Skip to main content

Advanced Reconnaissance & Analysis Suite for cybersecurity professionals

Project description

⚡ SurfMap — Advanced Reconnaissance & Analysis Suite

SurfMap is a powerful, automation-driven reconnaissance framework designed for cybersecurity professionals, bug bounty hunters, and penetration testers. It automates the complete reconnaissance lifecycle — from asset discovery to parameter extraction — into a structured, efficient pipeline.

It integrates multiple industry-standard tools into a unified workflow, enabling deep attack surface mapping with minimal manual intervention.

➡️ Complete Installation Guide →


🚀 Overview

SurfMap performs end-to-end reconnaissance including:

  • Subdomain Enumeration
  • Live Host Discovery
  • URL Collection (Historical + Crawled)
  • JavaScript Analysis
  • Endpoint Extraction
  • Parameter Discovery
  • Result Aggregation
  • Automated Report Generation

✨ Features

🔍 Comprehensive Recon Pipeline
Covers the entire attack surface from domains to parameters.

⚡ Multi-Tool Integration
Uses best-in-class tools like subfinder, assetfinder, gau, katana, arjun, etc.

🧠 Smart Filtering
Removes invalid, duplicate, and out-of-scope data automatically.

🛡️ Interactive Interrupt Handling
Control execution flow during runtime (restart / skip / stop).

📊 Automated Reporting
Generates clean summaries with key metrics.

📁 Structured Output
Organizes results in a clean, per-target directory format.


🧱 Workflow

SurfMap follows a modular pipeline:

  1. Target Acquisition
  2. Subdomain Enumeration
  3. Live Host Discovery
  4. URL Collection
  5. JavaScript Analysis
  6. Parameter Discovery
  7. Results Aggregation
  8. Report Generation

Each stage enriches the dataset for the next.


⚙️ Requirements

Required Tools

  • subfinder
  • assetfinder
  • gau
  • waybackurls
  • katana
  • arjun
  • httpx-toolkit OR httprobe

Optional Tools (Recommended)

  • LinkFinder
  • JSParser
  • xnLinkFinder

Python

  • Python 3.7+

📦 Installation

Option 1: Install from PyPI (Recommended)

pip install surfmap

Then run:

surfmap -u example.com

Option 2: Install from Source

  1. Clone the repository:
git clone https://github.com/dev-Khrish/surfmap.git
cd surfmap
  1. Install the package in development mode:
pip install -e .
  1. Run SurfMap:
surfmap -u example.com

Required External Tools

Install these Go-based reconnaissance tools:

go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest  
go install github.com/tomnomnom/assetfinder@latest  
go install github.com/lc/gau/v2/cmd/gau@latest  
go install github.com/tomnomnom/waybackurls@latest  
go install github.com/projectdiscovery/katana/cmd/katana@latest  
go install github.com/projectdiscovery/httpx/cmd/httpx@latest  

Install Arjun (Python-based parameter discovery):

pip install arjun
  1. (Optional) Clone additional tools:

    ~/tools/LinkFinder
    ~/tools/JSParser


🧪 Usage

Basic Scan

surfmap -u example.com

Skip Subdomain Enumeration

surfmap -u example.com -skip-sub

Scan Multiple Targets

surfmap -f targets.txt

Exclude Domains

surfmap -u example.com -skip-u test.example.com
surfmap -f targets.txt -skip-f out_of_scope.txt

Display Help

surfmap -h

🎯 Command Line Options

Target Options (Required)

  • -u, --url
    Single target domain to scan (e.g., example.com)

  • -f, --file
    Text file containing multiple domains (one per line)

Filter Options

  • -skip-sub
    Skip subdomain enumeration and use target directly

  • -skip-u, --skip-url
    Exclude specific domain from results

  • -skip-f, --skip-file
    Text file with domains to exclude (one per line)

Miscellaneous

  • -h, --help
    Show help menu and exit

📁 Output Structure

recon/ example.com/ all_subs.txt alive_subs.txt plain_domains.txt all_urls.txt jsfiles.txt final_endpoints.txt endpoints_with_params.txt arjun_params.txt recon_summary_YYYYMMDD_HHMMSS.txt ...other intermediate files

For multiple targets:

recon/ targets_file_name/ target1/ target2/ mixed/


🔍 Module Breakdown

Subdomain Enumeration

Tools:

  • subfinder
  • assetfinder

Output:

  • all_subs.txt

Live Host Discovery

Tools:

  • httpx-toolkit / httprobe

Output:

  • alive_subs.txt
  • plain_domains.txt

URL Collection

Tools:

  • gau
  • waybackurls
  • katana

Output:

  • all_urls.txt

JavaScript Analysis

Tools:

  • LinkFinder
  • JSParser
  • xnLinkFinder

Output:

  • jsfiles.txt
  • extracted endpoints

Parameter Discovery

Tool:

  • arjun

Output:

  • arjun_params.txt

Aggregation

Output:

  • final_endpoints.txt
  • endpoints_with_params.txt

📊 Report Generation

Automatically generates:

recon_summary_.txt

Includes:

  • Target details
  • Scan duration
  • Subdomains discovered
  • Live hosts
  • URLs collected
  • JavaScript files
  • Endpoints
  • Parameters

⚠️ Interrupt Handling

Single Ctrl+C: → Opens interactive menu

Options:

c → Restart tool
n → Skip tool
s → Stop scan

Double Ctrl+C: → Force exit


🧹 Filtering & Exclusions

Supports:

  • Single domain exclusion (-skip-u)
  • File-based exclusion (-skip-f)

Applies filtering across all output files.


🔗 Aggregation Mode

For multi-target scans:

  • Individual results per target
  • Combined dataset in "mixed" directory

Useful for large-scale recon.


🧠 Design Philosophy

  • Automation-first
  • Maximum coverage
  • Clean output
  • Modular pipeline
  • Resilient execution

⚡ Example Workflow

  1. Run SurfMap
  2. Analyze endpoints_with_params.txt
  3. Feed into fuzzers (ffuf, Burp Suite, etc.)
  4. Identify vulnerabilities

🚧 Limitations

  • Requires external tools setup
  • Performance depends on system resources
  • Optional tools enhance coverage

🔮 Future Improvements

  • Parallel execution
  • GUI interface
  • Cloud recon support
  • Built-in vulnerability scanning

👨‍💻 Author

Created by: Khrish
Cybersecurity Specialist & VAPT Analyst


🚦 Versions

1.2.0

1.2.0 - Dependency setup flow refactor, Added setup mode and environment bootstrap, Removed forced reinstall flag

1.0.0

1.0.0 - Base Version
1.0.1 - Few Updates
1.0.2 - Added interactive c, s, n to Continue, Stop, Next 1.1.0 - Python Packaging Published


⚖️ Disclaimer

This tool is intended for authorized security testing and educational purposes only.

Do NOT use it against systems without permission.


🔐 Final Note

SurfMap is a complete reconnaissance framework built for serious security work.

Use it responsibly. Stay ethical. Stay secure.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

surfmap-1.2.1.tar.gz (18.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

surfmap-1.2.1-py3-none-any.whl (15.4 kB view details)

Uploaded Python 3

File details

Details for the file surfmap-1.2.1.tar.gz.

File metadata

  • Download URL: surfmap-1.2.1.tar.gz
  • Upload date:
  • Size: 18.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for surfmap-1.2.1.tar.gz
Algorithm Hash digest
SHA256 d46ccb8c2fd8dae7b1c16bbdb4f19fc754c7c93ab6520dbaa4e2e98a5f63bd39
MD5 b7131bc9f4266613b98990b410384ca8
BLAKE2b-256 3d9a3cfc13101c53a7628a9cbef9a6ace2ced384af89925b877782d2149d038d

See more details on using hashes here.

Provenance

The following attestation bundles were made for surfmap-1.2.1.tar.gz:

Publisher: publish.yml on Dev-Khrish/SurfMap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file surfmap-1.2.1-py3-none-any.whl.

File metadata

  • Download URL: surfmap-1.2.1-py3-none-any.whl
  • Upload date:
  • Size: 15.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for surfmap-1.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 0600ae60bead82d2b946a47430f42d06550a7afb084833d7b6f172eaa4eab6d7
MD5 3b15c7637b0233c532fae5ec71b88c90
BLAKE2b-256 8cf501aa8c830baf39c99b5351e3c3555f604b11c1fcbe2a881f55cd7fc047a2

See more details on using hashes here.

Provenance

The following attestation bundles were made for surfmap-1.2.1-py3-none-any.whl:

Publisher: publish.yml on Dev-Khrish/SurfMap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page