Blogs & Stories

Trustwave Blog

The Trustwave Blog empowers information security professionals to achieve new heights through expert insight that addresses hot topics, trends and challenges and defines best practices.

The What, Why, and How of AttackSurfaceMapper

The primary goal for any security professional today is to present less of a target-rich environment for the slew of cyber swindlers aiming to compromise critical assets. However, as businesses continue to scale, leveraging multiple clouds to upgrade their operations, larger sets of dispersed data are expanding the battleground and presenting overwhelming challenges from a data protection standpoint.

One effective method that more businesses are wising up to is penetration testing, which allows them to locate the root of many problems before attackers do. To be successful against your adversary, you have to think like them, and penetration testing allows for this to happen.

To aid pen testing professionals, the Trustwave SpiderLabs team is always at work developing new ways to make their jobs easier and more productive. At the recent Black Hat USA conference in Las Vegas, Nevada, the team announced the latest open-source intelligence (OSINT) tool that pen testers can add to their arsenal.

Dubbed AttackSurfaceMapper, the tool is intending to speed up and simplify the reconnaissance process for pen testers, allowing them to focus on the exploitation process a bit more, according to Andreas Georgiou, security consultant at Trustwave, and one of the tool’s creators.

By taking a single IP address or domain, AttackSurfaceMapper analyzes it by using passive OSINT techniques and effective reconnaissance methods. This results in hard, actionable data that security professionals can use to spend more time on the testing, and less time on manually performing reconnaissance.

In the full video interview below, Georgiou outlines what you need to know about this open-source tool and how it can benefit your security efforts today.

Interested in learning more about the Trustwave SpiderLabs team or how Trustwave can help test your environment for weaknesses? Read more about our scanning and testing capabilities here.


Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.