Attack Surface
Explore 49 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
Pentera Surface is an external attack surface management platform that continuously maps, monitors, and validates web-facing assets through automated reconnaissance and safe exploitation testing.
Pentera Surface is an external attack surface management platform that continuously maps, monitors, and validates web-facing assets through automated reconnaissance and safe exploitation testing.
A comprehensive threat intelligence platform that monitors cybercrime underground activities and provides actionable intelligence to help organizations detect and prevent cyber threats.
A comprehensive threat intelligence platform that monitors cybercrime underground activities and provides actionable intelligence to help organizations detect and prevent cyber threats.
A comprehensive external cybersecurity platform that combines AI and human expertise to detect, analyze, and remediate threats outside the traditional security perimeter including brand impersonation, data leakage, and digital asset exposure.
A comprehensive external cybersecurity platform that combines AI and human expertise to detect, analyze, and remediate threats outside the traditional security perimeter including brand impersonation, data leakage, and digital asset exposure.
A digital risk monitoring platform that provides automated security posture assessment, threat intelligence, and continuous monitoring of enterprise digital assets across multiple risk vectors.
A digital risk monitoring platform that provides automated security posture assessment, threat intelligence, and continuous monitoring of enterprise digital assets across multiple risk vectors.
Darkscope is an AI-powered threat intelligence platform that uses virtual personas to monitor the dark web, social media, and deep web for cyber threats and security risks targeting organizations.
Darkscope is an AI-powered threat intelligence platform that uses virtual personas to monitor the dark web, social media, and deep web for cyber threats and security risks targeting organizations.
GroupSense Digital Risk Protection Services provides curated threat intelligence and attack surface monitoring through their Tracelight platform to help organizations prioritize and mitigate cyber threats.
GroupSense Digital Risk Protection Services provides curated threat intelligence and attack surface monitoring through their Tracelight platform to help organizations prioritize and mitigate cyber threats.
FortiRecon is a SaaS-based Continuous Threat Exposure Management service that combines Attack Surface Management, Brand Protection, and Adversary Centric Intelligence to provide visibility into internal and external risks for early threat detection and response.
FortiRecon is a SaaS-based Continuous Threat Exposure Management service that combines Attack Surface Management, Brand Protection, and Adversary Centric Intelligence to provide visibility into internal and external risks for early threat detection and response.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
A comprehensive Continuous Threat Exposure Management platform that combines AI-driven vulnerability assessment, penetration testing, and attack surface management to help organizations discover, prioritize, and remediate security vulnerabilities.
A vendor risk management platform that automates assessment, continuously monitors attack surfaces, and correlates security data to verify third-party vendor security postures.
A vendor risk management platform that automates assessment, continuously monitors attack surfaces, and correlates security data to verify third-party vendor security postures.
A digital risk protection platform that combines threat intelligence, dark web monitoring, attack surface management, brand protection, and supply chain intelligence to detect and respond to external cyber threats.
A digital risk protection platform that combines threat intelligence, dark web monitoring, attack surface management, brand protection, and supply chain intelligence to detect and respond to external cyber threats.
Strobes Security Consulting Services provides an integrated cybersecurity platform that combines attack surface management, penetration testing, vulnerability management, and application security with expert consulting services.
Strobes Security Consulting Services provides an integrated cybersecurity platform that combines attack surface management, penetration testing, vulnerability management, and application security with expert consulting services.
A managed security service platform offering fixed-cost incident response, continuous vulnerability scanning, and integrated cyber insurance access through a subscription model.
A managed security service platform offering fixed-cost incident response, continuous vulnerability scanning, and integrated cyber insurance access through a subscription model.
A threat exposure management platform that unifies security operations by discovering assets, prioritizing vulnerabilities based on risk, and providing guided remediation across an organization's attack surface.
A threat exposure management platform that unifies security operations by discovering assets, prioritizing vulnerabilities based on risk, and providing guided remediation across an organization's attack surface.
A solution that discovers, analyzes, and helps remediate vulnerabilities across an organization's external digital attack surface by identifying and monitoring internet-facing assets.
A solution that discovers, analyzes, and helps remediate vulnerabilities across an organization's external digital attack surface by identifying and monitoring internet-facing assets.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
An attack surface management platform that discovers, maps, and monitors an organization's external digital assets to identify vulnerabilities and security weaknesses before they can be exploited.
An attack surface management platform that discovers, maps, and monitors an organization's external digital assets to identify vulnerabilities and security weaknesses before they can be exploited.
A threat intelligence platform that provides comprehensive visibility into an organization's attack surface by collecting, analyzing, and structuring threat data to enable proactive security measures against emerging threats.
A threat intelligence platform that provides comprehensive visibility into an organization's attack surface by collecting, analyzing, and structuring threat data to enable proactive security measures against emerging threats.
An AI-powered Cloud Native Application Protection Platform (CNAPP) that provides unified cloud security with attack surface management for small and medium businesses.
An AI-powered Cloud Native Application Protection Platform (CNAPP) that provides unified cloud security with attack surface management for small and medium businesses.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
DeTCT is a digital risk discovery and protection platform that monitors attack surfaces, vulnerabilities, data leaks, brand impersonation, and third-party risks to help organizations manage their cyber risk posture.
DeTCT is a digital risk discovery and protection platform that monitors attack surfaces, vulnerabilities, data leaks, brand impersonation, and third-party risks to help organizations manage their cyber risk posture.
A dark web monitoring platform that scans dark and deep web sources to detect exposed organizational data, compromised credentials, domain spoofing, and supply chain threats.
A dark web monitoring platform that scans dark and deep web sources to detect exposed organizational data, compromised credentials, domain spoofing, and supply chain threats.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
An open-source attack surface management platform for identifying and managing vulnerabilities
An open-source attack surface management platform for identifying and managing vulnerabilities
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.
A fast and reliable port scanner written in Go, designed for attack surface discovery in bug bounties and penetration testing.
A fast and reliable port scanner written in Go, designed for attack surface discovery in bug bounties and penetration testing.
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.
A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.
A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.
A Windows security hardening tool that disables potentially dangerous features in Windows 10/11 and common applications to reduce attack surface for individual users.
A Windows security hardening tool that disables potentially dangerous features in Windows 10/11 and common applications to reduce attack surface for individual users.
Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.
Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.
ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.
ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.
A Low-cost ICS Security Testbed for Education and Research
A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.
A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.
A Ruby-based tool that enumerates all public IPv4 and IPv6 addresses associated with an AWS account across multiple services including EC2, CloudFront, ELB, RDS, and others.
A Ruby-based tool that enumerates all public IPv4 and IPv6 addresses associated with an AWS account across multiple services including EC2, CloudFront, ELB, RDS, and others.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.
A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.
Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.
Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.
A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.
A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
Metabadger automates the upgrade of AWS EC2 instances to use the more secure Instance Metadata Service v2 (IMDSv2) to prevent SSRF attacks and reduce attack surface.
Metabadger automates the upgrade of AWS EC2 instances to use the more secure Instance Metadata Service v2 (IMDSv2) to prevent SSRF attacks and reduce attack surface.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Amass is an open-source OWASP tool for comprehensive attack surface mapping and asset discovery through domain reconnaissance and subdomain enumeration.
Amass is an open-source OWASP tool for comprehensive attack surface mapping and asset discovery through domain reconnaissance and subdomain enumeration.