attack-surface
There are 41 repositories under attack-surface topic.
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
1N3/Sn1per
Attack Surface Management Platform
j3ssie/osmedeus
A Workflow Engine for Offensive Security
microsoft/AttackSurfaceAnalyzer
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
projectdiscovery/uncover
Quickly discover exposed hosts on the internet using multiple search engines.
superhedgy/AttackSurfaceMapper
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
chiasmod0n/chiasmodon
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.
3nock/OTE
OSINT Template Engine
johnnyxmas/ScanCannon
A script for credentials-based attack surface enumeration and general reconnaissance of massive networks
attacksurge/awesome-attack-surface-monitoring
Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.
BishopFox/smogcloud
Find cloud assets that no one wants exposed 🔎 ☁️
lunchcat/sif
the blazing-fast pentesting suite.
RossGeerlings/webstor
WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.
1N3/AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
TalMaIka/Site-Scanner
Site-Scanner - Web application vulnerability assessment tool.
owasp-amass/amass-docker-compose
OWASP Amass Docker Compose for setting up a full instance of the infrastructure
lightspin-tech/lightspin-2022-top-7-attack-paths
Based on Lightspin proprietary data, research, and our tracking of cloud security trends in the market, our research team has compiled a list of the 2022 Top 7 Cloud Attack Paths across AWS, Azure, GCP, and Kubernetes as seen on the Lightspin Cloud Native Application Protection Platform.
Krypteria/Seekolver
Seekolver is a tool focused on attack-surface mapping. It performs searches for subdomains associated with root domains and root domains associated with organisations using open sources, additionally, it resolves these domains and subdomains in search of HTTP and HTTPS services and then filters the information obtained based on their response.
dreizehnutters/vide
Minimal web server enumeration & attack surface detection tool based on results of nmap.
spoofimei/ssb
ssb=simple subdomain bruteforcer
chiasmod0n/chiasmodon-mobile
Chiasmodon Mobile - OSINT Tool for Domain Information Gathering on Android.
melihi/Exodus-ReverseIpLookup
Reverse ip lookup tool written with go . Bing , Spyse , HackerTarget , ViewDns
krishpranav/sniff
A Simple Golang Tool That Automates OSINT For Threat Intelligence And Mapping Your Attack Surface.
srkgupta/cent-nuclei-templates
Cent Nuclei Templates generated through the cent tool. Maintained by HackerWhite.
exfil0/CVE-2024-55591-POC
A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices.
volksec/minerva
This script automates the reconnaissance and penetration testing process for a given target.
TubbyCat/droid_debloat_and_note
Android security notes, debloat guides, scripts. Rolling.
Van-1337/AutoEASM
Tool for automated scanning of the common vulnerabilities of company subdomains
reverseroom/vulecc-core
VULECC is the pioneer in Next-Generation Web Application Vulnerability Scanning technology, enabling businesses to proactively probe their web assets to identify and combat the most intricate vulnerabilities.
frite/cf-enum
Yet another CF Enumeration tool
decal/cgiaudit
:package: general-purpose, "black box" CGI auditing tool (ARCHIVE)
fnord123/CoboSyncVerifier
Independent verification that the QR Codes displayed by the Cobo Vault to the Cobo App during pairing do not leak secrets.
krishealty/tunnel-ADB
Simple ADB toolkit to penetrate Android device using Android Debug Bridge with over 35 features.
owasp-noir/noir-passive-rules
Passive Scan Rules for OWASP Noir
exfil0/collectjuices
CollectJuices is a powerful tool designed to automate the process of fetching, analyzing, and recursively processing JavaScript files to discover URLs and secrets. Leveraging the capabilities of the JSluice tool and advanced Python libraries, CollectJuices is an essential tool for cybersecurity professionals.
verdexlab/verdex
Version detection tool through feature-based analysis, fast and collaborative.