AttackSurfaceMapper – Expand Your Attack Surface

AttackSurfaceMapper is a reconnaissance tool that uses a mixture of open source intelligence and active techniques to expand the attack surface of your target. You feed in a mixture of one or more domains, subdomains and IP addresses and it uses numerous techniques to find more targets.

AttackSurfaceMapper - Automate Reconnaissance Tool
AttackSurfaceMapper – Automate Reconnaissance Tool

It enumerates subdomains with bruteforcing and passive lookups, Other IPs of the same network block owner, IPs that have multiple domain names pointing to them and so on.

Once the target list is fully expanded it performs passive reconnaissance on them, taking screenshots of websites, generating visual maps, looking up credentials in public breaches, passive port scanning with Shodan and scraping employees from LinkedIn.

You can add optional API keys to enable more data gathering. The current supported API keys are for:

  • VirusTotal
  • ShodanIO
  • HunterIO
  • WeLeakInfo
  • LinkedIn
  • GrayHatWarfare

Additional optional parameters can also be set to choose to include active reconnaissance modules in addition to the default passive modules. overall supported modules are for HostHunter , ScreenCapture , DNSdumpster , URLScanIO , LinkedInner , HunterIO Module , Shodan , VirusTotal , WeLeakInfo and SubHunter Module.

some of the modules are integrated without requirement to register and generate API key.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments