Red Teaming and Web Bug Bounty Fast Asset Identification Tool

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for arrester from gravatar.com arrester
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: arrester
  • Tags security , subdomain enumeration , bug bounty , red team , web security
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

🏄‍♂️ SubSurfer

Python Version License Version

SubSurfer is a fast and efficient subdomain enumeration and web property identification tool. alt text


🌟 Features

  • Red Team/Bug Bounty Support: Useful for both red team operations and web bug bounty projects
  • High-Performance Scanning: Fast subdomain enumeration using asynchronous and parallel processing
  • Port Scanning: Expand asset scanning range with customizable port selection
  • Web Service Identification: Gather environmental details such as web servers and technology stacks
  • Pipeline Integration: Supports integration with other tools using -pipeweb and -pipesub options
  • Modular Design: Can be imported and used as a Python module
  • Continuous Updates: - Continuous Updates: New passive/active modules will continue to be added

🚀 Installation

bash

git clone https://github.com/arrester/subsurfer.git
cd subsurfer

or

Python

pip install subsurfer

📖 Usage

CLI Mode

Basic Scan
subsurfer -t vulnweb.com

Enable Active Scanning
subsurfer -t vulnweb.com -a

Include Port Scanning
subsurfer -t vulnweb.com -dp # Default Port
subsurfer -t vulnweb.com -p 80,443,8080-8090 # Custom ports

Pipeline Output
subsurfer -t vulnweb.com -pipeweb # Output only web server
subsurfer -t vulnweb.com -pipesub # Output only subdomain results

Using as a Python Module

Subdomain Scan

from subsurfer.core.controller.controller import SubSurferController
import asyncio

async def main():
    controller = SubSurferController(
        target="vulnweb.com",
        verbose=1,
        active=False            # Active Scan Option
    )
    
    # Collect subdomains
    subdomains = await controller.collect_subdomains()
    
    # Print results
    print(f"Discovered Subdomains: {len(subdomains)}개")
    for subdomain in sorted(subdomains):
        print(subdomain)

if __name__ == "__main__":
    asyncio.run(main())

Port Scan

from subsurfer.core.controller.controller import SubSurferController
import asyncio

async def main():
    controller = SubSurferController(
        target="vulnweb.com",
        verbose=1
    )
    
    # Collect subdomains
    subdomains = await controller.collect_subdomains()
    
    # Default ports (80, 443)
    ports = None

    # Set port scan options
    # ports = controller.parse_ports()  # Default ports
    # Or specify custom ports
    # ports = controller.parse_ports("80,443,8080-8090")
    
    # Web service scanning
    web_services = await controller.scan_web_services(subdomains, ports)
    
    # Print web servers
    print("\n웹 서버:")
    for server in sorted(web_services['web_servers']):
        print(f"https://{server}")
    
    # Print active services
    print("\n활성화된 서비스:")
    for service in sorted(web_services['enabled_services']):
        print(service)
        
    # Print discovered URLs and ports
    print("\n발견된 URL:")
    for subdomain, urls in web_services['all_urls'].items():
        for url, port in urls:
            print(f"{url}:{port}")

if __name__ == "__main__":
    asyncio.run(main())

Result Save

from subsurfer.core.controller.controller import SubSurferController
import asyncio

async def main():
    controller = SubSurferController("vulnweb.com")
    
    # Collect subdomains and scan web services
    subdomains = await controller.collect_subdomains()
    web_services = await controller.scan_web_services(subdomains)
    
    # Save results
    results_dict = {
        'subdomains': subdomains,
        'web_services': web_services.get('web_services', {}),
        'web_servers': web_services.get('web_servers', set()),
        'enabled_services': web_services.get('enabled_services', set()),
        'all_urls': web_services.get('all_urls', {})  # Includes URL and port information
    }
    
    # Generate default result file path (stored in the "results" directory)
    output_path = controller.get_output_path()
    controller.save_results(results_dict, output_path)

if __name__ == "__main__":
    asyncio.run(main())

🧪 Testing

Passive Handler Test

pytest tests/handlers/test_passive_handler.py -v


Active Handler Test

pytest tests/handlers/test_active_handler.py -v


🗺️ To-Do List

Version 0.3

  • Add JSON output option
  • Add new passive modules
  • Additional etc feature updates

Version 0.4

  • Add new passive modules
  • Implement subdomain takeover detection

Version 0.5

  • Add new passive modules
  • Add new active modules

📋 Requirements

  • Recommended: Python 3.13.0 or later
  • aiohttp
  • rich
  • pytest (for testing)

📝 License

MIT License

🤝 Contributions

Bug Report, Feature Suggestions, Issue Report

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for arrester from gravatar.com arrester
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License
  • Author: arrester
  • Tags security , subdomain enumeration , bug bounty , red team , web security
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.0

This version

0.3.1

0.3

0.2.7

0.2.6

0.2.4

0.2.3

0.2.2

0.2

0.1.8

0.1.7

0.1.6

0.1.5

0.1.3

0.1.2

0.1.1

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

subsurfer-0.3.1.tar.gz (30.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

subsurfer-0.3.1-py3-none-any.whl (46.7 kB view details)

Uploaded Python 3

File details

Details for the file subsurfer-0.3.1.tar.gz.

File metadata

  • Download URL: subsurfer-0.3.1.tar.gz
  • Upload date:
  • Size: 30.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for subsurfer-0.3.1.tar.gz
Algorithm Hash digest
SHA256 7c382d0623bdb1146f691e3aab31cb33267acae3ffb7c398e1269c7f0d09134d
MD5 663124ac1db183dd3da30ca7ba4557fe
BLAKE2b-256 8a33f520ce64f6293c37b4d75a6b2c4224d6ec87082cd3c39bae44a096dfe3de

See more details on using hashes here.

Provenance

The following attestation bundles were made for subsurfer-0.3.1.tar.gz:

Publisher: publish.yml on arrester/SubSurfer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file subsurfer-0.3.1-py3-none-any.whl.

File metadata

  • Download URL: subsurfer-0.3.1-py3-none-any.whl
  • Upload date:
  • Size: 46.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for subsurfer-0.3.1-py3-none-any.whl
Algorithm Hash digest
SHA256 17b7e77ab9d60b984a319c0abed202a86581756ce9187a310553e8f5566ca7f4
MD5 bbab1d816c9593f453c57fe0fc63ab43
BLAKE2b-256 03bea8f682b48d90c4d15db6d8d5f4ceff87184d593ca3748b0298be6fffdb91

See more details on using hashes here.

Provenance

The following attestation bundles were made for subsurfer-0.3.1-py3-none-any.whl:

Publisher: publish.yml on arrester/SubSurfer

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page