This repository contains scripts and other tools that can be used with ThreadFix.
Script that pulls vulnerability data via the ThreadFix API and puts it into a CSV file.
Scripts that track domains to identify associated hostnames so those can be pushed to ThreadFix as new Applications to bring under management.
This contains some scripts that can help organizations identify their software attack surface.
Unfinished scritps that look at splitting results from WhiteHat security DAST testing into multiple ThreadFix applications.
Various scripts that calculate web application attack surface as well as the differences betweeen web application attack surfaces between versions of the applications.