Nextron-Labs

Nextron-Labs / surface-watch

Public

surface-watch monitors the authorized external attack surface of an organization over time

attack monitoring network scanning security-tools
43
3
100% credibility
Found May 05, 2026 at 43 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

surface-watch monitors changes to an organization's authorized external internet exposure by discovering hosts from domains and IPs, scanning open ports, storing scan history, detecting differences, and sending notifications.

How It Works

1
🔍 Discover the Tool

You hear about surface-watch, a helpful watcher for keeping an eye on your organization's online spots that are visible to the world.

2
⚙️ Set Up Your Watch

You prepare the tool by creating a simple setup file and listing your main websites and addresses to monitor.

3
🌐 Find All Your Spots

Run a discovery to automatically find all related web addresses and servers under your domains.

4
👀 Review Your List

Check the discovered list, remove anything you don't own or aren't allowed to scan, and feel confident about your scope.

5
🛡️ Run Your First Check

Launch the first full scan to create a baseline of what's open and reachable from the outside.

6
🔔 Connect Alerts

Link it to your team chat like Slack or Discord so changes get sent right to you.

7
Schedule Regular Watches

Set it to check automatically every hour or day using your computer's scheduler.

Stay Secure

Now you get grouped alerts on new exposures, closed doors, or service changes, keeping your online surface safe over time.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 43 to 43 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is surface-watch?

surface-watch is a Python CLI tool that monitors the authorized external attack surface of an organization over time. It discovers targets from root domains, explicit hosts, and IPs, plus optional passive sources like DNSDumpster, Chaos, and OTX; runs nmap TCP port scans; stores full history in SQLite; detects changes like new hosts, open ports, or service shifts; and sends grouped webhook alerts to Slack, Teams, or Discord. Run it via simple commands like `surface-watch init`, `discover`, `scan`, or `show-changes` for baseline tracking without a web UI.

Why is it gaining traction?

It stands out with quiet passive discovery to avoid noisy brute-forcing, full 1-65535 TCP scans for reliable baselines, and smart change grouping that cuts notification noise—focusing on high-severity drifts like risky ports (e.g., 3389 RDP). Developers hook it into cron or systemd timers for hands-off monitoring, getting historical diffs and risk-based severity without exploit tools or UDP noise.

Who should use this?

Security engineers at mid-sized orgs tracking external exposures on owned domains; red teamers baselining authorized scopes before engagements; DevOps leads watching for surprise CDNs, SaaS subdomains, or forgotten services that pop up in passive DNS.

Verdict

Grab it if you need free, scheduled attack surface monitoring—docs are solid for quick setup, and Python keeps it lightweight. At 43 stars and 1.0% credibility, it's early-stage with no tests visible; prototype for personal use, but validate thoroughly before production.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.