awesome-repositories.com
ब्लॉग
awesome-repositories.com

AI-संचालित खोज के साथ बेहतरीन ओपन-सोर्स रिपॉजिटरी खोजें।

एक्सप्लोर करेंक्यूरेटेड खोजेंओपन-सोर्स विकल्पसेल्फ-होस्टेड सॉफ्टवेयरब्लॉगसाइटमैप
प्रोजेक्टहमारे बारे मेंहम रैंकिंग कैसे करते हैंप्रेसMCP सर्वर
कानूनीगोपनीयताशर्तें
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

33 रिपॉजिटरी

Awesome GitHub RepositoriesAttack Surface Analysis

Mapping and minimizing exposed interfaces to reduce exploitation risk.

Distinguishing note: Focuses on surface area reduction, distinct from vulnerability scanning.

Explore 33 awesome GitHub repositories matching security & cryptography · Attack Surface Analysis. Refine with filters or upvote what's useful.

Awesome Attack Surface Analysis GitHub Repositories

AI के साथ बेहतरीन रिपॉजिटरी खोजें।हम AI का उपयोग करके सबसे सटीक रिपॉजिटरी खोजेंगे।
  • owasp/cheatsheetseriesOWASP का अवतार

    OWASP/CheatSheetSeries

    32,298GitHub पर देखें↗

    The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral

    Maps entry points and exposed interfaces to identify potential vulnerabilities.

    Pythonapplication-securityappsecbest-practices
    GitHub पर देखें↗32,298
  • imthenachoman/how-to-secure-a-linux-serverimthenachoman का अवतार

    imthenachoman/How-To-Secure-A-Linux-Server

    27,786GitHub पर देखें↗

    This project is a Linux server security guide and system administration manual designed to harden the operating system and kernel. It functions as an OS hardening checklist and a collection of instructions for reducing the server attack surface to protect against intruders. The guide covers the establishment of a server security baseline and the reduction of the network attack surface. It provides practical guidance for managing system permissions and network configurations to maintain a secure environment. The content is organized as a series of step-by-step procedural layouts and topic-cat

    Guides the reduction of the network attack surface via firewall settings and server parameter configuration.

    cc-by-sahardeninghardening-steps
    GitHub पर देखें↗27,786
  • langchain-ai/deepagentslangchain-ai का अवतार

    langchain-ai/deepagents

    25,006GitHub पर देखें↗

    Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations agai

    Reduces the system attack surface by disabling specific groups of built-in HTTP routes.

    Pythonagentsdeepagentslangchain
    GitHub पर देखें↗25,006
  • googlecloudplatform/distrolessGoogleCloudPlatform का अवतार

    GoogleCloudPlatform/distroless

    22,774GitHub पर देखें↗

    Distroless provides a set of OCI-compliant minimal base images and hardening tools designed to create secure, language-specific execution environments. These images are stripped of non-essential system binaries, shells, and package managers to reduce the container attack surface. The project utilizes upstream-tracked automated patching to monitor operating system releases and generate updated images when security vulnerabilities are addressed. It ensures supply chain integrity through image provenance verification using ephemeral-key digital signatures. The system supports the generation of

    Limits security exploit vectors by removing shells, package managers, and unnecessary binaries from images.

    Starlark
    GitHub पर देखें↗22,774
  • drduh/macos-security-and-privacy-guidedrduh का अवतार

    drduh/macOS-Security-and-Privacy-Guide

    22,449GitHub पर देखें↗

    This project is a security hardening guide and privacy configuration manual for macOS. It provides a comprehensive set of instructions for configuring system settings to improve privacy, reduce the attack surface, and implement a malware defense framework. The guide covers technical methods for validating software notarization, verifying application sandboxing, and auditing system activity. It distinguishes itself by providing detailed workflows for restricting high-risk features and applying advanced security configurations to protect the operating system. The documentation covers several k

    Provides methods to disable specific operating system features to minimize the available attack surface.

    appledisk-encryptiondnscrypt-proxy
    GitHub पर देखें↗22,449
  • drduh/os-x-security-and-privacy-guidedrduh का अवतार

    drduh/OS-X-Security-and-Privacy-Guide

    22,444GitHub पर देखें↗

    This project is a comprehensive security hardening and privacy management guide for macOS. It provides a set of instructions and checklists for reducing the system attack surface through manual configuration, policy enforcement, and a layered defense strategy. The guide emphasizes a system auditing framework, using binary analysis, system logs, and packet inspection to verify that security controls and application sandboxing are functioning as intended. It offers tool-agnostic recommendations, defining security goals while allowing users to select their own third-party software for implementa

    Focuses on minimizing exposed interfaces and disabling risky features to reduce the attack surface.

    GitHub पर देखें↗22,444
  • voltagent/awesome-claude-code-subagentsVoltAgent का अवतार

    VoltAgent/awesome-claude-code-subagents

    21,906GitHub पर देखें↗

    This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven

    Detects credential theft vectors and service vulnerabilities to provide prioritized remediation paths.

    Shellai-agent-frameworkai-agent-toolsai-agents
    GitHub पर देखें↗21,906
  • usestrix/strixusestrix का अवतार

    usestrix/strix

    20,138GitHub पर देखें↗

    Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno

    Maps application structures and identifies potential entry points to assess the infrastructure attack surface.

    Pythonagentsartificial-intelligencecybersecurity
    GitHub पर देखें↗20,138
  • google/gvisorgoogle का अवतार

    google/gvisor

    17,748GitHub पर देखें↗

    This project is a secure container runtime that provides strong isolation for application workloads by implementing a userspace kernel. By intercepting system calls and executing them within a memory-safe, restricted environment, it minimizes the attack surface exposed to the host kernel. It functions as a drop-in engine for standard container orchestration platforms, ensuring compatibility with industry-standard runtime specifications while maintaining a hardened execution boundary. The runtime distinguishes itself through its ability to virtualize core system resources, including an indepen

    Minimizes the host kernel attack surface by restricting the available system call interface to a strictly controlled and enumerated set.

    Gocontainersdockerkernel
    GitHub पर देखें↗17,748
  • toniblyx/prowlertoniblyx का अवतार

    toniblyx/prowler

    14,005GitHub पर देखें↗

    Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast

    Maps cloud inventory into a graph database to visualize potential movement paths for attackers.

    Python
    GitHub पर देखें↗14,005
  • prowler-cloud/prowlerprowler-cloud का अवतार

    prowler-cloud/prowler

    13,049GitHub पर देखें↗

    Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity. The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of conf

    Uses graph analysis to identify chains of misconfigurations that create exploitable routes for unauthorized access.

    Pythonawsazurecis-benchmark
    GitHub पर देखें↗13,049
  • arkenfox/user.jsarkenfox का अवतार

    arkenfox/user.js

    12,637GitHub पर देखें↗

    This project provides a comprehensive configuration template designed to harden the Firefox browser. By modifying internal preference settings, it enforces a standardized security posture that minimizes telemetry, reduces digital fingerprinting, and limits the exposure of unique data to external web services. The configuration operates through local preference injection, where users manually integrate a static text file into their browser profile directory. This approach maintains a decoupled security policy that functions entirely offline, ensuring that privacy protections remain under local

    Reduces the browser's attack surface by restricting functionality and telemetry reporting.

    JavaScriptanti-fingerprintinganti-trackingarkenfox
    GitHub पर देखें↗12,637
  • siderolabs/talossiderolabs का अवतार

    siderolabs/talos

    10,659GitHub पर देखें↗

    Talos is a minimal, immutable Linux distribution designed specifically for deploying and managing Kubernetes clusters. It functions as an API-driven infrastructure manager that replaces traditional shell access with a declarative gRPC interface to control operating system state and configuration. The system is distinguished by its use of a read-only root filesystem and a security-hardened kernel, which removes standard GNU utilities to reduce the attack surface. It ensures environment consistency by distributing the operating system as versioned, signed images and utilizes TPM-backed verified

    Reduces the system attack surface by removing shells and GNU utilities from the OS image.

    Gocloud-nativecontainerdgo
    GitHub पर देखें↗10,659
  • adaptivethreat/bloodhoundadaptivethreat का अवतार

    adaptivethreat/Bloodhound

    10,552GitHub पर देखें↗

    Bloodhound is an Active Directory attack path mapper and security auditor designed to visualize trust relationships and permission chains. It serves as an attack surface management tool that identifies paths to domain administrator and other high-privileged accounts. The project uses a graph database analyzer to map complex identity and access relationships. It quantifies the risk of privilege escalation by identifying misconfigured permissions and trust links within Windows domains. The system provides capabilities for Active Directory security analysis, identity and access auditing, and ne

    Visualizes the sequence of steps an attacker could take to escalate privileges and compromise a target system.

    PowerShell
    GitHub पर देखें↗10,552
  • veeral-patel/how-to-secure-anythingveeral-patel का अवतार

    veeral-patel/how-to-secure-anything

    10,224GitHub पर देखें↗

    This project is a comprehensive security suite and knowledge base focused on the engineering and construction of trustworthy digital and physical systems. It provides a systematic framework for security engineering design, covering the establishment of high-assurance architectures and the implementation of security models that govern how a system achieves its safety goals. The project is distinguished by its focus on formal assurance and adversarial deterrence. It includes methodologies for creating security assurance cases and proofs to verify system trustworthiness, alongside economic and t

    Provides a structured approach to mapping and minimizing exposed interfaces to reduce exploitation risk.

    secure-designsecure-systemssecurity
    GitHub पर देखें↗10,224
  • wpscanteam/wpscanwpscanteam का अवतार

    wpscanteam/wpscan

    9,636GitHub पर देखें↗

    WPScan is a security analysis utility and vulnerability scanner designed specifically for auditing WordPress installations and other content management systems. It functions as a web application security tool that identifies misconfigurations, outdated software, and security holes in core installations, plugins, and themes. The tool employs black-box scanning techniques to perform site component enumeration, identifying users, themes, and plugins by matching known file paths and response signatures. It matches these detected components against a database of known security flaws to analyze the

    Maps the total attack surface by discovering installed plugins, themes, and user accounts.

    Ruby
    GitHub पर देखें↗9,636
  • kata-containers/kata-containerskata-containers का अवतार

    kata-containers/kata-containers

    8,106GitHub पर देखें↗

    Kata Containers is an OCI container runtime that launches containers inside lightweight virtual machines to combine hardware-level isolation with container operational speed. It functions as a hardware-isolated container engine and lightweight VM hypervisor, providing a virtual machine monitor interface that abstracts multiple hypervisors to optimize for performance or specific hardware emulation. The project distinguishes itself through a confidential computing runtime that leverages hardware-backed trusted execution environments, such as Intel TDX and AMD SEV-SNP, to protect data in use. It

    Restricts the available system call interface within the guest environment to reduce the attack surface.

    Rustacrncontainerscri
    GitHub पर देखें↗8,106
  • projectatomic/bubblewrapprojectatomic का अवतार

    projectatomic/bubblewrap

    7,731GitHub पर देखें↗

    Bubblewrap is an unprivileged sandbox execution utility for Linux that isolates processes from the host system. It creates secure environments by leveraging Linux namespaces to separate system resources, including network, PID, and IPC stacks. The project distinguishes itself by enabling the execution of untrusted software without requiring root privileges on the host machine. It prevents privilege escalation by disabling the execution of setuid binaries and uses user identity mapping to isolate process permissions from the host operating system. The tool manages a comprehensive security sur

    Reduces the kernel attack surface by restricting the available host system call interface using seccomp.

    C
    GitHub पर देखें↗7,731
  • guardicore/monkeyguardicore का अवतार

    guardicore/monkey

    7,014GitHub पर देखें↗

    Monkey is an adversary emulation platform and breach and attack simulation tool designed to test network defenses through automated lateral movement and exploit delivery. It functions as a network security testing system that evaluates security posture by attempting to propagate through vulnerabilities and extract sensitive system credentials. The platform distinguishes itself by simulating specific real-world attacker behaviors, such as ransomware encryption, cryptojacking, and the theft of browser-stored credentials and secure shell keys. It utilizes binary hash randomization to evade antiv

    Tracks simulation progress and reports agent activities through a command server to provide empirical security data.

    Python
    GitHub पर देखें↗7,014
  • netblue30/firejailnetblue30 का अवतार

    netblue30/firejail

    7,069GitHub पर देखें↗

    Firejail is a Linux application sandbox and kernel security wrapper that isolates untrusted applications from the host system. It uses kernel namespaces and seccomp filters to restrict filesystem access, drop kernel capabilities, and limit the system attack surface. The project is distinguished by its use of predefined security profiles to automatically apply filesystem restrictions and syscall limits based on the executable being launched. It provides specialized isolation for portable packages such as AppImages and implements X11 display isolation via proxy servers to prevent keyboard loggi

    Reduces the kernel attack surface by restricting the available system call interface to a controlled set.

    C
    GitHub पर देखें↗7,069
पिछला12अगला
  1. Home
  2. Security & Cryptography
  3. Attack Surface Analysis

सब-टैग एक्सप्लोर करें

  • Attack Path Visualizations1 सब-टैगGraph-based representations of potential attacker movement through cloud inventory and vulnerabilities. **Distinct from Attack Surface Analysis:** Focuses on the visualization of paths between assets rather than just mapping the exposed surface area.
  • Attack Surface PartitioningDividing a codebase into distinct target areas to prevent AI agent convergence and ensure broad coverage during discovery. **Distinct from Attack Surface Analysis:** Focuses on dividing the source tree into target zones for agents, whereas Attack Surface Analysis is about mapping and reducing overall exposure.
  • Container Surface ReductionThe process of minimizing the attack surface of a container by removing unnecessary binaries and tools. **Distinct from Attack Surface Analysis:** Distinct from general Attack Surface Analysis as it focuses on the concrete removal of components from the image.
  • Deep Enumeration StrategiesDiscovers deep subdomains, comprehensive ports, and aggressive web crawl results for maximum coverage on large-scope targets. **Distinct from Attack Surface Analysis:** Distinct from Attack Surface Analysis: focuses on aggressive, deep enumeration techniques for maximum coverage, not general surface area reduction.
  • System Call Surface MinimizersSecurity mechanisms that restrict the available host system call interface to a strictly controlled and enumerated set. **Distinct from Attack Surface Analysis:** Distinct from general attack surface analysis: focuses specifically on the reduction of the kernel system call interface.