AttackSurfaceMapper automates the reconnaissance process by expanding and analyzing the attack surface of target domains, subdomains, and IPs using OSINT and active techniques.
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
This tool is primarily used by security professionals and penetration testers to perform comprehensive reconnaissance on target networks, identifying potential vulnerabilities and attack vectors. It automates the discovery of subdomains, related IPs, and gathers passive intelligence such as screenshots, breach data, and employee information to aid in vulnerability management.
For enhanced data collection, users should obtain and configure API keys for supported services. The tool supports both passive and active reconnaissance modes; using active modules may increase detection risk. It is compatible with Linux, macOS, Windows, and ChromeOS (Developer Mode). Users should ensure Python 3 is installed and dependencies are met before running.
git clone https://github.com/superhedgy/AttackSurfaceMapper
cd AttackSurfaceMapper
python3 -m pip install --no-cache-dir -r requirements.txt
Register and obtain API keys from VirusTotal, Shodan.io, Hunter.io, LinkedIn, GrayHatWarfare, and Censys.io
Edit the keylist.asm file to add the obtained API keyspython3 asm.py -t your_site.com -ln -w resources/top100_sublist.txt -o demo_run
Run AttackSurfaceMapper against a single target domain with a subdomain wordlist, enabling LinkedIn scraping and outputting results to 'demo_run'.
python3 asm.py -h
Display the help page with all available command line options.