Search Results for "attack surface management"
Sort By:
Showing 150 open source projects for "attack surface management"
View related business solutions-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
ContractSafe: Contract Management SoftwareDitch those spreadsheets, shared drives & crazy-expensive solutions with too many bells & whistles. ContractSafe offers the simplest way to manage your contracts efficiently without breaking the bank.
-
1
Surface
A server-side rendering component library for Phoenix
Surface is a component-based UI library for Phoenix LiveView that brings a declarative, template-driven approach to building interactive interfaces. Inspired by frameworks like React, it introduces components with typed properties, slots, and macros to simplify complex UIs. Developers can create reusable, encapsulated components that integrate seamlessly with LiveView’s server-rendered real-time model. Surface emphasizes readability, making templates feel closer to HTML while retaining... -
2
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application... -
3
Surface Pro 7 Hackintosh
This project aims to provide continued support running macOS
...It includes detailed instructions for installing macOS, configuring hardware components, and troubleshooting common issues such as graphics acceleration, Wi-Fi, and power management. The repository is tailored specifically to the Surface Pro 7, addressing its unique hardware constraints and compatibility challenges. It uses tools such as OpenCore to manage the boot process and emulate necessary Apple hardware environments. The project also highlights the limitations of running macOS on unsupported hardware, including partial functionality for certain components. -
4
RedAmon
AI-powered framework for automated penetration testing and red teaming
...It combines artificial intelligence with traditional penetration testing tools to create a fully autonomous pipeline capable of discovering vulnerabilities and executing security assessments without human intervention. It begins with a multi-phase reconnaissance engine that maps the entire attack surface of a target, collecting information such as subdomains, open ports, services, and potential vulnerabilities. RedAmon then uses an AI agent orchestrator to analyze this data, select appropriate tools, and perform exploitation steps such as credential brute forcing or CVE-based attacks. All discovered assets, relationships, and vulnerabilities are stored in a Neo4j knowledge graph, allowing the system to reason about the environment and make informed decisions during the attack process. -
Cortex: Boost Developer Coding SkillsCortex is a simple portal that helps developers work smarter by linking all your tools, setting clear rules, and slashing repetitive tasks. It speeds up onboarding, updates old code, and fixes issues fast. Over 100 big companies use it to save time and get better results.
-
5
PowerUpSQL
A PowerShell toolkit for attacking SQL Server
...The project is aimed at internal penetration testers and red-teamers but is also useful for database administrators and defenders who want to inventory SQL Server attack surface and hunt for misconfigurations. PowerUpSQL can surface things like weak configuration flags, dangerous surface (for example, features that may enable code execution from SQL), credential material exposed in configuration, and cross-instance trust relationships such as linked servers. The codebase is implemented primarily in PowerShell, organized as a module with many discrete functions, and includes helper scripts and documentation for usage scenarios. -
6
LiteBox
A security-focused library OS supporting kernel execution
LiteBox is a security-focused “library OS” sandboxing project that aims to shrink the interface between an application and its host environment to reduce attack surface. Instead of relying solely on broad OS-level permissions, it focuses on isolating workloads by tightly controlling the boundary where code interacts with host services and system resources. The design emphasizes interoperability across different integration layers, describing a separation between “North” shims (how apps or runtimes plug in) and “South” platforms (where the sandbox runs), which helps the system adapt to multiple deployment contexts. ... -
7
KubeArmor
Runtime Security Enforcement System
...It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls. KubeArmor lessens the attack surface on pods, containers, and virtual machines. For inline mitigation, it uses Linux Security Modules (LSMs) like AppArmor, BPF-LSM, and SELinux to provide security without changing the pod or container or without host-level adjustments. KubeArmor simplifies their intricacies and makes enforcing policy simple. It functions as a non-privileged daemonset and has host, pod, and container monitoring capabilities. -
8
Encord Active
The toolkit to test, validate, and evaluate your models and surface
Encord Active is an open-source toolkit to test, validate, and evaluate your models and surface, curate, and prioritize the most valuable data for labeling to supercharge model performance. Encord Active has been designed as a all-in-one open source toolkit for improving your data quality and model performance. Use the intuitive UI to explore your data or access all the functionalities programmatically. Discover errors, outliers, and edge-cases within your data - all in one open source... -
9
Talos Linux
Talos Linux is a modern Linux distribution built for Kubernetes
Talos Linux is Linux designed for Kubernetes – secure, immutable, and minimal. Supports cloud platforms, bare metal, and virtualization platforms. All system management is done via an API. No SSH, shell or console. Production-ready supports some of the largest Kubernetes clusters in the world. Open source project from the team at Sidero Labs. It only takes 3 minutes to launch a Talos cluster on your laptop inside Docker. Talos reduces your attack surface. It's minimal, hardened and immutable. ... -
Free and Open Source HR SoftwareGive your HR team the tools they need to streamline administrative tasks, support employees, and make informed decisions with the OrangeHRM free and open source HR software.
-
10
Shannon
Fully autonomous AI hacker to find actual exploits in your web apps
Shannon is an autonomous AI penetration testing system built to find and prove real, exploitable vulnerabilities in web applications rather than stopping at static warnings or best-guess alerts. It focuses on “proof by exploitation,” meaning it actively hunts for attack vectors in your code and then attempts to execute end-to-end exploits to demonstrate impact. The project blends source-aware analysis with automated web interaction so it can validate issues like injection flaws,... -
11
gVisor
Application Kernel for Containers
...Its key runtime, runsc, integrates seamlessly with container ecosystems such as Docker and Kubernetes, making it easy to deploy sandboxed workloads using familiar tools. By intercepting and safely handling syscalls from applications, gVisor reduces the attack surface of the host kernel, mitigating risks associated with running untrusted or potentially malicious code in containerized environments. -
12
Firecracker
Secure and fast microVMs for serverless computing
Firecracker is an open-source virtualization technology developed by AWS for deploying secure micro-VMs (microVMs) that offer strong isolation with minimal overhead. Designed for serverless workloads (e.g., AWS Lambda, Fargate), it combines VM-level security with container-like performance and startup speed. -
13
CyberStrikeAI
CyberStrikeAI is an AI-native security testing platform built in Go
...It supports role-based testing, letting teams define security roles with tailored tool access and prompts, and includes a skills system that encapsulates specialized testing strategies that the AI can incorporate into its planning. Through comprehensive lifecycle management, results are tracked, aggregated, and visualized, with support for versioned persistence, search, and risk severity scoring. -
14
Middleman
Hand-crafted frontend development
...Extensions cover blogging, internationalization, sitemaps, data-driven pages, and external build steps, so complex sites remain manageable without server-side code. Because output is plain files, Middleman sites deploy anywhere—from object storage and CDNs to GitHub Pages—benefiting from high performance and low attack surface. Teams use it for marketing sites, docs, microsites, and prototypes where content and design matter more than dynamic backends. -
15
subfinder
Fast passive subdomain enumeration tool
...It focuses exclusively on collecting valid subdomains from a wide range of passive online sources, prioritizing accuracy and speed over intrusive scanning techniques. The project is widely used in bug bounty hunting, penetration testing, and attack surface mapping because it minimizes noise while producing actionable results. Its modular architecture allows users to enable dozens of data providers through API keys, expanding coverage as needed. Subfinder integrates easily into automation pipelines and CI workflows thanks to its clean command-line design and structured output formats. ... -
16
Crosvm
The Chrome OS Virtual Machine Monitor
...Unlike general-purpose emulators like QEMU, crosvm avoids full hardware emulation and focuses on modern paravirtualized I/O using the virtio standard, reducing complexity and attack surface. Written in Rust, it emphasizes memory safety and modularity, allowing sandboxed device emulation with fine-grained privilege separation. crosvm underpins several ChromeOS subsystems, including Android Runtime for Chrome (ARCVM) and Crostini Linux containers, enabling rich application compatibility within a tightly controlled environment. -
17
Hermit for Rust
Hermit for Rust
Hermit-RS is a Rust-based unikernel designed for high-performance and cloud computing applications. By combining the safety and concurrency features of Rust with the minimalistic approach of unikernels, Hermit-RS offers a secure and efficient runtime environment. It is particularly suited for running single-tenant applications directly on hypervisors or bare-metal hardware, reducing overhead and improving performance. -
18
BasicBSpline.jl
Basic (mathematical) operations for B-spline functions
Basic (mathematical) operations for B-spline functions and related things with Julia. -
19
Pterodactyl Panel
Pterodactyl® is a free, open-source game server management panel
...Built on a modern stack utilizing the best design practices that make it easy to jump in and make modifications. All servers run in isolated Docker containers that limit attack vectors, provide strict resource limits, and provide environments tailored to each specific game. Pterodactyl is 100% free and licensed under a MIT license. All of our code is completely open source as well. -
20
Gaston.jl
A julia front-end for gnuplot
Gaston is a Julia package for plotting. It provides an interface to gnuplot, a powerful plotting package available on all major platforms. The current stable release is v1.1.0, and it has been tested with Julia LTS (1.6) and stable (1.8), on Linux. Gaston should work on any platform that runs gnuplot. -
21
The Bastion
Authentication, authorization, traceability and auditability for SSH
The Bastion is a hardened, audited, and production-grade bastion host developed by OVHcloud. It facilitates secure, controlled, and traceable SSH access to remote systems. The system is designed to be tamper-proof, with a strict access control system and logging for all user actions. It is widely used in enterprise environments to enforce secure and auditable infrastructure access policies. -
22
Arize Phoenix
Uncover insights, surface problems, monitor, and fine tune your LLM
Phoenix provides ML insights at lightning speed with zero-config observability for model drift, performance, and data quality. Phoenix is an Open Source ML Observability library designed for the Notebook. The toolset is designed to ingest model inference data for LLMs, CV, NLP and tabular datasets. It allows Data Scientists to quickly visualize their model data, monitor performance, track down issues & insights, and easily export to improve. Deep Learning Models (CV, LLM, and Generative)... -
23
Scout Suite
Multi-cloud security auditing tool
...Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all users may be performed offline. Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice. -
24
DevSec Hardening
This Ansible collection provides battle tested hardening
Hardening adds a layer into your automation framework, that configures your operating systems and services. It takes care of difficult settings, compliance guidelines, cryptography recommendations, and secure defaults. Running secure infrastructure is a difficult task. Although server hardening is a well-known topic with many guides out in the wild, it is still very cumbersome to apply and verify secure configuration. If you manage many server, they need to be configured properly and... -
25
CGAL
The Computational Geometry Algorithms Library
CGAL or the Computational Geometry Algorithms Library is a C++ library that gives you easy access to a myriad of efficient and reliable geometric algorithms. These algorithms are useful in a wide range of applications, including computer aided design, robotics, molecular biology, medical imaging, geographic information systems and more. CGAL features a great range of data structures and algorithms, including Voronoi diagrams, cell complexes and polyhedra, triangulations, arrangements of...
