Updated 2024/02/18
Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.
I've put a * next to a small number of my favorite ASMs!
- archerysec *
- AttackSurfaceMapper
- axiom *
- CloudFrontier
- crossfeed *
- django DefectDojo *
- docker_offensive_elk
- faraday *
- IVRE *
- jok3r framework
- Monitorizer
- Osmedeus *
- ReconNess
- ReconPi
- reNgine *
- sn0int
- sublert
- Coalitioninc
- Seems to be restricted to policy holders now...
- eReKon
- Uncertain if this is usable as-is
- README says
unstable-rn ongoing-rebuild in new stack
- Findomain *
- OSS, but not free
- envizon
- End of life/archived
- hakluke's open source asm with spiderfoot*
- No longer managed in hakluke's repo; it was sold to Intel471, but the repo is still live
- intrigue-core
- Now owned and managed by Mandiant under a Limited Open Source agreement, and is no longer maintained on GitHub
- natlas *
- Last commit is June 2021
- SonarSearch
- Requires access to the Rapid7 Project Sonar datasets, which are behind a registration wall.
- Assetnote
- BinaryEdge Attack Surface Monitoring *
- Censys Attack Surface Management *
- Detectify Asset Monitoring & Deep Scan *
- RedHunt Labs Attack Surface Management - (NVADR)
- RiskIQ
- runZero *
- Rebranded from Rumble.run
- Community Edition (<101 assets) is free
- Incidentally, Darknet Diaries had a great episode featuring it's CEO HD Moore, linked here: Darknet Diaries Ep. 114: HD - YouTube
- SecurityTrails Attack Surface Reduction *