awesome-repositories.com
博客
awesome-repositories.com

通过 AI 驱动的搜索,发现最优秀的开源仓库。

探索精选搜索开源替代品自托管软件博客网站地图
项目关于排名机制媒体报道MCP 服务器
法律隐私政策服务条款
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

38 个仓库

Awesome GitHub RepositoriesAttack Surface Mapping

Processes for discovering and documenting internet-facing assets to identify organizational exposure.

Distinct from External Asset Trackers: Specific to security perimeter discovery rather than file or emoji asset mapping.

Explore 38 awesome GitHub repositories matching security & cryptography · Attack Surface Mapping. Refine with filters or upvote what's useful.

Awesome Attack Surface Mapping GitHub Repositories

用 AI 发现最棒的仓库。我们将通过 AI 为您搜索最匹配的仓库。
  • owasp/amassOWASP 的头像

    OWASP/Amass

    14,722在 GitHub 上查看↗

    Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint. The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships

    Discovers and documents internet-facing assets to visualize the total reachable footprint of an organization.

    Go
    在 GitHub 上查看↗14,722
  • toniblyx/prowlertoniblyx 的头像

    toniblyx/prowler

    14,005在 GitHub 上查看↗

    Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrast

    Uses a graph database to map cloud inventory and visualize potential attack paths.

    Python
    在 GitHub 上查看↗14,005
  • alfresco/prowlerAlfresco 的头像

    Alfresco/prowler

    14,005在 GitHub 上查看↗

    Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform cove

    Maps cloud inventory and findings into directed graphs to visualize potential lateral movement and attacker exploitation routes.

    Python
    在 GitHub 上查看↗14,005
  • ice3man543/subfinderIce3man543 的头像

    Ice3man543/subfinder

    13,912在 GitHub 上查看↗

    Subfinder is a passive subdomain enumeration tool and DNS discovery utility designed to identify valid subdomains and hostnames associated with a specific organization or domain. It functions as a passive reconnaissance tool, gathering information about target domains by querying online databases without sending network traffic to the target infrastructure. The tool utilizes a pluggable provider architecture to separate discovery logic into independent modules, allowing for the integration of multiple passive-source APIs. It employs a concurrent-worker request model to execute network request

    Identifies the complete range of public-facing assets for a domain to map organizational exposure.

    Go
    在 GitHub 上查看↗13,912
  • subfinder/subfindersubfinder 的头像

    subfinder/subfinder

    13,859在 GitHub 上查看↗

    Subfinder is a passive subdomain enumeration tool and DNS asset discovery utility designed for mapping the external attack surface of a domain. It functions as a passive reconnaissance framework that identifies subdomains by querying curated third-party data sources and APIs without interacting directly with the target infrastructure. The tool utilizes a modular provider interface to integrate various passive sources and employs concurrent request orchestration to manage simultaneous network queries. It includes wildcard DNS filtering to identify and remove catch-all records, ensuring the res

    Maps the external attack surface of a domain by discovering all public internet assets.

    Go
    在 GitHub 上查看↗13,859
  • chaitin/xraychaitin 的头像

    chaitin/xray

    11,612在 GitHub 上查看↗

    Xray is a security assessment tool focused on web vulnerability scanning, attack surface mapping, and technology fingerprinting. It identifies common security flaws through automated scanning and semantic analysis, while verifying findings via a custom proof-of-concept execution engine. The system distinguishes itself with a containerized vulnerability testbed used to deploy pre-configured vulnerable applications. This environment allows for the simulation of specific vulnerabilities and edge-case scenarios to validate scanner accuracy and eliminate false positives. The platform covers a bro

    Maps the web attack surface by discovering hidden paths and sensitive files through directory enumeration.

    Vuepassive-vulnerability-scannerpocsecurity
    在 GitHub 上查看↗11,612
  • aboul3la/sublist3raboul3la 的头像

    aboul3la/Sublist3r

    10,957在 GitHub 上查看↗

    Sublist3r is a subdomain enumeration tool and passive reconnaissance framework designed to discover subdomains by querying search engines and public intelligence sources. It functions as a security tool for identifying the digital footprint of a target domain. The project provides both passive enumeration through multi-source API aggregation and active discovery via a DNS brute force tool. It includes a TCP port scanner to identify active services and open ports on discovered subdomains, facilitating attack surface mapping. The tool can be used as a standalone utility or as a Python security

    Identifies accessible services and open ports across a network of subdomains to map the attack surface.

    Python
    在 GitHub 上查看↗10,957
  • bloodhoundad/bloodhoundBloodHoundAD 的头像

    BloodHoundAD/BloodHound

    10,552在 GitHub 上查看↗

    BloodHound is a graph-based security analysis tool designed to map trust relationships and attack vectors within Active Directory environments. It functions as an attack path mapper and risk assessment system that uses graph theory to identify hidden relationships and paths leading to high-privilege accounts. The tool specializes in network attack surface mapping and privilege escalation pathfinding. It quantifies security risks by measuring the reliability of attack paths to critical targets, allowing for the prioritization of vulnerability elimination. The system provides capabilities for

    Uses graph-based representations to visualize potential lateral movement routes and security vulnerabilities.

    PowerShell
    在 GitHub 上查看↗10,552
  • adaptivethreat/bloodhoundadaptivethreat 的头像

    adaptivethreat/Bloodhound

    10,552在 GitHub 上查看↗

    Bloodhound is an Active Directory attack path mapper and security auditor designed to visualize trust relationships and permission chains. It serves as an attack surface management tool that identifies paths to domain administrator and other high-privileged accounts. The project uses a graph database analyzer to map complex identity and access relationships. It quantifies the risk of privilege escalation by identifying misconfigured permissions and trust links within Windows domains. The system provides capabilities for Active Directory security analysis, identity and access auditing, and ne

    Provides graph-based visualizations of trust relationships to identify the easiest routes for system compromise.

    PowerShell
    在 GitHub 上查看↗10,552
  • veeral-patel/how-to-secure-anythingveeral-patel 的头像

    veeral-patel/how-to-secure-anything

    10,224在 GitHub 上查看↗

    This project is a comprehensive security suite and knowledge base focused on the engineering and construction of trustworthy digital and physical systems. It provides a systematic framework for security engineering design, covering the establishment of high-assurance architectures and the implementation of security models that govern how a system achieves its safety goals. The project is distinguished by its focus on formal assurance and adversarial deterrence. It includes methodologies for creating security assurance cases and proofs to verify system trustworthiness, alongside economic and t

    Provides methodologies for analyzing potential attack routes through graph-based visualization of assets and configurations.

    secure-designsecure-systemssecurity
    在 GitHub 上查看↗10,224
  • 1n3/sn1per1N3 的头像

    1N3/Sn1per

    10,049在 GitHub 上查看↗

    Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan

    Discovers and monitors internet-facing assets to identify unknown exposures and track changes in the organizational perimeter.

    Shellattack-surfaceattack-surface-managementattacksurface
    在 GitHub 上查看↗10,049
  • blacklanternsecurity/bbotblacklanternsecurity 的头像

    blacklanternsecurity/bbot

    9,929在 GitHub 上查看↗

    This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte

    Crawls DNS names, IP ranges, and organizations to discover all reachable public-facing infrastructure.

    Python
    在 GitHub 上查看↗9,929
  • yogeshojha/rengineyogeshojha 的头像

    yogeshojha/rengine

    8,472在 GitHub 上查看↗

    Rengine is an automated reconnaissance framework and vulnerability management platform designed for attack surface monitoring. It functions as a centralized hub for discovering subdomains and open ports, gathering open-source intelligence, and tracking security flaws across target networks. The system integrates large language models to analyze reconnaissance data and generate vulnerability descriptions and insights. It distinguishes itself through a plugin-based tool integration that wraps external security scanning binaries and a target mapping system that tracks changes to assets over time

    Stores assets and their relationships in a structured database to track changes in attack surfaces over time.

    HTMLbug-bountybugbountyhacking
    在 GitHub 上查看↗8,472
  • six2dez/reconftwsix2dez 的头像

    six2dez/reconftw

    7,226在 GitHub 上查看↗

    reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio

    Maps the external attack surface by discovering subdomains via passive enumeration and certificate logs.

    Shellbug-bountybugbountybugbounty-tool
    在 GitHub 上查看↗7,226
  • fortynorthsecurity/eyewitnessFortyNorthSecurity 的头像

    FortyNorthSecurity/EyeWitness

    5,753在 GitHub 上查看↗

    EyeWitness 是一个 Web 基础设施映射和侦察工具,旨在自动化暴露的 Web 服务的视觉映射。它作为一个无头浏览器截图工具和 HTTP 侦察实用程序,从 Web 目标列表中捕获视觉证据并提取服务器头信息。 该系统识别服务器技术并审计常见的默认管理凭据,以映射组织的外部攻击面。它生成可搜索的 HTML 安全报告,结合截图、页面源代码和分类分析结果,用于漏洞评估。 该工具包括 Web 服务器侦察和攻击面映射功能,利用多线程目标处理和基于缓冲区的资源管理来处理大容量扫描。它支持从文本和 XML 格式导入目标列表。

    Discovers and documents internet-facing assets by capturing screenshots to identify an organization's external attack surface.

    Python
    在 GitHub 上查看↗5,753
  • projectdiscovery/naabuprojectdiscovery 的头像

    projectdiscovery/naabu

    5,766在 GitHub 上查看↗

    Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet

    Discovers and maps all internet-facing assets to understand the full attack surface of an organization.

    Gocdn-exclusionhacktoberfestnmap
    在 GitHub 上查看↗5,766
  • lanmaster53/recon-nglanmaster53 的头像

    lanmaster53/recon-ng

    5,698在 GitHub 上查看↗

    recon-ng is an open source intelligence reconnaissance framework designed to automate the collection and aggregation of public information. It is a modular intelligence tool that utilizes a system of pluggable modules to harvest target data, resolve DNS queries, and parse web content. The framework is built as an API-driven tool with a programmatic interface to integrate with other security workflows. It is provided as a containerized application, using Docker to ensure a consistent environment for running reconnaissance tasks and managing a persistent data store. Its capabilities cover exte

    Automates the discovery and documentation of internet-facing assets to map an organization's digital footprint.

    Python
    在 GitHub 上查看↗5,698
  • lylemi/learn-web-hackingLyleMi 的头像

    LyleMi/Learn-Web-Hacking

    5,414在 GitHub 上查看↗

    Learn-Web-Hacking 是一个结构化的 Web 安全学习指南和渗透测试知识库。它提供了一系列研究笔记,专注于识别和利用 Web 应用程序及网络协议中的漏洞。 该项目包括用于评估大语言模型安全风险以防止提示词注入的专业框架,以及用于加固云原生基础设施(包括容器标准和编排工具)的指南。它还涵盖了身份标准和认证协议的分析。 这些材料涵盖了广泛的安全能力,包括网络协议分析、用于攻击面映射的信息收集,以及涉及横向移动和持久化的内部网络渗透。它还详细介绍了零信任架构和入侵检测等防御策略。

    Provides a framework for discovering and documenting internet-facing assets to identify organizational exposure.

    Pythonhackingpenetration-testingpentesting
    在 GitHub 上查看↗5,414
  • deepfence/threatmapperdeepfence 的头像

    deepfence/ThreatMapper

    5,282在 GitHub 上查看↗

    ThreatMapper 是一个云原生应用保护平台和基础设施安全扫描器。它作为一个漏洞管理系统和云工作负载遥测收集器,旨在监控工作负载并检测跨云和容器环境的安全风险。 该平台的特色在于一个网络流量可视化器,它使用机器学习来分类通信模式,以及一个基于图的攻击映射系统,用于识别漏洞与网络依赖项之间的高风险路径。 其更广泛的功能涵盖了针对安全基准的云基础设施合规性审计、针对恶意软件和暴露密钥的生产威胁检测,以及通过分布式传感器收集网络数据包和工作负载遥测。 跨云环境、集群和虚拟机的扫描组件部署通过容器工具和基础设施即代码(IaC)进行管理。

    Maps security vulnerabilities and network dependencies into a visual graph to identify high-risk attack paths.

    TypeScriptcloud-nativecloudsecuritycnapp
    在 GitHub 上查看↗5,282
  • owasp/nettackerOWASP 的头像

    OWASP/Nettacker

    5,258在 GitHub 上查看↗

    Nettacker 是一个自动化渗透测试框架,旨在编排侦察、端口扫描和漏洞检测。它作为一个网络侦察工具和漏洞扫描器,能够识别开放端口、指纹识别服务,并根据已知安全漏洞数据库检查系统。 该框架的独特之处在于结合了用于通过模糊测试发现隐藏路径的 Web 应用爬虫,以及一个将扫描结果持久化到数据库以跟踪历史评估的漏洞管理系统。它还包含子域名枚举、凭据暴力破解以及通过代理路由流量以实现匿名化的专业功能。 该系统涵盖了广泛的安全能力,包括网络资产发现、多协议服务审计和配置审计。它支持跨 IP 范围和 CIDR 块的多目标扫描,并提供多种格式的安全报告生成工具。 通过基于 REST 的接口可实现程序化控制,从而将该框架集成到安全流水线和自动化流程中。

    Maps internet-facing assets and hidden subdomains to identify and document organizational exposure.

    Pythonautomationbruteforcecve
    在 GitHub 上查看↗5,258
上一个12下一个
  1. Home
  2. Security & Cryptography
  3. Attack Surface Mapping

探索子标签

  • Android Component DiscoveryIdentifying exported Android activities, services, and content providers to map the application attack surface. **Distinct from Attack Surface Mapping:** Specifically targets Android IPC components rather than general internet-facing organizational assets.
  • Android Component MappersReporting exported activities, content providers, services, and debuggable status of an Android application. **Distinct from Attack Surface Mapping:** Distinct from Attack Surface Mapping: specifically targets Android IPC components rather than general internet-facing assets.
  • Attack Path AnalysisIdentification of potential attack routes using graph-based analysis of assets and configurations. **Distinct from Attack Surface Mapping:** Focuses on internal traversal paths between assets rather than the discovery of the external perimeter surface.
  • Attack Path VisualizationsGraph-based representations of cloud assets and vulnerabilities used to identify potential lateral movement routes. **Distinct from Attack Surface Mapping:** Focuses on the graph-based path mapping between identified vulnerabilities rather than just mapping the external surface area.
  • Cloud Attack Path AnalysisIdentification of potential attack routes using graph-based analysis of cloud assets and misconfigurations. **Distinct from Attack Surface Mapping:** Focuses on the internal traversal paths between assets rather than the external perimeter mapping.
  • Permission Chain DiscoveryIdentification of sequences of permissions that can be exploited to elevate privileges. **Distinct from Attack Path Analysis:** Distinct from Attack Path Analysis: focuses specifically on the discovery of permission-based sequences rather than general graph analysis.