superhedgy / Attacksurfacemapper
Licence: gpl-3.0
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Stars: ✭ 702
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Attacksurfacemapper
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+880.34%)
Mutual labels: osint, reconnaissance
Favfreak
Making Favicon.ico based Recon Great again !
Stars: ✭ 564 (-19.66%)
Mutual labels: osint, reconnaissance
Maryam
Maryam: Open-source Intelligence(OSINT) Framework
Stars: ✭ 371 (-47.15%)
Mutual labels: osint, reconnaissance
Git Hound
Reconnaissance tool for GitHub code search. Finds exposed API keys using pattern matching, commit history searching, and a unique result scoring system.
Stars: ✭ 602 (-14.25%)
Mutual labels: osint, reconnaissance
Witnessme
Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to make life easier.
Stars: ✭ 436 (-37.89%)
Mutual labels: osint, reconnaissance
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+383.05%)
Mutual labels: osint, reconnaissance
Gasmask
Information gathering tool - OSINT
Stars: ✭ 518 (-26.21%)
Mutual labels: osint, reconnaissance
Theharvester
E-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+779.63%)
Mutual labels: osint, reconnaissance
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (-39.17%)
Mutual labels: osint, reconnaissance
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (-22.93%)
Mutual labels: osint, reconnaissance
Operative Framework
operative framework is a OSINT investigation framework, you can interact with multiple targets, execute multiple modules, create links with target, export rapport to PDF file, add note to target or results, interact with RESTFul API, write your own modules.
Stars: ✭ 511 (-27.21%)
Mutual labels: linkedin, osint
The Endorser
An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
Stars: ✭ 269 (-61.68%)
Mutual labels: linkedin, osint
quick-recon.py
Do some quick reconnaissance on a domain-based web-application
Stars: ✭ 13 (-98.15%)
Mutual labels: osint, reconnaissance
Phoneinfoga
PhoneInfoga is one of the most advanced tools to scan international phone numbers using only free resources. It allows you to first gather standard information such as country, area, carrier and line type on any international phone number. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.
Stars: ✭ 5,927 (+744.3%)
Mutual labels: osint, reconnaissance
DaProfiler
DaProfiler allows you to create a profile on your target based in France only. The particularity of this program is its ability to find the e-mail addresses your target.
Stars: ✭ 58 (-91.74%)
Mutual labels: osint, reconnaissance
Odin
Automated network asset, email, and social media profile discovery and cataloguing.
Stars: ✭ 476 (-32.19%)
Mutual labels: osint, reconnaissance
AttackSurfaceMapper
AttackSurfaceMapper (ASM) is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.
Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of websites, generating visual maps, looking up credentials in public breaches, passive port scanning with Shodan/Censys and scraping employees from LinkedIn.
Demo
Setup
As this is a Python based tool, it should theoretically run on Linux, ChromeOS (Developer Mode), macOS and Windows.
- Download AttackSurfaceMapper
git clone https://github.com/superhedgy/AttackSurfaceMapper
cd AttackSurfaceMapper
- Install Python dependencies
python3 -m pip install --no-cache-dir -r requirements.txt
- Add optional API keys to enhance data gathering & analysis
Register and obtain an API key from:
Edit and enter the keys in keylist file
nano keylist.asm
Usage
python asm.py -t your_site.com -ln -w resources/top100_sublist.txt -o demo_run
Optional Parameters
Additional optional parameters can also be set to choose to include active reconnaissance modules in addition to the default passive modules.
|<------ AttackSurfaceMapper - Help Page ------>|
positional arguments:
targets Sets the path of the target IPs file.
optional arguments:
-h, --help show this help message and exit
-f FORMAT, --format FORMAT
Choose between CSV and TXT output file formats.
-o OUTPUT, --output OUTPUT
Sets the path of the output file.
-sc, --screen-capture
Capture a screen shot of any associated Web Applications.
-sth, --stealth Passive mode allows reconnaissance using OSINT techniques only.
-t TARGET, --target TARGET
Set a single target IP.
-V, --version Displays the current version.
-w WORDLIST, --wordlist WORDLIST
Specify a list of subdomains.
-sw SUBWORDLIST, --subwordlist SUBWORDLIST
Specify a list of child subdomains.
-e, --expand Expand the target list recursively.
-ln, --linkedinner Extracts emails and employees details from LinkedIn.
-d, --debug Enables debugging information.
-v, --verbose Verbose output in the terminal window.
Authors: Andreas Georgiou (@superhedgy)
Jacob Wilkin (@greenwolf)
Authors
Acknowledgments
- Thanks to Aidan Holland for adding the Censys module.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].