AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
-
Updated
Apr 8, 2024 - Python
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.
WebStor efficiently enumerates all websites across your organization's networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.
Site-Scanner - Web application vulnerability assessment tool.
Seekolver is a tool focused on attack-surface mapping. It performs searches for subdomains associated with root domains and root domains associated with organisations using open sources, additionally, it resolves these domains and subdomains in search of HTTP and HTTPS services and then filters the information obtained based on their response.
Command-line tool for discovering SaaS platforms a company uses via DNS enumeration
ssb=simple subdomain bruteforcer
A learning-focused yet production-structured Attack Surface Monitoring engine emphasizing clarity, scope control, and explainable risk assessment.
A comprehensive all-in-one Python-based Proof of Concept script to discover and exploit a critical authentication bypass vulnerability (CVE-2024-55591) in certain Fortinet devices.
Tool for automated scanning of the common vulnerabilities of company subdomains
CollectJuices is a powerful tool designed to automate the process of fetching, analyzing, and recursively processing JavaScript files to discover URLs and secrets. Leveraging the capabilities of the JSluice tool and advanced Python libraries, CollectJuices is an essential tool for cybersecurity professionals.
Yet another CF Enumeration tool
Brute force attack script for penetration testing on gmail accounts based on python.
Static is a lightweight, dependency-free typosquatting reconnaissance tool written in pure Python. It generates common typo variations of a target domain and checks them using DNS and HTTP/HTTPS heuristics to identify potentially available domains and redirect behavior.
Independent verification that the QR Codes displayed by the Cobo Vault to the Cobo App during pairing do not leak secrets.
Module for discovering the attack surface of a vulnerable program
Part security toolkit, part AI prompt engine, and part character-driven operating narrative
Dork Factory is a cross-platform, interactive command-line tool designed to generate high-quality Google and Yandex dorks for Passive Recon & Discovery.
ReqEye is a CLI assistant for HTTP request analysis, designed to help security researchers, bug bounty hunters, and pentesters identify high-value entry points worth manual testing. It does not scan targets, send traffic, or claim vulnerabilities. ReqEye focuses on where to look, not on making assumptions.
Add a description, image, and links to the attack-surface topic page so that developers can more easily learn about it.
To associate your repository with the attack-surface topic, visit your repo's landing page and select "manage topics."