AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

• Updated Apr 8, 2024
• Python

Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.

• Updated May 10, 2025
• Python

WebStor efficiently enumerates all websites across your organization's networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

• Updated Mar 31, 2024
• Python

Site-Scanner - Web application vulnerability assessment tool.

• Updated Jul 30, 2024
• Python

Seekolver is a tool focused on attack-surface mapping. It performs searches for subdomains associated with root domains and root domains associated with organisations using open sources, additionally, it resolves these domains and subdomains in search of HTTP and HTTPS services and then filters the information obtained based on their response.

• Updated Dec 11, 2023
• Python

Command-line tool for discovering SaaS platforms a company uses via DNS enumeration

• Updated Jul 23, 2025
• Python

ssb=simple subdomain bruteforcer

• Updated Mar 10, 2023
• Python

A learning-focused yet production-structured Attack Surface Monitoring engine emphasizing clarity, scope control, and explainable risk assessment.

• Updated Dec 28, 2025
• Python

A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices.

• Updated May 26, 2025
• Python

Tool for automated scanning of the common vulnerabilities of company subdomains

• Updated Jan 10, 2026
• Python

CollectJuices is a powerful tool designed to automate the process of fetching, analyzing, and recursively processing JavaScript files to discover URLs and secrets. Leveraging the capabilities of the JSluice tool and advanced Python libraries, CollectJuices is an essential tool for cybersecurity professionals.

• Updated Aug 24, 2024
• Python

Yet another CF Enumeration tool

• Updated May 3, 2020
• Python

Attack Surface Trend & Risk Analytics

• Updated Feb 26, 2026
• Python

Brute force attack script for penetration testing on gmail accounts based on python.

• Updated Mar 14, 2023
• Python

Static is a lightweight, dependency-free typosquatting reconnaissance tool written in pure Python. It generates common typo variations of a target domain and checks them using DNS and HTTP/HTTPS heuristics to identify potentially available domains and redirect behavior.

• Updated Feb 16, 2026
• Python

Independent verification that the QR Codes displayed by the Cobo Vault to the Cobo App during pairing do not leak secrets.

• Updated Mar 21, 2021
• Python

Module for discovering the attack surface of a vulnerable program

• Updated Aug 30, 2025
• Python

Part security toolkit, part AI prompt engine, and part character-driven operating narrative

• Updated May 12, 2025
• Python

Dork Factory is a cross-platform, interactive command-line tool designed to generate high-quality Google and Yandex dorks for Passive Recon & Discovery.

• Updated Feb 17, 2026
• Python

ReqEye is a CLI assistant for HTTP request analysis, designed to help security researchers, bug bounty hunters, and pentesters identify high-value entry points worth manual testing. It does not scan targets, send traffic, or claim vulnerabilities. ReqEye focuses on where to look, not on making assumptions.

• Updated Feb 20, 2026
• Python