de pruebas de penetración. Proporciona una colección de notas de investigación centradas en identificar y explotar vulnerabilidades en aplicaciones web y protocolos de red. El proyecto incluye frameworks especializados para evaluar riesgos de seguridad en modelos de lenguaje extensos (LLM) para prevenir la inyección de prompts, así como guías para el endurecimiento (hardening) de infraestructura cloud-native, incluyendo estándares de contenedores y herramientas de orquestación. También cubre el análisis de estándares de identidad y protocolos de autenticación. El material abarca una amplia gama de capacidades de seguridad, incluyendo análisis de protocolos de red, recopilación de información para el mapeo de superficies de ataque y pruebas de penetración en redes internas que involucran movimiento lateral y persistencia. Además, detalla estrategias defensivas como arquitecturas de confianza cero (zero-trust) y detección de intrusiones.
Provides a framework for discovering and documenting internet-facing assets to identify organizational exposure.
ThreatMapper es una plataforma de protección de aplicaciones nativas de la nube y escáner de seguridad de infraestructura. Funciona como un sistema de gestión de vulnerabilidades y recolector de telemetría de cargas de trabajo en la nube diseñado para monitorear cargas de trabajo y detectar riesgos de seguridad en entornos de nube y contenedores. La plataforma se distingue por un visualizador de tráfico de red que utiliza aprendizaje automático para clasificar patrones de comunicación y un sistema de mapeo de ataques basado en grafos para identificar rutas de alto riesgo entre vulnerabilidades y dependencias de red. Sus capacidades más amplias cubren la auditoría de cumplimiento de infraestructura en la nube frente a benchmarks de seguridad, detección de amenazas en producción para malware y secretos expuestos, y la recolección de paquetes de red y telemetría de cargas de trabajo a través de sensores distribuidos. El despliegue de componentes de escaneo a través de entornos de nube, clústeres y máquinas virtuales se gestiona mediante herramientas de contenedores e infraestructura como código.
Maps security vulnerabilities and network dependencies into a visual graph to identify high-risk attack paths.
Nettacker es un framework de pruebas de penetración automatizado diseñado para orquestar el reconocimiento, escaneo de puertos y detección de vulnerabilidades. Funciona como una herramienta de reconocimiento de red y escáner de vulnerabilidades que identifica puertos abiertos, realiza fingerprinting de servicios y verifica sistemas contra bases de datos de fallos de seguridad conocidos. El framework se distingue por combinar un crawler de aplicaciones web para descubrir rutas ocultas mediante fuzzing con un sistema de gestión de vulnerabilidades que persiste los resultados del escaneo en una base de datos para rastrear evaluaciones históricas. También incluye capacidades especializadas para la enumeración de subdominios, fuerza bruta de credenciales y la capacidad de enrutar tráfico a través de proxies para anonimización. El sistema cubre una amplia superficie de capacidades de seguridad, incluyendo descubrimiento de activos de red, auditoría de servicios multi-protocolo y auditoría de configuración. Soporta escaneo multi-objetivo a través de rangos IP y bloques CIDR, y proporciona herramientas para generar informes de seguridad en múltiples formatos. El control programático está disponible a través de una interfaz basada en REST, permitiendo que el framework se integre en pipelines de seguridad y flujos de automatización.
Maps internet-facing assets and hidden subdomains to identify and document organizational exposure.