#Attack-surface

Showing 21 of 21 repositories tagged #attack-surface, ranked by stars

projectdiscovery
projectdiscovery
nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.

Score
100
β˜… 29.6k β‘‚ 3.5k +47/day
Go
1N3
1N3
Sn1per

Automated penetration testing & attack surface management platform. Recon, scan, exploit, report β€” 600+ exploits, 90+ integrations, 10K+ detections.

Score
100
β˜… 10.3k β‘‚ 2.1k +16/day
Shell
projectdiscovery
projectdiscovery
uncover

Quickly discover exposed hosts on the internet using multiple search engines.

Score
0
β˜… 3.0k β‘‚ 273 +1/day
Go
stanislav-web
stanislav-web
OpenDoor

OWASP Web Recon & Directory Discovery Platform

Score
0
β˜… 985 β‘‚ 187 β€”
Python
vmfunc
vmfunc
sif

the blazing-fast pentesting suite.

Score
93
β˜… 667 β‘‚ 29 β€”
Go
3nock
3nock
OTE

OSINT Template Engine

Score
71
β˜… 577 β‘‚ 63 β€”
C
cc1a2b
cc1a2b
JShunter

jshunter is a command-line tool designed for analyzing JavaScript files and extracting endpoints. This tool specializes in identifying sensitive data, such as API endpoints and potential security vulnerabilities, making it an essential resource for and bug bounty hunters and security researchers.

Score
0
β˜… 528 β‘‚ 59 +2/day
Go
BishopFox
BishopFox
smogcloud

Find cloud assets that no one wants exposed πŸ”Ž ☁️

Score
64
β˜… 350 β‘‚ 33 β€”
Go
kosty-cloud
kosty-cloud
kosty

Scan 30+ AWS services. Find cost waste. Detect security gaps. Map your attack surface. One command.

Score
100
β˜… 270 β‘‚ 24 β€”
Python
RossGeerlings
RossGeerlings
webstor

WebStor efficiently enumerates all websites across your organization’s networks and those in your DNS records - including cloud-hosted servers via zone transfer data - stores their responses, and lets you query for known web technologies, including those with zero-day vulnerabilities.

Score
36
β˜… 157 β‘‚ 19 β€”
Python
7WaySecurity
7WaySecurity
cloud_osint

☁️ Curated Cloud OSINT resources β€” dorks, tools, and techniques for AWS, Azure, GCP, Oracle Cloud, and other major providers reconnaissance

Score
86
β˜… 133 β‘‚ 19 β€”
praetorian-inc
praetorian-inc
vespasian

API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs

Score
79
β˜… 106 β‘‚ 6 β€”
Go
1N3
1N3
AttackSurfaceManagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Score
29
β˜… 105 β‘‚ 21 β€”
Shell
TalMaIka
TalMaIka
Site-Scanner

Site-Scanner - Web application vulnerability assessment tool.

Score
21
β˜… 51 β‘‚ 14 β€”
Python
apisec-inc
apisec-inc
AI-Surface

Find and govern AI attack surfaces in application code at PR time. Free, OSS, runs offline.

Score
0
β˜… 44 β‘‚ 8 β€”
Python
dreizehnutters
dreizehnutters
vide

Minimal web server enumeration & attack surface detection tool based on results of nmap.

Score
14
β˜… 38 β‘‚ 3 +1/day
Shell
spider12223
spider12223
PenScope

Passive recon & attack surface mapper β€” zero requests sent

Score
43
β˜… 32 β‘‚ 2 β€”
JavaScript
badchars
badchars
osint-mcp-server

OSINT intelligence MCP server for AI agents β€” 37 tools, 12 sources. Shodan, VirusTotal, Censys, SecurityTrails, DNS reconnaissance, WHOIS, certificate transparency, BGP routing, Wayback Machine, GeoIP. Automated open source intelligence and attack surface mapping via Model Context Protocol.

Score
50
β˜… 31 β‘‚ 7 +4/day
TypeScript
cc1a2b
cc1a2b
PenHunter

Pen Hunter is a comprehensive vulnerability scanning tool designed for penetration testers, security researchers and bug bounties. it automates the process of collecting subdomains and URLs and tests them for various vulnerabilities including XSS, SQL Injection, Local File Inclusion, Open Redirect, Server-Side Request Forgery, CSRF, and RCE.

Score
57
β˜… 29 β‘‚ 6 β€”
Go
krishealty
krishealty
tunnel-ADB

Simple ADB toolkit to penetrate Android device using Android Debug Bridge with over 35 features.

Score
0
β˜… 11 β‘‚ 1 β€”
Shell
volksec
volksec
minerva

This script automates the reconnaissance and penetration testing process for a given target.

Score
7
β˜… 10 β‘‚ 3 β€”
Shell
Related Topics
#penetration-testing#security#cybersecurity#pentesting#security-tools#osint#reconnaissance#infosec#pentest-scripts#recon#bug-bounty#hacking

Β© 2026 GitRepoTrend Β· GitHub repositories by topic Β· Updated weekly