AttackSurfaceMapper : Tool That Aims To Automate The Reconnaissance Process

AttackSurfaceMapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target.

You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.

Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of websites, generating visual maps, looking up credentials in public breaches, passive port scanning with Shodan and scraping employees from LinkedIn.

Setup

As this is a Python based tool, it should theoretically run on Linux, ChromeOS (Developer Mode), macOS and Windows.

[1] Download AttackSurfaceMapper

$ git clone https://github.com/superhedgy/AttackSurfaceMapper

[2] Install Python dependencies

$ cd AttackSurfaceMapper
$ python3 -m pip install –no-cache-dir -r requirements.txt

[3] Add optional API keys to enable more data gathering

Register and obtain an API key from:

Edit and enter the keys in keylist file

$ nano keylist.asm

Example Run Command

$ python3 asm.py -t your.site.com -ln -w resources/top100_sublist.txt -o demo_run

Also Read – Most Important Security Tips to Protect Your Website From Hackers

Optional Parameters

Additional optional parameters can also be set to choose to include active reconnaissance modules in addition to the default passive modules.

Demo

Credit: Andreas Georgiou & Jacob Wilkin

R K

Recent Posts

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

11 hours ago

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

22 hours ago

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

2 weeks ago