|
| 1 | +# Attack Surface Mapper |
| 2 | + |
| 3 | +A comprehensive Python-based OSINT reconnaissance platform that combines Google Search API, GitHub leak detection, subdomain enumeration, port scanning, and intelligent correlation analysis to identify an organization's complete attack surface. |
| 4 | + |
| 5 | +## Overview |
| 6 | + |
| 7 | +**Attack Surface Mapper** automates professional security reconnaissance by discovering exposure patterns that traditional scanners miss. It performs deep reconnaissance on target domains without direct interaction with internal systems, making it fully external and ethical OSINT-driven - perfect for VAPT engagements, bug bounty hunting, and security audits. |
| 8 | + |
| 9 | +## Key Features |
| 10 | + |
| 11 | +### 1. Google Search API Reconnaissance |
| 12 | +- Intelligent Google dorking through official API |
| 13 | +- Detects admin panels, login pages, and debug interfaces |
| 14 | +- Identifies exposed files (PDF, DOCX, SQL, ENV, LOG) |
| 15 | +- Finds publicly indexed API documentation |
| 16 | +- Discovers cloud storage misconfigurations (AWS S3, Azure Blob, GCS) |
| 17 | + |
| 18 | +### 2. GitHub API Secret & Leak Scanner |
| 19 | +- Scans public repositories for sensitive information |
| 20 | +- Detects hardcoded credentials and API keys |
| 21 | +- Pattern-based detection for 15+ secret types |
| 22 | +- Analyzes commit history for leaked secrets |
| 23 | + |
| 24 | +### 3. Subdomain Enumeration |
| 25 | +- Certificate Transparency log queries (crt.sh) |
| 26 | +- DNS brute-force on common subdomains |
| 27 | +- Wildcard DNS detection |
| 28 | +- Intelligent categorization by purpose |
| 29 | + |
| 30 | +### 4. Port Scanner |
| 31 | +- Multi-threaded concurrent scanning |
| 32 | +- 24+ common service ports detection |
| 33 | +- Service identification and banner grabbing |
| 34 | + |
| 35 | +### 5. Correlation Engine |
| 36 | +- Merges findings from all reconnaissance sources |
| 37 | +- Identifies critical combinations |
| 38 | +- Intelligent risk scoring (0-100) |
| 39 | + |
| 40 | +## Installation |
| 41 | + |
| 42 | +```bash |
| 43 | +git clone https://github.com/LingeshwarKulal/attack-surface-mapper.git |
| 44 | +cd attack-surface-mapper |
| 45 | +pip install -r requirements.txt |
| 46 | +cp .env.example .env |
| 47 | +# Edit .env with your API credentials |
| 48 | +``` |
| 49 | + |
| 50 | +## Usage |
| 51 | + |
| 52 | +```bash |
| 53 | +# Basic scan |
| 54 | +python src/main.py -t example.com |
| 55 | + |
| 56 | +# Complete reconnaissance |
| 57 | +python src/main.py -t example.com --with-subdomains --with-portscan --html-report |
| 58 | + |
| 59 | +# Subdomain enumeration only |
| 60 | +python src/main.py -t example.com --with-subdomains --skip-google --skip-github |
| 61 | +``` |
| 62 | + |
| 63 | +## Use Cases |
| 64 | + |
| 65 | +- **VAPT Engagements**: Initial reconnaissance phase |
| 66 | +- **Bug Bounty Hunting**: Asset discovery and exposure detection |
| 67 | +- **Red Team Operations**: External attack surface mapping |
| 68 | +- **Security Audits**: Identifying public data leaks |
| 69 | +- **Continuous Monitoring**: Regular security posture assessment |
| 70 | + |
| 71 | +## Requirements |
| 72 | + |
| 73 | +- Python 3.8 or higher |
| 74 | +- Google Custom Search API key and CSE ID |
| 75 | +- GitHub Personal Access Token |
| 76 | + |
| 77 | +## Author |
| 78 | + |
| 79 | +**Lingeshwar Kulal** - [@LingeshwarKulal](https://github.com/LingeshwarKulal) |
| 80 | + |
| 81 | +## License |
| 82 | + |
| 83 | +MIT License - See LICENSE file for details |
| 84 | + |
| 85 | +## Disclaimer |
| 86 | + |
| 87 | +This tool is provided for educational and authorized security testing purposes only. Always ensure you have explicit authorization before scanning any target. |
| 88 | + |
| 89 | +--- |
| 90 | + |
| 91 | +For the complete source code and documentation, visit: [attack-surface-mapper](https://github.com/LingeshwarKulal/attack-surface-mapper) |
0 commit comments