AttackSurfaceMapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target.
You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.
Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of websites, generating visual maps, looking up credentials in public breaches, passive port scanning with Shodan and scraping employees from LinkedIn.
Setup
As this is a Python based tool, it should theoretically run on Linux, ChromeOS (Developer Mode), macOS and Windows.
[1] Download AttackSurfaceMapper
$ git clone https://github.com/superhedgy/AttackSurfaceMapper
[2] Install Python dependencies
$ cd AttackSurfaceMapper
$ python3 -m pip install –no-cache-dir -r requirements.txt
[3] Add optional API keys to enable more data gathering
Register and obtain an API key from:
Edit and enter the keys in keylist file
$ nano keylist.asm
Example Run Command
$ python3 asm.py -t your.site.com -ln -w resources/top100_sublist.txt -o demo_run
Also Read – Most Important Security Tips to Protect Your Website From Hackers
Optional Parameters
Additional optional parameters can also be set to choose to include active reconnaissance modules in addition to the default passive modules.
Demo
Credit: Andreas Georgiou & Jacob Wilkin
Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…
Docker is an open-source platform that lets you package and run applications inside containers. Each container…
PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…
Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…
Apache Tomcat is an open-source web server and Java servlet container. It is one of the…
Keeping your Ubuntu system updated is one of the best ways to protect it. Security…