Attack Surface Mapping

DeTCT is a digital risk discovery and protection platform that monitors attack surfaces, vulnerabilities, data leaks, brand impersonation, and third-party risks to help organizations manage their cyber risk posture.

A dark web monitoring platform that scans dark and deep web sources to detect exposed organizational data, compromised credentials, domain spoofing, and supply chain threats.

XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.

Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.

Automated vulnerability assessment and remediation platform

An open-source attack surface management platform for identifying and managing vulnerabilities

A Python API client for BuiltWith that enables programmatic access to website technology profiling and reconnaissance data.

LinksDumper extracts links and endpoints from HTTP responses to support web application security testing and reconnaissance activities.

A fast and reliable port scanner written in Go, designed for attack surface discovery in bug bounties and penetration testing.

A domain reconnaissance tool that automates subdomain discovery, port scanning, and monitoring with support for multiple data sources and notification integrations.

A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.

A Windows security hardening tool that disables potentially dangerous features in Windows 10/11 and common applications to reduce attack surface for individual users.

Cloud_enum is a multi-cloud OSINT tool that enumerates publicly accessible resources across AWS, Azure, and Google Cloud platforms for security assessment purposes.

Automate your reconnaissance process with AttackSurfaceMapper, a tool for mapping and analyzing network attack surfaces.

CloudFox is an open source command line tool that helps penetration testers and offensive security professionals identify exploitable attack paths and gain situational awareness in cloud infrastructure environments.

FullHunt is a next-generation attack surface security platform that enables companies to discover, monitor, and secure their external attack surfaces.

ElectricEye is a multi-cloud Python CLI tool that performs security posture management and attack surface monitoring across cloud service providers and SaaS platforms with over 1000 security checks mapped to 20+ compliance frameworks.

A Low-cost ICS Security Testbed for Education and Research

Automate OSINT for threat intelligence and attack surface mapping with SpiderFoot.

A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.

A Ruby-based tool that enumerates all public IPv4 and IPv6 addresses associated with an AWS account across multiple services including EC2, CloudFront, ELB, RDS, and others.

A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.

A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.

Starbase is a graph-based security analysis platform that provides automated asset discovery and relationship mapping across external services and systems to enhance attack surface visibility.