38 个仓库
Processes for discovering and documenting internet-facing assets to identify organizational exposure.
Distinct from External Asset Trackers: Specific to security perimeter discovery rather than file or emoji asset mapping.
Explore 38 awesome GitHub repositories matching security & cryptography · Attack Surface Mapping. Refine with filters or upvote what's useful.
Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships
Discovers and documents internet-facing assets to visualize the total reachable footprint of an organization.
Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast
Uses a graph database to map cloud inventory and visualize potential attack paths.
Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove
Maps cloud inventory and findings into directed graphs to visualize potential lateral movement and attacker exploitation routes.
Subfinder is a passive subdomain enumeration tool and DNS discovery utility designed to identify valid subdomains and hostnames associated with a specific organization or domain. It functions as a passive reconnaissance tool, gathering information about target domains by querying online databases without sending network traffic to the target infrastructure. The tool utilizes a pluggable provider architecture to separate discovery logic into independent modules, allowing for the integration of multiple passive-source APIs. It employs a concurrent-worker request model to execute network request
Identifies the complete range of public-facing assets for a domain to map organizational exposure.
Subfinder is a passive subdomain enumeration tool and DNS asset discovery utility designed for mapping the external attack surface of a domain. It functions as a passive reconnaissance framework that identifies subdomains by querying curated third-party data sources and APIs without interacting directly with the target infrastructure. The tool utilizes a modular provider interface to integrate various passive sources and employs concurrent request orchestration to manage simultaneous network queries. It includes wildcard DNS filtering to identify and remove catch-all records, ensuring the res
Maps the external attack surface of a domain by discovering all public internet assets.
Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a bro
Maps the web attack surface by discovering hidden paths and sensitive files through directory enumeration.
Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security
Identifies accessible services and open ports across a network of subdomains to map the attack surface.
BloodHound is a graph-based security analysis tool designed to map trust relationships and attack vectors within Active Directory environments. It functions as an attack path mapper and risk assessment system that uses graph theory to identify hidden relationships and paths leading to high-privilege accounts. The tool specializes in network attack surface mapping and privilege escalation pathfinding. It quantifies security risks by measuring the reliability of attack paths to critical targets, allowing for the prioritization of vulnerability elimination. The system provides capabilities for
Uses graph-based representations to visualize potential lateral movement routes and security vulnerabilities.
Bloodhound is an Active Directory attack path mapper and security auditor designed to visualize trust relationships and permission chains. It serves as an attack surface management tool that identifies paths to domain administrator and other high-privileged accounts. The project uses a graph database analyzer to map complex identity and access relationships. It quantifies the risk of privilege escalation by identifying misconfigured permissions and trust links within Windows domains. The system provides capabilities for Active Directory security analysis, identity and access auditing, and ne
Provides graph-based visualizations of trust relationships to identify the easiest routes for system compromise.
This project is a comprehensive security suite and knowledge base focused on the engineering and construction of trustworthy digital and physical systems. It provides a systematic framework for security engineering design, covering the establishment of high-assurance architectures and the implementation of security models that govern how a system achieves its safety goals. The project is distinguished by its focus on formal assurance and adversarial deterrence. It includes methodologies for creating security assurance cases and proofs to verify system trustworthiness, alongside economic and t
Provides methodologies for analyzing potential attack routes through graph-based visualization of assets and configurations.
Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan
Discovers and monitors internet-facing assets to identify unknown exposures and track changes in the organizational perimeter.
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
Crawls DNS names, IP ranges, and organizations to discover all reachable public-facing infrastructure.
Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time
Stores assets and their relationships in a structured database to track changes in attack surfaces over time.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Maps the external attack surface by discovering subdomains via passive enumeration and certificate logs.
EyeWitness 是一个 Web 基础设施映射和侦察工具,旨在自动化暴露的 Web 服务的视觉映射。它作为一个无头浏览器截图工具和 HTTP 侦察实用程序,从 Web 目标列表中捕获视觉证据并提取服务器头信息。 该系统识别服务器技术并审计常见的默认管理凭据,以映射组织的外部攻击面。它生成可搜索的 HTML 安全报告,结合截图、页面源代码和分类分析结果,用于漏洞评估。 该工具包括 Web 服务器侦察和攻击面映射功能,利用多线程目标处理和基于缓冲区的资源管理来处理大容量扫描。它支持从文本和 XML 格式导入目标列表。
Discovers and documents internet-facing assets by capturing screenshots to identify an organization's external attack surface.
Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet
Discovers and maps all internet-facing assets to understand the full attack surface of an organization.
recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte
Automates the discovery and documentation of internet-facing assets to map an organization's digital footprint.
Learn-Web-Hacking 是一个结构化的 Web 安全学习指南和渗透测试知识库。它提供了一系列研究笔记,专注于识别和利用 Web 应用程序及网络协议中的漏洞。 该项目包括用于评估大语言模型安全风险以防止提示词注入的专业框架,以及用于加固云原生基础设施(包括容器标准和编排工具)的指南。它还涵盖了身份标准和认证协议的分析。 这些材料涵盖了广泛的安全能力,包括网络协议分析、用于攻击面映射的信息收集,以及涉及横向移动和持久化的内部网络渗透。它还详细介绍了零信任架构和入侵检测等防御策略。
Provides a framework for discovering and documenting internet-facing assets to identify organizational exposure.
ThreatMapper 是一个云原生应用保护平台和基础设施安全扫描器。它作为一个漏洞管理系统和云工作负载遥测收集器,旨在监控工作负载并检测跨云和容器环境的安全风险。 该平台的特色在于一个网络流量可视化器,它使用机器学习来分类通信模式,以及一个基于图的攻击映射系统,用于识别漏洞与网络依赖项之间的高风险路径。 其更广泛的功能涵盖了针对安全基准的云基础设施合规性审计、针对恶意软件和暴露密钥的生产威胁检测,以及通过分布式传感器收集网络数据包和工作负载遥测。 跨云环境、集群和虚拟机的扫描组件部署通过容器工具和基础设施即代码(IaC)进行管理。
Maps security vulnerabilities and network dependencies into a visual graph to identify high-risk attack paths.
Nettacker 是一个自动化渗透测试框架,旨在编排侦察、端口扫描和漏洞检测。它作为一个网络侦察工具和漏洞扫描器,能够识别开放端口、指纹识别服务,并根据已知安全漏洞数据库检查系统。 该框架的独特之处在于结合了用于通过模糊测试发现隐藏路径的 Web 应用爬虫,以及一个将扫描结果持久化到数据库以跟踪历史评估的漏洞管理系统。它还包含子域名枚举、凭据暴力破解以及通过代理路由流量以实现匿名化的专业功能。 该系统涵盖了广泛的安全能力,包括网络资产发现、多协议服务审计和配置审计。它支持跨 IP 范围和 CIDR 块的多目标扫描,并提供多种格式的安全报告生成工具。 通过基于 REST 的接口可实现程序化控制,从而将该框架集成到安全流水线和自动化流程中。
Maps internet-facing assets and hidden subdomains to identify and document organizational exposure.