AttackSurfaceMapper is a reconnaissance tool which allows the user to automatically expand the attack surface of the target. The attack surface is the number of different points from which an attacker can enter a private network. This tool allows the attacker to use public breaches, search engines and online networking sites to access employee data and possibly credentials.
AttackSurfaceMapper: Attack Surface Expander
After defining a target, AttackSurfaceMapper will use numerous techniques to find related targets such as subdomains and IP addresses. Once the target list has been fully explored, AttackSurfaceMapper will begin to implement reconnaissance techniques on the target by taking screenshots of the target, generating visual maps and looking up credentials in public data breaches.
- Find potential targets who are related to the original target.
- Passive port scanning with Shodan
- Use LinkedIn to find employees of the target organization
- Linux, ChromeOS, MacOS, Windows
- Python 3+
Clone the GitHub repo:
$ git clone https://github.com/superhedgy/AttackSurfaceMapper
Navigate to the working directory and install the requirements:
$ cd AttackSurfaceMapper $ python3 -m pip install --no-cache-dir -r requirements.txt
Enter the following command to list available option/commands:
$ python3 asm.py -h
usage: asm.py [-h] [-f FORMAT] [-o OUTPUT] [-sc] [-sth] [-t TARGET] [-V] [-w WORDLIST] [-sw SUBWORDLIST] [-e] [-ln] [-v] [targets] |<------ AttackSurfaceMapper - Help Page ------>| positional arguments: targets Sets the path of the target IPs file. optional arguments: -h, --help show this help message and exit -f FORMAT, --format FORMAT Choose between CSV and TXT output file formats. -o OUTPUT, --output OUTPUT Sets the path of the output file. -sc, --screen-capture Capture a screen shot of any associated Web Applications. -sth, --stealth Passive mode allows reconaissaince using OSINT techniques only. -t TARGET, --target TARGET Set a single target IP. -V, --version Displays the current version. -w WORDLIST, --wordlist WORDLIST Specify a list of subdomains. -sw SUBWORDLIST, --subwordlist SUBWORDLIST Specify a list of child subdomains. -e, --expand Expand the target list recursively. -ln, --linkedinner Extracts emails and employees details from linkedin. -v, --verbose Verbose ouput in the terminal window. Authors: Andreas Georgiou (@superhedgy) Jacob Wilkin (@greenwolf)
$ python3 asm.py -t your.site.com -ln -w resources/top100_sublist.txt -o demo_run
Check out the demo below.