diff --git a/Attack Surface Mapper/README.md b/Attack Surface Mapper/README.md new file mode 100644 index 0000000..ed74cb8 --- /dev/null +++ b/Attack Surface Mapper/README.md @@ -0,0 +1,91 @@ +# Attack Surface Mapper + +A comprehensive Python-based OSINT reconnaissance platform that combines Google Search API, GitHub leak detection, subdomain enumeration, port scanning, and intelligent correlation analysis to identify an organization's complete attack surface. + +## Overview + +**Attack Surface Mapper** automates professional security reconnaissance by discovering exposure patterns that traditional scanners miss. It performs deep reconnaissance on target domains without direct interaction with internal systems, making it fully external and ethical OSINT-driven - perfect for VAPT engagements, bug bounty hunting, and security audits. + +## Key Features + +### 1. Google Search API Reconnaissance +- Intelligent Google dorking through official API +- Detects admin panels, login pages, and debug interfaces +- Identifies exposed files (PDF, DOCX, SQL, ENV, LOG) +- Finds publicly indexed API documentation +- Discovers cloud storage misconfigurations (AWS S3, Azure Blob, GCS) + +### 2. GitHub API Secret & Leak Scanner +- Scans public repositories for sensitive information +- Detects hardcoded credentials and API keys +- Pattern-based detection for 15+ secret types +- Analyzes commit history for leaked secrets + +### 3. Subdomain Enumeration +- Certificate Transparency log queries (crt.sh) +- DNS brute-force on common subdomains +- Wildcard DNS detection +- Intelligent categorization by purpose + +### 4. Port Scanner +- Multi-threaded concurrent scanning +- 24+ common service ports detection +- Service identification and banner grabbing + +### 5. Correlation Engine +- Merges findings from all reconnaissance sources +- Identifies critical combinations +- Intelligent risk scoring (0-100) + +## Installation + +```bash +git clone https://github.com/LingeshwarKulal/attack-surface-mapper.git +cd attack-surface-mapper +pip install -r requirements.txt +cp .env.example .env +# Edit .env with your API credentials +``` + +## Usage + +```bash +# Basic scan +python src/main.py -t example.com + +# Complete reconnaissance +python src/main.py -t example.com --with-subdomains --with-portscan --html-report + +# Subdomain enumeration only +python src/main.py -t example.com --with-subdomains --skip-google --skip-github +``` + +## Use Cases + +- **VAPT Engagements**: Initial reconnaissance phase +- **Bug Bounty Hunting**: Asset discovery and exposure detection +- **Red Team Operations**: External attack surface mapping +- **Security Audits**: Identifying public data leaks +- **Continuous Monitoring**: Regular security posture assessment + +## Requirements + +- Python 3.8 or higher +- Google Custom Search API key and CSE ID +- GitHub Personal Access Token + +## Author + +**Lingeshwar Kulal** - [@LingeshwarKulal](https://github.com/LingeshwarKulal) + +## License + +MIT License - See LICENSE file for details + +## Disclaimer + +This tool is provided for educational and authorized security testing purposes only. Always ensure you have explicit authorization before scanning any target. + +--- + +For the complete source code and documentation, visit: [attack-surface-mapper](https://github.com/LingeshwarKulal/attack-surface-mapper) diff --git a/Attack Surface Mapper/main.py b/Attack Surface Mapper/main.py new file mode 100644 index 0000000..078ad7a --- /dev/null +++ b/Attack Surface Mapper/main.py @@ -0,0 +1,147 @@ +#!/usr/bin/env python3 +""" +Attack Surface Mapper - OSINT Reconnaissance Tool + +A comprehensive Python-based OSINT reconnaissance platform that combines: +- Google Search API reconnaissance +- GitHub leak detection +- Subdomain enumeration +- Port scanning +- Intelligent correlation analysis + +Author: Lingeshwar Kulal (@LingeshwarKulal) +Repositor: https://github.com/LingeshwarKulal/attack-surface-mapper +""" + +import sys +import argparse +from typing import Optional + +def main(): + """ + Main entry point for Attack Surface Mapper + """ + parser = argparse.ArgumentParser( + description='Attack Surface Mapper - OSINT Reconnaissance Tool', + formatter_class=argparse.RawDescriptionHelpFormatter, + epilog=""" +Examples: + # Basic scan + python main.py -t example.com + + # Complete reconnaissance with all features + python main.py -t example.com --with-subdomains --with-portscan --html-report + + # Subdomain enumeration only + python main.py -t example.com --with-subdomains --skip-google --skip-github + + # Quick scan (skip rate-limited APIs) + python main.py -t example.com --skip-google --with-subdomains --html-report + """ + ) + + # Required arguments + parser.add_argument( + '-t', '--target', + required=True, + help='Target domain (e.g., example.com)' + ) + + # Optional arguments + parser.add_argument( + '-c', '--config', + help='Path to configuration file' + ) + parser.add_argument( + '-o', '--output', + default='output/', + help='Output directory (default: output/)' + ) + parser.add_argument( + '-v', '--verbose', + action='store_true', + help='Enable verbose logging' + ) + + # Scan control flags + parser.add_argument( + '--skip-google', + action='store_true', + help='Skip Google dorking' + ) + parser.add_argument( + '--skip-github', + action='store_true', + help='Skip GitHub scanning' + ) + parser.add_argument( + '--google-only', + action='store_true', + help='Run only Google dorking' + ) + parser.add_argument( + '--github-only', + action='store_true', + help='Run only GitHub scanning' + ) + + # New features + parser.add_argument( + '--with-subdomains', + action='store_true', + help='Enable subdomain enumeration' + ) + parser.add_argument( + '--with-portscan', + action='store_true', + help='Enable port scanning' + ) + parser.add_argument( + '--html-report', + action='store_true', + help='Generate beautiful HTML report' + ) + + args = parser.parse_args() + + print(f""" +╔═══════════════════════════════════════════════╗ +║ Attack Surface Mapper - OSINT Tool ║ +║ v1.0 - By Lingeshwar Kulal ║ +╚═══════════════════════════════════════════════╝ + +Target Domain: {args.target} +Verbose Mode: {'Enabled' if args.verbose else 'Disabled'} +Output Directory: {args.output} + +Reconnaissance Modules: + - Google Dorking: {'Enabled' if not args.skip_google and not args.github_only else 'Disabled'} + - GitHub Scanning: {'Enabled' if not args.skip_github and not args.google_only else 'Disabled'} + - Subdomain Enumeration: {'Enabled' if args.with_subdomains else 'Disabled'} + - Port Scanning: {'Enabled' if args.with_portscan else 'Disabled'} + - HTML Report: {'Enabled' if args.html_report else 'Disabled'} + +Starting reconnaissance on {args.target}... + """) + + # Import the actual reconnaissance modules + try: + print("[*] Initializing reconnaissance modules...") + print("[+] For full functionality, clone the complete repository from:") + print(" https://github.com/LingeshwarKulal/attack-surface-mapper") + print("\n[*] This is a demonstration entry point.") + print("[*] The full implementation includes:") + print(" - Google Custom Search API integration") + print(" - GitHub API secret scanning") + print(" - Certificate Transparency enumeration") + print(" - Multi-threaded port scanning") + print(" - Intelligent correlation analysis") + print(" - Beautiful HTML report generation") + + return 0 + except Exception as e: + print(f"[!] Error: {str(e)}", file=sys.stderr) + return 1 + +if __name__ == '__main__': + sys.exit(main()) diff --git a/Attack Surface Mapper/requirements.txt b/Attack Surface Mapper/requirements.txt new file mode 100644 index 0000000..c3fcaa7 --- /dev/null +++ b/Attack Surface Mapper/requirements.txt @@ -0,0 +1,40 @@ +# Attack Surface Mapper - Dependencies +# Python-based OSINT Reconnaissance Tool + +# Core Dependencies +requests==2.31.0 +click==8.1.7 +colorama==0.4.6 + +# API and Web Scraping +bs4==4.12.2 +lxml==4.9.3 +selenium==4.13.0 + +# DNS and Networking +dnspython==2.4.2 +nmap==0.0.1 +python-nmap==0.0.1 + +# Data Processing +pandas==2.0.3 +numpy==1.24.3 + +# Security and Cryptography +cryptography==41.0.3 + +# Database (optional) +sqlalchemy==2.0.21 + +# Testing +pytest==7.4.0 +pytest-cov==4.1.0 + +# Documentation +sphinx==7.2.6 + +# Development +black==23.9.1 +flake8==6.0.0 +pylint==2.17.5 +mypy==1.5.1