0

AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

Official Site
Github repo
Main metrics

Github stars Tracking Chart

alt text
GitHub
GitHub last commit

Attack Surface Mapper Logo

AttackSurfaceMapper

Attack Surface Mapper is a reconaissaince tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.

Once the target list is fully expanded it performs passive reconissence on them, taking screenshots of websites, generating visual maps, looking up credentials in public breaches, passive port scanning with Shodan and scraping employees from LinkedIn.

Demo

Alt text

Getting Started

These instructions will show you the requirements for and how to use Attack Surface Mapper.

Setup

As this is a Python based tool, it should theoretically run on Linux, ChromeOS (Developer Mode), macOS and Windows.

[1] Download AttackSurfaceMapper

$ git clone https://github.com/superhedgy/AttackSurfaceMapper

[2] Install Python dependencies

$ cd AttackSurfaceMapper
$ python3 -m pip install --no-cache-dir -r requirements.txt

[3] Add optional API keys to enable more data gathering

$ nano keylist.asm

Optional Parameters

Additional optional parameters can also be set to choose to include active reconnaissance modules in addition to the default passive modules.

  targets               Sets the path of the target IPs file.

optional arguments:
  -h, --help            show this help message and exit
  -f FORMAT, --format FORMAT
                        Choose between CSV and TXT output file formats.
  -o OUTPUT, --output OUTPUT
                        Sets the path of the output file.
  -sc, --screen-capture
                        Capture a screen shot of any associated Web Applications.
  -sth, --stealth       Passive mode allows reconaissaince using OSINT techniques only.
  -t TARGET, --target TARGET
                        Set a single target IP.
  -V, --version         Displays the current version.
  -w WORDLIST, --wordlist WORDLIST
                        Specify a list of subdomains.
  -sw SUBWORDLIST, --subwordlist SUBWORDLIST
                        Specify a list of child subdomains.
  -e, --expand          Expand the target list recursively.
  -ln, --linkedinner    Extracts emails and employees details from linkedin.
  -v, --verbose         Verbose ouput in the terminal window.

Authors: Andreas Georgiou (@superhedgy)
	 Jacob Wilkin (@greenwolf)

Example run command

$ python3 ASM.py -t your.site.com -ln -w resources/top100_sublist.txt -o demo_run

Authors

Acknowledgments

  • Thanks to [Your Name Could Be Here, Come Help Out!] for contributions to the project.

Main metrics

Overview
Name With Ownersuperhedgy/AttackSurfaceMapper
Primary LanguagePython
Program languagePython (Language Count: 2)
Platform
License:GNU General Public License v3.0
所有者活动
Created At2019-08-07 14:32:53
Pushed At2024-04-08 16:13:24
Last Commit At2023-09-11 06:26:53
Release Count1
Last Release Namev1.1 (Posted on 2020-02-19 20:28:23)
First Release Namev1.1 (Posted on 2020-02-19 20:28:23)
用户参与
Stargazers Count1.4k
Watchers Count46
Fork Count197
Commits Count47
Has Issues Enabled
Issues Count30
Issue Open Count5
Pull Requests Count12
Pull Requests Open Count2
Pull Requests Close Count3
项目设置
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private