Search Results for "attack surface management"
Sort By:
Showing 151 open source projects for "attack surface management"
View related business solutions-
The AI coach for teams, built on validated assessments.Give managers and teams proactive, contextual coaching to lead effectively, communicate clearly, and navigate real work situations as they happen.
-
The #1 solution for profitable resource managementUnlike spreadsheets or clunky PSAs, Float offers a clear, centralized view to schedule teams, plan capacity, estimate work, and track margins in real-time so that you can keep your people and profits on track.
-
1
Surface
A server-side rendering component library for Phoenix
Surface is a component-based UI library for Phoenix LiveView that brings a declarative, template-driven approach to building interactive interfaces. Inspired by frameworks like React, it introduces components with typed properties, slots, and macros to simplify complex UIs. Developers can create reusable, encapsulated components that integrate seamlessly with LiveView’s server-rendered real-time model. Surface emphasizes readability, making templates feel closer to HTML while retaining... -
2
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application... -
3
Surface Pro 7 Hackintosh
This project aims to provide continued support running macOS
...It includes detailed instructions for installing macOS, configuring hardware components, and troubleshooting common issues such as graphics acceleration, Wi-Fi, and power management. The repository is tailored specifically to the Surface Pro 7, addressing its unique hardware constraints and compatibility challenges. It uses tools such as OpenCore to manage the boot process and emulate necessary Apple hardware environments. The project also highlights the limitations of running macOS on unsupported hardware, including partial functionality for certain components. -
4
PowerUpSQL
A PowerShell toolkit for attacking SQL Server
...The project is aimed at internal penetration testers and red-teamers but is also useful for database administrators and defenders who want to inventory SQL Server attack surface and hunt for misconfigurations. PowerUpSQL can surface things like weak configuration flags, dangerous surface (for example, features that may enable code execution from SQL), credential material exposed in configuration, and cross-instance trust relationships such as linked servers. The codebase is implemented primarily in PowerShell, organized as a module with many discrete functions, and includes helper scripts and documentation for usage scenarios. -
The most user-friendly sales commission software for revenue-focused teamsRated as #1 sales compensation management software, Everstage helps businesses streamline commission administration, boost sales performance and improve ROI with actionable insights. Top features: No-code plan designer, detailed commission statements, advanced commission forecasting, quota management, queries & approval workflows, deferred commissions (ASC606), BI-powered reporting, and more.
-
5
RedAmon
AI-powered framework for automated penetration testing and red teaming
...It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting information such as subdomains, open ports, services, and potential vulnerabilities. RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process. -
6
LiteBox
A security-focused library OS supporting kernel execution
LiteBox is a security-focused “library OS” sandboxing project that aims to shrink the interface between an application and its host environment to reduce attack surface. Instead of relying solely on broad OS-level permissions, it focuses on isolating workloads by tightly controlling the boundary where code interacts with host services and system resources. The design emphasizes interoperability across different integration layers, describing a separation between “North” shims (how apps or runtimes plug in) and “South” platforms (where the sandbox runs), which helps the system adapt to multiple deployment contexts. ... -
7
Firecracker
Secure and fast microVMs for serverless computing
Firecracker is an open-source virtualization technology developed by AWS for deploying secure micro-VMs (microVMs) that offer strong isolation with minimal overhead. Designed for serverless workloads (e.g., AWS Lambda, Fargate), it combines VM-level security with container-like performance and startup speed. -
8
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws,... -
9
Encord Active
The toolkit to test, validate, and evaluate your models and surface
Encord Active is an open-source toolkit to test, validate, and evaluate your models and surface, curate, and prioritize the most valuable data for labeling to supercharge model performance. Encord Active has been designed as a all-in-one open source toolkit for improving your data quality and model performance. Use the intuitive UI to explore your data or access all the functionalities programmatically. Discover errors, outliers, and edge-cases within your data - all in one open source... -
PageDNA: Web-to-Print eCommerce SoftwarePageDNA enables successful eCommerce strategies for commercial print sales organizations, internal print shops, and brand owners. PageDNA’s online ordering platform increases print volume while decreasing touch costs for all stakeholders: clientele, print operations, and the organizations they support.
-
10
CyberStrikeAI
CyberStrikeAI is an AI-native security testing platform built in Go
...It supports role-based testing, letting teams define security roles with tailored tool access and prompts, and includes a skills system that encapsulates specialized testing strategies that the AI can incorporate into its planning. Through comprehensive lifecycle management, results are tracked, aggregated, and visualized, with support for versioned persistence, search, and risk severity scoring. -
11
Talos Linux
Talos Linux is a modern Linux distribution built for Kubernetes
Talos Linux is Linux designed for Kubernetes – secure, immutable, and minimal. Supports cloud platforms, bare metal, and virtualization platforms. All system management is done via an API. No SSH, shell or console. Production-ready supports some of the largest Kubernetes clusters in the world. Open source project from the team at Sidero Labs. It only takes 3 minutes to launch a Talos cluster on your laptop inside Docker. Talos reduces your attack surface. It's minimal, hardened and immutable. ... -
12
gVisor
Application Kernel for Containers
...Its key runtime, runsc, integrates seamlessly with container ecosystems such as Docker and Kubernetes, making it easy to deploy sandboxed workloads using familiar tools. By intercepting and safely handling syscalls from applications, gVisor reduces the attack surface of the host kernel, mitigating risks associated with running untrusted or potentially malicious code in containerized environments. -
13
KubeArmor
Runtime Security Enforcement System
...It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls. KubeArmor lessens the attack surface on pods, containers, and virtual machines. For inline mitigation, it uses Linux Security Modules (LSMs) like AppArmor, BPF-LSM, and SELinux to provide security without changing the pod or container or without host-level adjustments. KubeArmor simplifies their intricacies and makes enforcing policy simple. It functions as a non-privileged daemonset and has host, pod, and container monitoring capabilities. -
14
Middleman
Hand-crafted frontend development
...Extensions cover blogging, internationalization, sitemaps, data-driven pages, and external build steps, so complex sites remain manageable without server-side code. Because output is plain files, Middleman sites deploy anywhere—from object storage and CDNs to GitHub Pages—benefiting from high performance and low attack surface. Teams use it for marketing sites, docs, microsites, and prototypes where content and design matter more than dynamic backends. -
15
Crosvm
The Chrome OS Virtual Machine Monitor
...Unlike general-purpose emulators like QEMU, crosvm avoids full hardware emulation and focuses on modern paravirtualized I/O using the virtio standard, reducing complexity and attack surface. Written in Rust, it emphasizes memory safety and modularity, allowing sandboxed device emulation with fine-grained privilege separation. crosvm underpins several ChromeOS subsystems, including Android Runtime for Chrome (ARCVM) and Crostini Linux containers, enabling rich application compatibility within a tightly controlled environment. -
16
subfinder
Fast passive subdomain enumeration tool
...It focuses exclusively on collecting valid subdomains from a wide range of passive online sources, prioritizing accuracy and speed over intrusive scanning techniques. The project is widely used in bug bounty hunting, penetration testing, and attack surface mapping because it minimizes noise while producing actionable results. Its modular architecture allows users to enable dozens of data providers through API keys, expanding coverage as needed. Subfinder integrates easily into automation pipelines and CI workflows thanks to its clean command-line design and structured output formats. ... -
17
Hermit for Rust
Hermit for Rust
Hermit-RS is a Rust-based unikernel designed for high-performance and cloud computing applications. By combining the safety and concurrency features of Rust with the minimalistic approach of unikernels, Hermit-RS offers a secure and efficient runtime environment. It is particularly suited for running single-tenant applications directly on hypervisors or bare-metal hardware, reducing overhead and improving performance. -
18
Pterodactyl Panel
Pterodactyl® is a free, open-source game server management panel
...Built on a modern stack utilizing the best design practices that make it easy to jump in and make modifications. All servers run in isolated Docker containers that limit attack vectors, provide strict resource limits, and provide environments tailored to each specific game. Pterodactyl is 100% free and licensed under a MIT license. All of our code is completely open source as well. -
19
BasicBSpline.jl
Basic (mathematical) operations for B-spline functions
Basic (mathematical) operations for B-spline functions and related things with Julia. -
20
Arize Phoenix
Uncover insights, surface problems, monitor, and fine tune your LLM
Phoenix provides ML insights at lightning speed with zero-config observability for model drift, performance, and data quality. Phoenix is an Open Source ML Observability library designed for the Notebook. The toolset is designed to ingest model inference data for LLMs, CV, NLP and tabular datasets. It allows Data Scientists to quickly visualize their model data, monitor performance, track down issues & insights, and easily export to improve. Deep Learning Models (CV, LLM, and Generative)... -
21
Scout Suite
Multi-cloud security auditing tool
...Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all users may be performed offline. Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice. -
22
DevSec Hardening
This Ansible collection provides battle tested hardening
Hardening adds a layer into your automation framework, that configures your operating systems and services. It takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults. Running secure infrastructure is a difficult task. Although server hardening is a well-known topic with many guides out in the wild, it is still very cumbersome to apply and verify secure configuration. If you manage many server, they need to be configured properly and... -
23
The Bastion
Authentication, authorization, traceability and auditability for SSH
The Bastion is a hardened, audited, and production-grade bastion host developed by OVHcloud. It facilitates secure, controlled, and traceable SSH access to remote systems. The system is designed to be tamper-proof, with a strict access control system and logging for all user actions. It is widely used in enterprise environments to enforce secure and auditable infrastructure access policies. -
24
AWS SDK for C++
AWS SDK for C++
...It supports major platforms including Windows, macOS, and Linux, and uses CMake for builds so you can include only the services your application needs, helping reduce binary size and surface attack area. Documentation, code examples and build instructions make integration straightforward, and the modular build ability allows teams to pick and choose service clients. -
25
Inventory
Asset inventory dataset for public bug bounty program targets
...The repository tracks and organizes security-relevant assets for more than 800 companies participating in public vulnerability disclosure and bug bounty initiatives. It collects information such as DNS records and web server data, helping security researchers better understand the attack surface of these programs. It aims to streamline reconnaissance for bug bounty hunters by providing ready-to-use asset information so researchers can quickly begin testing new targets. It also helps security teams gain clearer visibility into their exposed infrastructure and publicly reachable systems. Much of the data in the repository is generated automatically through workflows that gather, transform, and consolidate bug bounty program data from multiple sources.
