Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit

A naukri.com initiative

New

Frogy2.0 -...

Kitploit

Image Credit: Kitploit

Frogy 2.0 is an ASM toolkit for automating external recon to identify an organization's entire internet presence.
It aggregates assets using tools like CHAOS, Subfinder, crt.sh, and validates them with live DNS resolution.
The toolkit focuses on in-depth web recon by gathering detailed HTTP response data with HTTPX.
It smartly prioritizes assets based on factors like homepage status, login interfaces, technology stack, and generates risk scores.
Features include professional reporting with dynamic HTML reports and color-coded risk scoring.
Risk scoring is based on asset attractiveness, considering factors like purpose, URLs found, login interfaces, HTTP status, TLS version, and more.
Each factor contributes points to the risk score, helping prioritize assets for deeper testing by pentesters.
Installation involves cloning the repository and running an installer script to set up dependencies and tools.
The toolkit's future roadmap includes enhancements like security and compliance data, analytics, identifying endpoints, and more.
Frogy 2.0 aims to help security teams focus on assets that are more complex, privileged, or likely to be misconfigured.
It provides a systematic approach to identifying and prioritizing potential attack surfaces for testing and securing an organization's digital footprint.

Read Full Article

4 Likes

For uninterrupted reading, download the app