What is the Relative Attack Surface Quotient (RSQ)?

RSQ is a weighted formula used within this skill to quantify an organization's exposure based on open services, vulnerabilities, and technology age.

Can I scan multiple domains at once?

Yes, the implementation supports multi-domain enumeration from files, allowing for large-scale enterprise attack surface mapping.

Does this require API keys?

Yes, you will need active Shodan and Censys API keys (free tiers are available) to leverage the full asset discovery functionality.

What tools does this skill use?

It integrates with Shodan, Censys, Subfinder, httpx, and Nuclei to provide a full reconnaissance and vulnerability discovery pipeline.

Is this skill for offensive or defensive use?

It is designed for both; defensive security teams use it for continuous monitoring, while offensive teams use it for authorized reconnaissance during assessments.

Attack Surface Management & EASM

Name: Attack Surface Management & EASM
Author: micsapp

bymicsapp

0•

Seguridad y Pruebas

Implements comprehensive external attack surface management to discover, fingerprint, and score the risk of internet-facing assets.

This skill provides a robust framework for building External Attack Surface Management (EASM) programs using industry-standard tools like Shodan, Censys, and ProjectDiscovery's suite. It automates the discovery of subdomains, service fingerprinting, and vulnerability scanning, while applying a weighted risk scoring algorithm based on OWASP principles. Ideal for security professionals and organizations needing continuous visibility into their digital footprint, this skill helps prioritize remediation efforts by quantifying exposure through the Relative Attack Surface Quotient (RSQ).

Características Principales

01Targeted vulnerability scanning with Nuclei templates and severity filtering

020 GitHub stars

03Global asset discovery through Shodan and Censys API integration

04Advanced risk scoring based on OWASP and Relative Attack Surface Quotient (RSQ)

05Deep service fingerprinting and technology detection with httpx

06Multi-source subdomain enumeration using Subfinder and OWASP Amass

Casos de Uso

01Identifying and scoring shadow IT assets to prioritize security remediation

02Establishing a continuous monitoring program for organizational internet exposure

03Performing authorized reconnaissance during the initial phase of penetration testing

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-attack-surface-management

For use in Claude.ai and ChatGPT

Características Principales

01Targeted vulnerability scanning with Nuclei templates and severity filtering

020 GitHub stars

03Global asset discovery through Shodan and Censys API integration

04Advanced risk scoring based on OWASP and Relative Attack Surface Quotient (RSQ)

05Deep service fingerprinting and technology detection with httpx

06Multi-source subdomain enumeration using Subfinder and OWASP Amass

Casos de Uso

01Identifying and scoring shadow IT assets to prioritize security remediation

02Establishing a continuous monitoring program for organizational internet exposure

03Performing authorized reconnaissance during the initial phase of penetration testing

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills implementing-attack-surface-management

For use in Claude.ai and ChatGPT