Attack Surface
Attack surface management tools for discovering, monitoring, and reducing external attack vectors to minimize cybersecurity risks.
Browse 416 attack surface tools
FEATURED
RELATED TASKS
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
Domain registration and web hosting services with free features and 24/7 customer support
Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.
A tool that checks for hijackable packages in NPM and Python Pypi registries
A command-line tool that discovers and catalogs all AWS resources across an account using botocore, outputting results in JSON format.
An information gathering tool for DNS, subdomains, ports, and directories enumeration.
A Ruby-based tool that enumerates all public IPv4 and IPv6 addresses associated with an AWS account across multiple services including EC2, CloudFront, ELB, RDS, and others.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
Catch possible phishing domains in near real time by looking for suspicious TLS certificate issuances reported to the Certificate Transparency Log (CTL) via the CertStream API.
A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.
A simple web-based interface for subdomain enumeration using the subfinder tool.
Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.
FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.
A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
An easy-to-use and lightweight API wrapper for Censys APIs with support for Python 3.8+.
A multi-cloud asset enumeration tool that helps blue teams centralize and inventory assets across multiple cloud providers with minimal configuration.
ZoomEye is an advanced cyberspace search engine that provides detailed information on cyberspace assets, including server software and version information, for cybersecurity experts, researchers, and enterprises.
Python utility for testing the existence of domain names under different TLDs to find malicious subdomains.
Attack Surface Tools - FAQ
Common questions about Attack Surface tools including selection guides, pricing, and comparisons.
Attack surface management tools for discovering, monitoring, and reducing external attack vectors to minimize cybersecurity risks.
