Showing 22 open source projects for "surface"

View related business solutions
  • Build Agents and Models on One Platform Icon
    Build Agents and Models on One Platform

    Everything you need to build production-ready agents and models. Access 200+ Google and third-party AI models and tools.

    Gemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
    Try It Free
  • Custom VMs From 1 to 96 vCPUs With 99.95% Uptime Icon
    Custom VMs From 1 to 96 vCPUs With 99.95% Uptime

    General-purpose, compute-optimized, or GPU/TPU-accelerated. Built to your exact specs.

    Live migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
    Try Free
  • 1
    OWASP Amass

    OWASP Amass

    In-depth attack surface mapping and asset discovery

    The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application...
    Downloads: 22 This Week
    Last Update:
    See Project
  • 2
    RedAmon

    RedAmon

    AI-powered framework for automated penetration testing and red teaming

    ...It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting information such as subdomains, open ports, services, and potential vulnerabilities. RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process.
    Downloads: 7 This Week
    Last Update:
    See Project
  • 3
    XRAY

    XRAY

    XRay for recon, mapping and OSINT gathering from public networks

    ...It provides a framework for writing and executing inspection modules that can parse structured data (JSON, XML, HTML), traverse graphs of endpoints, and perform intelligent probing guided by discovered surface area. XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. The modular architecture means users can customize or extend the engine with new analyzers, fuzzers, or output formats tailored to specific testing environments. ...
    Downloads: 2 This Week
    Last Update:
    See Project
  • 4
    Swift Crypto

    Swift Crypto

    Open-source implementation of a substantial portion of the API

    ...The repository maintains active releases and issue tracking for enhancements like PEM handling and ecosystem compatibility. High-level, misuse-resistant primitives and key handling. SwiftPM distribution for easy inclusion in builds. By matching CryptoKit’s surface, it reduces portability friction between Apple platforms and server environments. The package slots cleanly into SwiftPM builds and is widely adopted across the Swift server ecosystem. Its goal is practical cryptography: safe defaults, clear APIs, and predictable performance.
    Downloads: 0 This Week
    Last Update:
    See Project
  • Cut Data Warehouse Costs by 54% Icon
    Cut Data Warehouse Costs by 54%

    Easily migrate from Snowflake, Redshift, or Databricks with free tools.

    BigQuery delivers 54% lower TCO with exabyte scale and flexible pricing. Free migration tools handle the SQL translation automatically.
    Try Free
  • 5
    subfinder

    subfinder

    Fast passive subdomain enumeration tool

    ...It focuses exclusively on collecting valid subdomains from a wide range of passive online sources, prioritizing accuracy and speed over intrusive scanning techniques. The project is widely used in bug bounty hunting, penetration testing, and attack surface mapping because it minimizes noise while producing actionable results. Its modular architecture allows users to enable dozens of data providers through API keys, expanding coverage as needed. Subfinder integrates easily into automation pipelines and CI workflows thanks to its clean command-line design and structured output formats. ...
    Downloads: 34 This Week
    Last Update:
    See Project
  • 6
    Shannon

    Shannon

    Fully autonomous AI hacker to find actual exploits in your web apps

    Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws,...
    Downloads: 23 This Week
    Last Update:
    See Project
  • 7
    BBOT

    BBOT

    The recursive internet scanner for hackers

    BBOT is an advanced open-source reconnaissance automation framework designed to streamline large-scale OSINT and attack surface discovery workflows. It operates as a modular and recursive scanning tool that can enumerate subdomains, perform port scans, gather metadata, and collect web intelligence through a unified command-line interface. The project emphasizes extensibility, allowing users to create or integrate custom modules that expand the scope of reconnaissance tasks without modifying the core engine. ...
    Downloads: 8 This Week
    Last Update:
    See Project
  • 8
    Windows Super God Mode

    Windows Super God Mode

    Creates shortcuts to virtually every special location or action built

    This project packages a set of Windows tweaks, shortcuts, and convenience scripts that surface many of the OS’s hidden settings and advanced controls into a single, easy-to-use place. It automates creation of “God Mode” folders and other control-panel shortcuts, removes the need to manually hunt through layers of Settings or the Registry, and often bundles helper scripts for common maintenance tasks. The intent is to put power-user features—tweaks for privacy, appearance, power management, and system behavior—within quick reach so administrators and enthusiasts can configure machines consistently. ...
    Downloads: 14 This Week
    Last Update:
    See Project
  • 9
    Inventory

    Inventory

    Asset inventory dataset for public bug bounty program targets

    ...The repository tracks and organizes security-relevant assets for more than 800 companies participating in public vulnerability disclosure and bug bounty initiatives. It collects information such as DNS records and web server data, helping security researchers better understand the attack surface of these programs. It aims to streamline reconnaissance for bug bounty hunters by providing ready-to-use asset information so researchers can quickly begin testing new targets. It also helps security teams gain clearer visibility into their exposed infrastructure and publicly reachable systems. Much of the data in the repository is generated automatically through workflows that gather, transform, and consolidate bug bounty program data from multiple sources.
    Downloads: 3 This Week
    Last Update:
    See Project
  • $300 Free Credits to Build on Google Cloud Icon
    $300 Free Credits to Build on Google Cloud

    New to Google Cloud? Get $300 in credits to explore Compute Engine, BigQuery, Cloud Run, Gemini Enterprise Agent Platform, and more.

    Start your next project with $300 in free Google Cloud credit. Spin up VMs, run containers, query petabytes in BigQuery, or build agents with Gemini Enterprise Agent Platform. Once your credits are used, keep building with 20+ always-free tier products including Compute Engine, Cloud Storage, GKE, and Cloud Run functions. No commitment required—just sign up and start building.
    Claim $300 Free
  • 10
    KubeArmor

    KubeArmor

    Runtime Security Enforcement System

    ...It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls. KubeArmor lessens the attack surface on pods, containers, and virtual machines. For inline mitigation, it uses Linux Security Modules (LSMs) like AppArmor, BPF-LSM, and SELinux to provide security without changing the pod or container or without host-level adjustments. KubeArmor simplifies their intricacies and makes enforcing policy simple. It functions as a non-privileged daemonset and has host, pod, and container monitoring capabilities.
    Downloads: 1 This Week
    Last Update:
    See Project
  • 11
    Google Authenticator PAM Library

    Google Authenticator PAM Library

    Example PAM module demonstrating two-factor authentication

    google-authenticator-libpam is a Pluggable Authentication Module (PAM) that adds one-time passcodes to Unix and Linux logins using open OATH standards. It plugs into PAM stacks for services like SSH, su, or desktop display managers, prompting users for a time-based (TOTP) or counter-based (HOTP) code after their password. A lightweight enrollment program bootstraps each account by generating a secret, printing a QR code, and writing per-user configuration with safe file permissions. Because...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 12
    Scout Suite

    Scout Suite

    Multi-cloud security auditing tool

    ...Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all users may be performed offline. Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice.
    Downloads: 4 This Week
    Last Update:
    See Project
  • 13
    Digna Web Scanner

    Digna Web Scanner

    A tool to check web apps for vulnerabilty

    ...Insecure Direct Object References (IDOR): Scans for vulnerabilities that might enable attackers to access unauthorized data by manipulating direct object references. Open Ports: Detects open ports on the target web server to understand its potential attack surface. Content Security Policy (CSP): Checks if the website has a properly configured CSP to mitigate XSS and other injection RCE
    Downloads: 1 This Week
    Last Update:
    See Project
  • 14
    1654 — encryption system

    1654 — encryption system

    1024-bit encryption system (functional safe or disk) | С++20

    ...Key Characteristics Vault-oriented model Encrypted data is treated as a sealed container-safe with explicit operations, not as a password-wrapped file. Dependency-free design The entire cryptographic surface is auditable in-tree. PetoronHash as the cryptographic core All key material derivation, diffusion, and internal transformations are driven by PetoronHash 1024-bit wide internal state The architecture uses a wide internal state to increase diffusion depth and structural safety margins. https://github.com/01alekseev/1654 Petoron | Ivan Alekseev | MIT license
    Downloads: 0 This Week
    Last Update:
    See Project
  • 15
    Hakrawler

    Hakrawler

    Fast Go web crawler for discovering URLs and web app endpoints

    ...It is primarily used during the reconnaissance phase of security testing, bug bounty hunting, and penetration testing. It works by automatically crawling web pages and extracting links, JavaScript file locations, and other resources that may reveal additional attack surface or hidden functionality. hakrawler is implemented as a simple and efficient crawler using the Gocolly library, which allows it to perform fast and concurrent crawling of web pages. It accepts URLs through standard input, making it easy to integrate into command-line pipelines with other security tools. This workflow enables researchers to combine it with subdomain enumeration, HTTP probing, and vulnerability scanning utilities to automate reconnaissance processes. hakrawler can follow links within a website and optionally include subdomains.
    Downloads: 0 This Week
    Last Update:
    See Project
  • 16
    BigBountyRecon

    BigBountyRecon

    Automates reconnaissance for bug bounty and penetration testing target

    BigBountyRecon is an open source reconnaissance tool designed to assist security researchers, penetration testers, and bug bounty hunters during the early stages of security assessments. It automates the collection of publicly accessible information about a target organization by combining numerous reconnaissance techniques with widely used Google dorks and other open source resources. Its main goal is to accelerate the information-gathering phase, which is often considered one of the most...
    Downloads: 12 This Week
    Last Update:
    See Project
  • 17
    AttackSurfaceMapper

    AttackSurfaceMapper

    Automated tool for mapping & expanding organization’s attack surface

    AttackSurfaceMapper (ASM) is a reconnaissance and attack surface discovery tool designed to automate the process of mapping potential targets within an organization's infrastructure. It combines open source intelligence (OSINT) with selective active reconnaissance techniques to expand and analyze a target’s external attack surface. Users can supply domains, subdomains, or IP addresses as input, and applies multiple discovery methods to identify additional related assets such as new subdomains, associated IP ranges, and hosts within the same network ownership. ...
    Downloads: 1 This Week
    Last Update:
    See Project
  • 18
    DNSGen

    DNSGen

    Intelligent DNS permutation tool for subdomain discovery

    DNSGen is an open source DNS name permutation tool designed primarily for security researchers and penetration testers who need to discover potential subdomains during reconnaissance and attack surface mapping. It analyzes existing domain names and generates numerous intelligent variations that may represent valid subdomains within an organization’s infrastructure. These generated permutations help identify hidden or unlisted services that may not appear in standard DNS queries or public records. DNSGen applies multiple permutation techniques to create realistic domain combinations based on modern infrastructure naming patterns, including cloud environments, DevOps tools, and microservice architectures. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 19
    AQUATONE

    AQUATONE

    A tool for domain flyovers

    Aquatone is a tool for visual inspection of websites across a large amount of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface. Aquatone is designed to be as easy to use as possible and to integrate with your existing toolset with no or minimal glue. Aquatone is started by piping output of a command into the tool. It doesn't really care how the piped data looks as URLs, domains, and IP addresses will be extracted with regular expression pattern matching. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 20
    Photon

    Photon

    Incredibly fast crawler designed for OSINT

    Photon is an extremely fast web crawler built specifically for OSINT and reconnaissance use cases. It is designed to extract URLs, endpoints, files, and other intelligence artifacts from target websites with minimal overhead. The crawler prioritizes speed and breadth, making it suitable for mapping web attack surfaces and discovering hidden resources. Photon is commonly used during early reconnaissance phases to build a comprehensive inventory of reachable assets. Its Python implementation...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 21

    chaOS41

    A cryptocurrency like Bitcoin improved upon with reality binding.

    There is a reason this project holds no code. chaOS41 is a cryptocurrency with reality binding. A given value of money was paid for a surface area the size of a flower pot. It was out of proportion. The chaoOS41 currency corrects that. It binds its value to reality. Its unit value is a ratio between money and land area.. When that ratio normalizes, the currency becomes available to the public. 1 more developer is wanted. For that you need inside access, which means the access protocol is made public now. ...
    Downloads: 0 This Week
    Last Update:
    See Project
  • 22
    HTTP Anti Flood/DoS Security Module

    HTTP Anti Flood/DoS Security Module

    Detect Flooder IPs, Reduce Attack Surface against HTTP Flood Attacks

    This module provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Massive crawling/scanning tools, HTTP Flood tools can be detected and blocked by this module via htaccess, firewall or iptables, etc. (like mod_evasive) You can use this module by including "iosec.php" to any PHP file which wants to be protected.
    Downloads: 3 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • Next
Auth0 Logo