Skip to content
/ awesome-attack-surface-management Public

A curated collection of tools, techniques, frameworks, and learning resources focused on Attack Surface Management (ASM).

License

CC0-1.0 license
28 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Escape-Technologies/awesome-attack-surface-management

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
PULL_REQUEST_TEMPLATE.md
PULL_REQUEST_TEMPLATE.md
 
 
README.md
README.md
 
 

Repository files navigation

Awesome Attack Surface Management Awesome

A curated list of tools, resources, and best practices for Attack Surface Management (ASM), External Attack Surface Management (EASM), and continuous security monitoring.

Attack Surface Management is the continuous discovery, analysis, classification, and monitoring of an organization's external-facing digital assets to identify vulnerabilities and reduce cyber risk exposure.

Contents

Reconnaissance & Discovery

Subdomain Enumeration

  • Subfinder - Fast passive subdomain enumeration tool using multiple sources.
  • Knock - Subdomain scanner with wordlist and zone transfer support.
  • Findomain - Cross-platform subdomain enumerator with monitoring capabilities.
  • chaos-client - Client to query ProjectDiscovery's Chaos dataset API.
  • Sudomy - Subdomain enumeration with analysis and reporting.
  • alterx - Subdomain wordlist generator using DSL.

DNS Discovery

  • MassDNS - High-performance DNS stub resolver for bulk lookups.
  • dnsx - Fast DNS toolkit with multiple DNS queries support.
  • dnsgen - Generate combinations and permutations of domains for DNS discovery.
  • altdns - Subdomain discovery through alterations and permutations.
  • dnsrecon - DNS enumeration script supporting multiple types of DNS records.
  • fierce - DNS reconnaissance tool for locating non-contiguous IP space.
  • shuffledns - Wrapper around massdns for DNS enumeration with active bruteforce.
  • asnmap - Quickly mapping organization network ranges using ASN information.

Certificate Transparency

  • crt.sh - Certificate search web interface for CT logs.
  • Cert-Stream - Real-time certificate transparency log monitoring.
  • CertSpotter - Certificate transparency log monitor.
  • Censys - Internet-wide scanning and certificate transparency search.

Network Scanning

  • Nmap - Network discovery and security auditing with extensive scripting capabilities.
  • Masscan - TCP port scanner capable of scanning the entire Internet.
  • RustScan - Modern port scanner with speed and automation focus.
  • Naabu - Fast port scanner written in Go with focus on reliability.
  • ZGrab2 - Fast application layer scanner for large-scale studies.
  • Shodan - Search engine for Internet-connected devices.
  • Onyphe - Cyber defense search engine for open-source intelligence gathering.
  • Katana - A next-generation crawling and spidering framework.
  • Uncover - Quickly discover exposed hosts on the internet using multiple search engines.

API Discovery

  • Goctopus - Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce.
  • httpx - Fast and multi-purpose HTTP toolkit for probing web services and API endpoints.
  • SecLists API - A wordlist of API names used for fuzzing web application APIs.

OSINT Frameworks

  • theHarvester - E-mails, subdomains, and names harvester from public sources.
  • SpiderFoot - Automated OSINT reconnaissance tool with web UI.
  • OWASP Maryam - Modular OSINT framework for web searching and information gathering.
  • Maltego - Interactive data mining tool with link analysis.

Fingerprinting & Technology Detection

Web Technology Detection

  • Wappalyzer - Technology profiler identifying CMS, frameworks, analytics tools.
  • WhatWeb - Next generation web scanner identifying technologies, versions, and more.
  • Webanalyze - Port of Wappalyzer written in Go for bulk website analysis.
  • retire.js - Scanner detecting use of JavaScript libraries with known vulnerabilities.
  • wappalyzergo - Go implementation of Wappalyzer Technology Detection Library.

Service Fingerprinting

  • Nmap NSE Scripts - Extensive scripting engine for service and version detection.
  • wafw00f - Web Application Firewall fingerprinting tool.
  • CMSeeK - CMS detection and exploitation suite.

Cloud Platform Detection

  • Cloudfinder - Detect the cloud / hosting provider of a given host.
  • CloudFlair - Tool to find origin servers of websites behind CloudFlare.
  • cloud_enum - Multi-cloud OSINT tool for finding public resources.
  • CloudMapper - Analyze AWS environments for security posture.
  • ScoutSuite - Multi-cloud security auditing tool.
  • Prowler - AWS/Azure/GCP security assessments and compliance.

Cloud Attack Surface Management

  • Cartography - Consolidates infrastructure assets and relationships in a graph.
  • Cloudsploit - Cloud security configuration scanner.
  • Pacu - AWS exploitation framework for testing security.
  • CloudSplaining - AWS IAM security assessment tool.
  • CloudCustodian - Rules engine for cloud security and governance.
  • Steampipe - Use SQL to query cloud infrastructure.
  • Cloudlist - Multi-cloud asset listing tool.

Open Source ASM Platforms

  • OWASP Amass - In-depth attack surface mapping and asset discovery using multiple techniques.
  • ArcherySec - ASOC, ASPM, DevSecOps, Vulnerability Management platform.
  • AttackSurfaceMapper - Tool that aims to automate the reconnaissance process.

Commercial ASM Platforms

  • Attaxion - Agentless EASM platform with attack surface discovery, vulnerability assessment, and continuous monitoring.
  • BitSight - Security ratings and risk monitoring platform.
  • Censys ASM - Internet intelligence platform for ASM.
  • CyCognito - External attack surface management with autonomous testing.
  • Escape ASM - Attack surface management with continuous discovery and automated security testing.
  • JupiterOne - Cyber asset attack surface management platform.
  • Qualys CSAM - CyberSecurity Asset Management platform.
  • Recon Wave - Agentless infrastructure monitoring platform with DNS dataset, port scanning, and vulnerability detection.
  • RiskIQ (Microsoft Defender EASM) - External attack surface discovery and monitoring.
  • SecurityScorecard - Security ratings and continuous monitoring.
  • Tenable.asm - External attack surface management solution.

Automation & Orchestration

  • Axiom - Dynamic infrastructure framework for distributed security testing.
  • Sn1per - Automated pentesting framework with reconnaissance capabilities.
  • ReconFTW - Automated recon wrapper for multiple tools.

Resources

Blogs & Articles

Contributing

Your contributions are always welcome! Please take a look at the contribution guidelines first.

If you have any question about this opinionated list, do not hesitate to contact us @escapetechHQ on Twitter or open an issue on GitHub.

🤝 Join our team

We believe it's time to bring more AI-driven innovation to cybersecurity, and we'd love your help in building this dream! Want to join our adventure? Check out our Careers page!

About

A curated collection of tools, techniques, frameworks, and learning resources focused on Attack Surface Management (ASM).

Topics

security awesome osint cybersecurity penetration-testing infosec awesome-list security-tools threat-intelligence reconnaissance asset-discovery attack-surfaces attack-surface-managment external-attack-surface

Resources

Readme

License

CC0-1.0 license

Contributing

Contributing
Activity
Custom properties

Stars

28 stars

Watchers

0 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published