38 dépôts
Processes for discovering and documenting internet-facing assets to identify organizational exposure.
Distinct from External Asset Trackers: Specific to security perimeter discovery rather than file or emoji asset mapping.
Explore 38 awesome GitHub repositories matching security & cryptography · Attack Surface Mapping. Refine with filters or upvote what's useful.
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
Discovers and documents internet-facing assets to visualize the total reachable footprint of an organization.
Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove
Maps cloud inventory and findings into directed graphs to visualize potential lateral movement and attacker exploitation routes.
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Uses a graph database to map cloud inventory and visualize potential attack paths.
Subfinder is a passive subdomain enumeration tool and DNS discovery utility designed to identify valid subdomains and hostnames associated with a specific organization or domain. It functions as a passive reconnaissance tool, gathering information about target domains by querying online databases without sending network traffic to the target infrastructure. The tool utilizes a pluggable provider architecture to separate discovery logic into independent modules, allowing for the integration of multiple passive-source APIs. It employs a concurrent-worker request model to execute network request
Identifies the complete range of public-facing assets for a domain to map organizational exposure.
Subfinder is a passive subdomain enumeration tool and DNS asset discovery utility designed for mapping the external attack surface of a domain. It functions as a passive reconnaissance framework that identifies subdomains by querying curated third-party data sources and APIs without interacting directly with the target infrastructure. The tool utilizes a modular provider interface to integrate various passive sources and employs concurrent request orchestration to manage simultaneous network queries. It includes wildcard DNS filtering to identify and remove catch-all records, ensuring the res
Maps the external attack surface of a domain by discovering all public internet assets.
Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a bro
Maps the web attack surface by discovering hidden paths and sensitive files through directory enumeration.
Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security
Identifies accessible services and open ports across a network of subdomains to map the attack surface.
BloodHound is a graph-based security analysis tool designed to map trust relationships and attack vectors within Active Directory environments. It functions as an attack path mapper and risk assessment system that uses graph theory to identify hidden relationships and paths leading to high-privilege accounts. The tool specializes in network attack surface mapping and privilege escalation pathfinding. It quantifies security risks by measuring the reliability of attack paths to critical targets, allowing for the prioritization of vulnerability elimination. The system provides capabilities for
Uses graph-based representations to visualize potential lateral movement routes and security vulnerabilities.
Bloodhound is an Active Directory attack path mapper and security auditor designed to visualize trust relationships and permission chains. It serves as an attack surface management tool that identifies paths to domain administrator and other high-privileged accounts. The project uses a graph database analyzer to map complex identity and access relationships. It quantifies the risk of privilege escalation by identifying misconfigured permissions and trust links within Windows domains. The system provides capabilities for Active Directory security analysis, identity and access auditing, and ne
Provides graph-based visualizations of trust relationships to identify the easiest routes for system compromise.
This project is a comprehensive security suite and knowledge base focused on the engineering and construction of trustworthy digital and physical systems. It provides a systematic framework for security engineering design, covering the establishment of high-assurance architectures and the implementation of security models that govern how a system achieves its safety goals. The project is distinguished by its focus on formal assurance and adversarial deterrence. It includes methodologies for creating security assurance cases and proofs to verify system trustworthiness, alongside economic and t
Provides methodologies for analyzing potential attack routes through graph-based visualization of assets and configurations.
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Discovers and monitors internet-facing assets to identify unknown exposures and track changes in the organizational perimeter.
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
Crawls DNS names, IP ranges, and organizations to discover all reachable public-facing infrastructure.
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
Stores assets and their relationships in a structured database to track changes in attack surfaces over time.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Maps the external attack surface by discovering subdomains via passive enumeration and certificate logs.
EyeWitness est un outil de mappage d'infrastructure web et de reconnaissance conçu pour automatiser le mappage visuel des services web exposés. Il fonctionne comme un outil de capture d'écran de navigateur headless et un utilitaire de reconnaissance HTTP qui capture des preuves visuelles et extrait les en-têtes de serveur à partir de listes de cibles web. Le système identifie les technologies de serveur et audite les identifiants administratifs par défaut courants pour mapper la surface d'attaque externe d'une organisation. Il génère des rapports de sécurité HTML consultables qui combinent des captures d'écran, le code source de la page et des résultats d'analyse classés pour l'évaluation des vulnérabilités. L'outil inclut des fonctionnalités pour la reconnaissance de serveur web et le mappage de surface d'attaque, utilisant un traitement de cible multithreadé et une gestion des ressources basée sur tampon pour gérer le scan à haut volume. Il prend en charge l'importation de listes de cibles à partir de formats texte et XML.
Discovers and documents internet-facing assets by capturing screenshots to identify an organization's external attack surface.
Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet
Discovers and maps all internet-facing assets to understand the full attack surface of an organization.
recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte
Automates the discovery and documentation of internet-facing assets to map an organization's digital footprint.
Learn-Web-Hacking est un guide d'étude structuré sur la sécurité web et une base de connaissances en tests d'intrusion. Il propose une collection de notes de recherche axées sur l'identification et l'exploitation de vulnérabilités dans les applications web et les protocoles réseau. Le projet inclut des frameworks spécialisés pour évaluer les risques de sécurité dans les grands modèles de langage (LLM) afin de prévenir les injections de prompts, ainsi que des guides pour durcir l'infrastructure cloud-native, incluant les standards de conteneurs et les outils d'orchestration. Il couvre également l'analyse des standards d'identité et des protocoles d'authentification. Le matériel couvre un large éventail de capacités de sécurité, incluant l'analyse de protocoles réseau, la collecte d'informations pour la cartographie de la surface d'attaque, et les tests d'intrusion sur réseaux internes impliquant des mouvements latéraux et la persistance. Il détaille en outre des stratégies défensives telles que les architectures zero-trust et la détection d'intrusion.
Provides a framework for discovering and documenting internet-facing assets to identify organizational exposure.
ThreatMapper est une plateforme de protection d'applications cloud-native et un scanner de sécurité d'infrastructure. Il fonctionne comme un système de gestion des vulnérabilités et un collecteur de télémétrie de charge de travail cloud conçu pour surveiller les charges de travail et détecter les risques de sécurité à travers les environnements cloud et conteneurisés. La plateforme se distingue par un visualiseur de trafic réseau qui utilise l'apprentissage automatique pour classer les modèles de communication et un système de mappage d'attaques basé sur des graphes pour identifier les chemins à haut risque entre les vulnérabilités et les dépendances réseau. Ses capacités plus larges couvrent l'audit de conformité de l'infrastructure cloud par rapport aux benchmarks de sécurité, la détection des menaces en production pour les logiciels malveillants et les secrets exposés, et la collecte de paquets réseau et de télémétrie de charge de travail via des capteurs distribués. Le déploiement des composants de scan à travers les environnements cloud, les clusters et les machines virtuelles est géré via des outils de conteneurs et l'infrastructure en tant que code.
Maps security vulnerabilities and network dependencies into a visual graph to identify high-risk attack paths.
Nettacker est un framework de test d'intrusion automatisé conçu pour orchestrer la reconnaissance, le scan de ports et la détection de vulnérabilités. Il fonctionne comme un outil de reconnaissance réseau et un scanner de vulnérabilités qui identifie les ports ouverts, empreinte les services et vérifie les systèmes par rapport à des bases de données de failles de sécurité connues. Le framework se distingue en combinant un crawler d'applications web pour découvrir des chemins cachés via le fuzzing, avec un système de gestion des vulnérabilités qui persiste les résultats des scans dans une base de données pour suivre les évaluations historiques. Il inclut également des capacités spécialisées pour l'énumération de sous-domaines, le brute forcing d'identifiants et la possibilité d'acheminer le trafic via des proxys pour l'anonymisation. Le système couvre une large surface de capacités de sécurité, incluant la découverte d'actifs réseau, l'audit de services multi-protocoles et l'audit de configuration. Il prend en charge le scan multi-cibles sur des plages IP et des blocs CIDR, et fournit des outils pour générer des rapports de sécurité dans plusieurs formats. Un contrôle programmatique est disponible via une interface REST, permettant au framework d'être intégré dans des pipelines de sécurité et des flux d'automatisation.
Maps internet-facing assets and hidden subdomains to identify and document organizational exposure.