Skip to main content

Advanced Reconnaissance & Analysis Suite for cybersecurity professionals

Project description

⚡ SurfMap — Advanced Reconnaissance & Analysis Suite

SurfMap is a powerful, automation-driven reconnaissance framework designed for cybersecurity professionals, bug bounty hunters, and penetration testers. It automates the complete reconnaissance lifecycle — from asset discovery to parameter extraction — into a structured, efficient pipeline.

It integrates multiple industry-standard tools into a unified workflow, enabling deep attack surface mapping with minimal manual intervention.

➡️ Complete Installation Guide →


🚀 Overview

SurfMap performs end-to-end reconnaissance including:

  • Subdomain Enumeration
  • Live Host Discovery
  • URL Collection (Historical + Crawled)
  • JavaScript Analysis
  • Endpoint Extraction
  • Parameter Discovery
  • Result Aggregation
  • Automated Report Generation

✨ Features

🔍 Comprehensive Recon Pipeline
Covers the entire attack surface from domains to parameters.

⚡ Multi-Tool Integration
Uses best-in-class tools like subfinder, assetfinder, gau, katana, arjun, etc.

🧠 Smart Filtering
Removes invalid, duplicate, and out-of-scope data automatically.

🛡️ Interactive Interrupt Handling
Control execution flow during runtime (restart / skip / stop).

📊 Automated Reporting
Generates clean summaries with key metrics.

📁 Structured Output
Organizes results in a clean, per-target directory format.


🧱 Workflow

SurfMap follows a modular pipeline:

  1. Target Acquisition
  2. Subdomain Enumeration
  3. Live Host Discovery
  4. URL Collection
  5. JavaScript Analysis
  6. Parameter Discovery
  7. Results Aggregation
  8. Report Generation

Each stage enriches the dataset for the next.


⚙️ Requirements

Required Tools

  • subfinder
  • assetfinder
  • gau
  • waybackurls
  • katana
  • arjun
  • httpx-toolkit OR httprobe

Optional Tools (Recommended)

  • LinkFinder
  • JSParser
  • xnLinkFinder

Python

  • Python 3.7+

📦 Installation

Option 1: Install from PyPI (Recommended)

pip install surfmap

Then run:

surfmap -u example.com

Option 2: Install from Source

  1. Clone the repository:
git clone https://github.com/dev-Khrish/surfmap.git
cd surfmap
  1. Install the package in development mode:
pip install -e .
  1. Run SurfMap:
surfmap -u example.com

Required External Tools

Install these Go-based reconnaissance tools:

go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest  
go install github.com/tomnomnom/assetfinder@latest  
go install github.com/lc/gau/v2/cmd/gau@latest  
go install github.com/tomnomnom/waybackurls@latest  
go install github.com/projectdiscovery/katana/cmd/katana@latest  
go install github.com/projectdiscovery/httpx/cmd/httpx@latest  

Install Arjun (Python-based parameter discovery):

pip install arjun
  1. (Optional) Clone additional tools:

    ~/tools/LinkFinder
    ~/tools/JSParser


🧪 Usage

Basic Scan

surfmap -u example.com

Skip Subdomain Enumeration

surfmap -u example.com -skip-sub

Scan Multiple Targets

surfmap -f targets.txt

Exclude Domains

surfmap -u example.com -skip-u test.example.com
surfmap -f targets.txt -skip-f out_of_scope.txt

Display Help

surfmap -h

🎯 Command Line Options

Target Options (Required)

  • -u, --url
    Single target domain to scan (e.g., example.com)

  • -f, --file
    Text file containing multiple domains (one per line)

Filter Options

  • -skip-sub
    Skip subdomain enumeration and use target directly

  • -skip-u, --skip-url
    Exclude specific domain from results

  • -skip-f, --skip-file
    Text file with domains to exclude (one per line)

Miscellaneous

  • -h, --help
    Show help menu and exit

📁 Output Structure

recon/ example.com/ all_subs.txt alive_subs.txt plain_domains.txt all_urls.txt jsfiles.txt final_endpoints.txt endpoints_with_params.txt arjun_params.txt recon_summary_YYYYMMDD_HHMMSS.txt ...other intermediate files

For multiple targets:

recon/ targets_file_name/ target1/ target2/ mixed/


🔍 Module Breakdown

Subdomain Enumeration

Tools:

  • subfinder
  • assetfinder

Output:

  • all_subs.txt

Live Host Discovery

Tools:

  • httpx-toolkit / httprobe

Output:

  • alive_subs.txt
  • plain_domains.txt

URL Collection

Tools:

  • gau
  • waybackurls
  • katana

Output:

  • all_urls.txt

JavaScript Analysis

Tools:

  • LinkFinder
  • JSParser
  • xnLinkFinder

Output:

  • jsfiles.txt
  • extracted endpoints

Parameter Discovery

Tool:

  • arjun

Output:

  • arjun_params.txt

Aggregation

Output:

  • final_endpoints.txt
  • endpoints_with_params.txt

📊 Report Generation

Automatically generates:

recon_summary_.txt

Includes:

  • Target details
  • Scan duration
  • Subdomains discovered
  • Live hosts
  • URLs collected
  • JavaScript files
  • Endpoints
  • Parameters

⚠️ Interrupt Handling

Single Ctrl+C: → Opens interactive menu

Options:

c → Restart tool
n → Skip tool
s → Stop scan

Double Ctrl+C: → Force exit


🧹 Filtering & Exclusions

Supports:

  • Single domain exclusion (-skip-u)
  • File-based exclusion (-skip-f)

Applies filtering across all output files.


🔗 Aggregation Mode

For multi-target scans:

  • Individual results per target
  • Combined dataset in "mixed" directory

Useful for large-scale recon.


🧠 Design Philosophy

  • Automation-first
  • Maximum coverage
  • Clean output
  • Modular pipeline
  • Resilient execution

⚡ Example Workflow

  1. Run SurfMap
  2. Analyze endpoints_with_params.txt
  3. Feed into fuzzers (ffuf, Burp Suite, etc.)
  4. Identify vulnerabilities

🚧 Limitations

  • Requires external tools setup
  • Performance depends on system resources
  • Optional tools enhance coverage

🔮 Future Improvements

  • Parallel execution
  • GUI interface
  • Cloud recon support
  • Built-in vulnerability scanning

👨‍💻 Author

Created by: Khrish
Cybersecurity Specialist & VAPT Analyst


🚦 Versions

1.0.0

1.0.0 - Base Version
1.0.1 - Few Updates
1.0.2 - Added interactive c, s, n to Continue, Stop, Next 1.1.0 - Python Packaging Published


⚖️ Disclaimer

This tool is intended for authorized security testing and educational purposes only.

Do NOT use it against systems without permission.


🔐 Final Note

SurfMap is a complete reconnaissance framework built for serious security work.

Use it responsibly. Stay ethical. Stay secure.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

surfmap-1.1.0.tar.gz (15.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

surfmap-1.1.0-py3-none-any.whl (12.9 kB view details)

Uploaded Python 3

File details

Details for the file surfmap-1.1.0.tar.gz.

File metadata

  • Download URL: surfmap-1.1.0.tar.gz
  • Upload date:
  • Size: 15.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for surfmap-1.1.0.tar.gz
Algorithm Hash digest
SHA256 641933ec5825482ef05c0f3ed8b6b91d62e6b5a8e5c5e517bb921c0087eba4d7
MD5 11bc57de4eda4e0d468cf92c9becef5c
BLAKE2b-256 80058361d0f0e3a0cf5f2b230f894a2e0baf3d73eb5a263bfbb33414b85a22a8

See more details on using hashes here.

Provenance

The following attestation bundles were made for surfmap-1.1.0.tar.gz:

Publisher: publish.yml on Dev-Khrish/SurfMap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file surfmap-1.1.0-py3-none-any.whl.

File metadata

  • Download URL: surfmap-1.1.0-py3-none-any.whl
  • Upload date:
  • Size: 12.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for surfmap-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6f3d96e4b6f8b4786dbc59fd00e1e7a91630f14ed5fab8883d09783d7e3de14a
MD5 48aa48302e0e852519086a7887d5c099
BLAKE2b-256 e4532d97802dd86931a81f06739484b4caf0d5b028cfa679094744eb3736face

See more details on using hashes here.

Provenance

The following attestation bundles were made for surfmap-1.1.0-py3-none-any.whl:

Publisher: publish.yml on Dev-Khrish/SurfMap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page