Open-Source Attack Surface Management Cheat Sheet Released
A developer has published an open-source Attack Surface Management cheat sheet that started as personal notes and evolved into a structured reference. The project focuses on practical ASM implementation rather than theoretical concepts.
What's Included
The cheat sheet covers several key areas of Attack Surface Management:
- Discovering unknown assets
- Tracking exposed infrastructure
- Reconnaissance and enumeration tooling
- Simple automation workflows
- Recommended books and learning resources
Development Process
The developer used Claude AI to help organize sections, expand explanations, and structure documentation to read more like a guide rather than scattered notes. The repository includes implementation notes and workflows for getting started with ASM programs.
Project Details
The cheat sheet is available as a GitHub repository and has a demo site hosted at https://asm-cheatsheet.vercel.app/. The developer indicates they're open to expanding the resource based on community feedback and use cases.
📖 Read the full source: r/ClaudeAI
👀 See Also
Claude Code source code reportedly leaked via NPM map file
A tweet reports that Claude Code's source code has been leaked through a map file in their NPM registry. The HN discussion has 93 points and 35 comments.
FORGE: Open Source AI Security Testing Framework for LLM Systems
FORGE is an autonomous AI security testing framework that builds its own tools mid-run, self-replicates into a swarm, and covers OWASP LLM Top 10 vulnerabilities including prompt injection, jailbreak fuzzing, and RAG leakage.
Offline SBOM Verifier for OpenClaw Detects Poisoned Skills in Under 0.2 Seconds
A developer built an offline SBOM verification tool in Rust that caught a poisoned OpenClaw skill exfiltrating SSH keys, with verification completing in less than 0.2 seconds without internet access.
Google Says Criminal Hackers Used AI to Find Zero-Day Vulnerability
Google disclosed that attackers used an AI agent to discover and exploit a previously unknown software flaw, marking the first confirmed case of AI-driven zero-day discovery in the wild.