Skip to content

Top 5 Tools for Digital Attack Surface Enumeration

Top 5 Tools For Digital Attack Surface Enumeration

1> Maltego CE 

Maltego is an interactive data mining tool that renders directed graphs for link analysis. The tool is used in online investigations for finding relationships between pieces of information from various sources located on the Internet. You can find more details here

How It Helps You :

    • Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.
    • Maltego provides you with a much more powerful search, giving you smarter results. If access to “hidden” information determines your success, Maltego can help you discover it.
    • Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.

2> Shodan

They claim to be world’s first search engine for internet-connected devices.
Shodan has servers located around the world that crawl the Internet 24/7 to provide the latest Internet intelligence. Who buys Smart TVs? Which countries are building the most wind farms? What companies are affected by Heartbleed? Shodan provides the tools to answer questions at the Internet-scale. Shodan provides a public API that allows other tools to access all of Shodan’s data. Integrations are available for Nmap, Metasploit, Maltego, FOCA, Chrome, Firefox and many more. More details here.

Here you can find more details on Shodan Dorks To Find Exposed IT


3> Nmap

Nmap is one of the oldest and well-known port-scanners used by hackers and the security community.  Nmap stands for Network mapper and it is free and open-source.

Nmap uses IP packets in multiple different ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, whether there are packet filters/firewalls in use, and so on. It was designed to scan single hosts as well as large networks rapidly. Nmap is portable and runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. The current version is available for download at

4> Spiderfoot

SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other.

The data returned from a SpiderFoot scan will reveal a lot of information about your target, providing insight into possible data leaks, vulnerabilities or other sensitive information that can be leveraged during a penetration test, red team exercise or for threat intelligence. Try it out against your own network to see what you might have exposed! Find more details here

5> Firecompass

Firecompass helps to Enumerate Vulnerabilities (CVEs, Takeover Risk etc.), Discover Exposed DB Servers & S3 Buckets, Discover Domains, Exposed Applications, Websites & Identify Exposed Documents & Files, IoT Infrastructure, Compromised / Malicious Infrastructure, exposed services like APIs, FTP Servers, Exposed Personnel Information including email addresses, phone numbers etc. It can also Detect Fake Mobile Apps & Websites or Domains.

It has following use cases – 

    1. Digital Footprint and Shadow IT
    2. Darkweb Monitoring
    3. 3rd Party Risk Management
    4. Unknown Asset Discovery

You can request for a free demo of your attack surface here