External Attack Surface Management
External attack Surface Management tools for discovering and securing internet-facing assets, domains, and exposed services.
Explore 124 curated cybersecurity tools, with 15,426 visitors searching for solutions
FEATURED
Cybercrime intelligence tools for searching compromised credentials from infostealers
Password manager with end-to-end encryption and identity protection features
VPN service providing encrypted internet connections and privacy protection
Fractional CISO services for B2B companies to build security programs
Get Featured
Feature your product and reach thousands of professionals.
RELATED TASKS
Performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
A tool for generating permutations, alterations and mutations of subdomains and resolving them
A tool for generating permutations, alterations and mutations of subdomains and resolving them
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.
A tool that checks for hijackable packages in NPM and Python Pypi registries
A tool that checks for hijackable packages in NPM and Python Pypi registries
An information gathering tool for DNS, subdomains, ports, and directories enumeration.
An information gathering tool for DNS, subdomains, ports, and directories enumeration.
A Ruby-based tool that enumerates all public IPv4 and IPv6 addresses associated with an AWS account across multiple services including EC2, CloudFront, ELB, RDS, and others.
A Ruby-based tool that enumerates all public IPv4 and IPv6 addresses associated with an AWS account across multiple services including EC2, CloudFront, ELB, RDS, and others.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.
A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.
A simple web-based interface for subdomain enumeration using the subfinder tool.
A simple web-based interface for subdomain enumeration using the subfinder tool.
FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.
FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.
A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.
A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.
A search engine for the Internet of Things (IoT) that discovers and monitors devices connected to the internet.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
Web inventory tool that captures screenshots of webpages and includes additional features for enhanced usability.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
Sublist3r is a python tool for enumerating subdomains using OSINT and various search engines.
An easy-to-use and lightweight API wrapper for Censys APIs with support for Python 3.8+.
An easy-to-use and lightweight API wrapper for Censys APIs with support for Python 3.8+.
ZoomEye is an advanced cyberspace search engine that provides detailed information on cyberspace assets, including server software and version information, for cybersecurity experts, researchers, and enterprises.
ZoomEye is an advanced cyberspace search engine that provides detailed information on cyberspace assets, including server software and version information, for cybersecurity experts, researchers, and enterprises.
Python utility for testing the existence of domain names under different TLDs to find malicious subdomains.
Python utility for testing the existence of domain names under different TLDs to find malicious subdomains.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
An automation framework that runs multiple open-source subdomain bruteforcing tools in parallel using Docker Compose and custom wordlists.
Amass is an open-source OWASP tool for comprehensive attack surface mapping and asset discovery through domain reconnaissance and subdomain enumeration.
Amass is an open-source OWASP tool for comprehensive attack surface mapping and asset discovery through domain reconnaissance and subdomain enumeration.
SecurityTrails API provides access to a vast repository of historical DNS lookups, WHOIS records, hostnames, and domains for cyber forensics and investigations.
SecurityTrails API provides access to a vast repository of historical DNS lookups, WHOIS records, hostnames, and domains for cyber forensics and investigations.
External Attack Surface Management Tools - FAQ
Common questions about External Attack Surface Management tools including selection guides, pricing, and comparisons.
External attack Surface Management tools for discovering and securing internet-facing assets, domains, and exposed services.
