Enterprise security attack surface analysis tool

Examine the possible vulnerabilities of enterprise Internet assets or other possibilities that can be attacked from the perspective of attackers , This is an extremely important work . Today, I'd like to share some open source enterprise attack surface analysis tools , It can help Party A's security team sort out and detect the attack surface .

01、Goby - Attack surface mapping

Goby It is a new generation of network security assessment tools , It can sort out the most complete attack information for enterprises , At the same time, it can quickly penetrate into the enterprise intranet according to the vulnerabilities exposed in the external network .

Official website address ：

https://gobies.org/

02、ARL - Asset safety Lighthouse

Quickly discover and sort out enterprise extranet assets , Build asset information base , Assist Party A's security team or penetration testers to quickly find the weak points and attack areas in the enterprise's assets .

github Project address ：

https://github.com/TophantTechnology/ARL

03、linglong - Asset cruise scanning system

System positioning is through masscan+nmap Infinite cycle to find new assets , Automatically conduct port weak password blasting 、 fingerprint identification 、XrayPoc scanning .

github Project address ：

https://github.com/awake1t/linglong

04、SEC- Distributed asset security scanning

SEC It can be used for enterprises to scan and troubleshoot the security of server resources , Controllable 、 You can stop running scanning tasks 、 Support distributed multi node deployment , Faster scanning progress + Nodes perform information dynamic feedback , Quickly locate vulnerabilities .

github Project address ：

https://github.com/smallcham/sec-admin

05、w12scan - Network security asset scanning engine

adopt WEB Interface issue task ,w12scan Relevant assets will be automatically aggregated to facilitate analysis and use .

github Project address ：

https://github.com/w-digital-scanner/w12scan