Skip to content
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
Python Assembly
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.
modules false positive errors Feb 19, 2020
resources Initial Commit Aug 9, 2019
.gitignore Lint (#16) Sep 12, 2019
LICENSE Initial Commit Aug 9, 2019 Update Feb 20, 2020 false positive errors Feb 19, 2020
keylist.asm Create keylist.asm Feb 19, 2020
requirements.txt selenium duplicate removed Sep 13, 2019

Python 3 GitHub GitHub last commit

Attack Surface Mapper Logo


Attack Surface Mapper is a reconnaissance tool that uses a mixture of open source intellgence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets. It enumerates subdomains with bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.

Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of websites, generating visual maps, looking up credentials in public breaches, passive port scanning with Shodan and scraping employees from LinkedIn.




As this is a Python based tool, it should theoretically run on Linux, ChromeOS (Developer Mode), macOS and Windows.

[1] Download AttackSurfaceMapper

$ git clone

[2] Install Python dependencies

$ cd AttackSurfaceMapper
$ python3 -m pip install --no-cache-dir -r requirements.txt

[3] Add optional API keys to enable more data gathering

Register and obtain an API key from:

Edit and enter the keys in keylist file

$ nano keylist.asm

Example run command

$ python3 -t -ln -w resources/top100_sublist.txt -o demo_run

Optional Parameters

Additional optional parameters can also be set to choose to include active reconnaissance modules in addition to the default passive modules.

|<------ AttackSurfaceMapper - Help Page ------>|

positional arguments:
  targets               Sets the path of the target IPs file.

optional arguments:
  -h, --help            show this help message and exit
  -f FORMAT, --format FORMAT
                        Choose between CSV and TXT output file formats.
  -o OUTPUT, --output OUTPUT
                        Sets the path of the output file.
  -sc, --screen-capture
                        Capture a screen shot of any associated Web Applications.
  -sth, --stealth       Passive mode allows reconaissaince using OSINT techniques only.
  -t TARGET, --target TARGET
                        Set a single target IP.
  -V, --version         Displays the current version.
  -w WORDLIST, --wordlist WORDLIST
                        Specify a list of subdomains.
  -sw SUBWORDLIST, --subwordlist SUBWORDLIST
                        Specify a list of child subdomains.
  -e, --expand          Expand the target list recursively.
  -ln, --linkedinner    Extracts emails and employees details from linkedin.
  -v, --verbose         Verbose ouput in the terminal window.

Authors: Andreas Georgiou (@superhedgy)
	 Jacob Wilkin (@greenwolf)



  • Thanks to [Your Name Could Be Here, Come Help Out!] for contributions to the project.
You can’t perform that action at this time.