ShadowSurface
Attack surface monitoring tool — scans domains, subdomains, SSL certificates, open ports, exposed admin paths, and security headers to surface external-facing risk.
Builds an external attack surface picture for a domain you own. Enumerates subdomains, checks SSL certificate validity and expiry, scans known ports, flags exposed admin paths and dev endpoints, and audits security headers. Prioritized risk-scored inventory plus analyst handoff report.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- RepoSentinel AISecurity project· Demo ready
Repository security reviewer — scans a local clone for secrets, insecure configs, vulnerable dependencies, risky Dockerfiles, and surfaces PR-style fix suggestions.
- AttackReplay StudioSecurity project· Demo ready
Visual incident replay dashboard — turns safe sample logs into an attack timeline, attack path view, GeoIP map, and incident summary.
- AutoPatch AISecurity project· Demo ready
Dependency vulnerability scanner and upgrade planner — scans package.json, requirements.txt, and Dockerfile base images, flags risky pins, produces PR-preview output.
- Beaconing Traffic DetectorSecurity project· Demo ready
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
- CSP GuardianSecurity project· Demo ready
Website security header and iframe policy analyzer — inspects CSP, X-Frame-Options, cookies, CORS, and HSTS to flag clickjacking, XSS, and framing risks.
Want a heads-up when ShadowSurface releases?