Advanced Reconnaissance & Analysis Suite for cybersecurity professionals
Project description
⚡ SurfMap — Advanced Reconnaissance & Analysis Suite
SurfMap is a powerful, automation-driven reconnaissance framework designed for cybersecurity professionals, bug bounty hunters, and penetration testers. It automates the complete reconnaissance lifecycle — from asset discovery to parameter extraction — into a structured, efficient pipeline.
It integrates multiple industry-standard tools into a unified workflow, enabling deep attack surface mapping with minimal manual intervention.
➡️ Complete Installation Guide →
🚀 Overview
SurfMap performs end-to-end reconnaissance including:
- Subdomain Enumeration
- Live Host Discovery
- URL Collection (Historical + Crawled)
- JavaScript Analysis
- Endpoint Extraction
- Parameter Discovery
- Result Aggregation
- Automated Report Generation
✨ Features
🔍 Comprehensive Recon Pipeline
Covers the entire attack surface from domains to parameters.
⚡ Multi-Tool Integration
Uses best-in-class tools like subfinder, assetfinder, gau, katana, arjun, etc.
🧠 Smart Filtering
Removes invalid, duplicate, and out-of-scope data automatically.
🛡️ Interactive Interrupt Handling
Control execution flow during runtime (restart / skip / stop).
📊 Automated Reporting
Generates clean summaries with key metrics.
📁 Structured Output
Organizes results in a clean, per-target directory format.
🧱 Workflow
SurfMap follows a modular pipeline:
- Target Acquisition
- Subdomain Enumeration
- Live Host Discovery
- URL Collection
- JavaScript Analysis
- Parameter Discovery
- Results Aggregation
- Report Generation
Each stage enriches the dataset for the next.
⚙️ Requirements
Required Tools
- subfinder
- assetfinder
- gau
- waybackurls
- katana
- arjun
- httpx-toolkit OR httprobe
Optional Tools (Recommended)
- LinkFinder
- JSParser
- xnLinkFinder
Python
- Python 3.7+
📦 Installation
Option 1: Install from PyPI (Recommended)
pip install surfmap
Then run:
surfmap -u example.com
Option 2: Install from Source
- Clone the repository:
git clone https://github.com/dev-Khrish/surfmap.git
cd surfmap
- Install the package in development mode:
pip install -e .
- Run SurfMap:
surfmap -u example.com
Required External Tools
Install these Go-based reconnaissance tools:
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/tomnomnom/assetfinder@latest
go install github.com/lc/gau/v2/cmd/gau@latest
go install github.com/tomnomnom/waybackurls@latest
go install github.com/projectdiscovery/katana/cmd/katana@latest
go install github.com/projectdiscovery/httpx/cmd/httpx@latest
Install Arjun (Python-based parameter discovery):
pip install arjun
-
(Optional) Clone additional tools:
~/tools/LinkFinder
~/tools/JSParser
🧪 Usage
Basic Scan
surfmap -u example.com
Skip Subdomain Enumeration
surfmap -u example.com -skip-sub
Scan Multiple Targets
surfmap -f targets.txt
Exclude Domains
surfmap -u example.com -skip-u test.example.com
surfmap -f targets.txt -skip-f out_of_scope.txt
Display Help
surfmap -h
🎯 Command Line Options
Target Options (Required)
-
-u, --url
Single target domain to scan (e.g.,example.com) -
-f, --file
Text file containing multiple domains (one per line)
Filter Options
-
-skip-sub
Skip subdomain enumeration and use target directly -
-skip-u, --skip-url
Exclude specific domain from results -
-skip-f, --skip-file
Text file with domains to exclude (one per line)
Miscellaneous
- -h, --help
Show help menu and exit
📁 Output Structure
recon/ example.com/ all_subs.txt alive_subs.txt plain_domains.txt all_urls.txt jsfiles.txt final_endpoints.txt endpoints_with_params.txt arjun_params.txt recon_summary_YYYYMMDD_HHMMSS.txt ...other intermediate files
For multiple targets:
recon/ targets_file_name/ target1/ target2/ mixed/
🔍 Module Breakdown
Subdomain Enumeration
Tools:
- subfinder
- assetfinder
Output:
- all_subs.txt
Live Host Discovery
Tools:
- httpx-toolkit / httprobe
Output:
- alive_subs.txt
- plain_domains.txt
URL Collection
Tools:
- gau
- waybackurls
- katana
Output:
- all_urls.txt
JavaScript Analysis
Tools:
- LinkFinder
- JSParser
- xnLinkFinder
Output:
- jsfiles.txt
- extracted endpoints
Parameter Discovery
Tool:
- arjun
Output:
- arjun_params.txt
Aggregation
Output:
- final_endpoints.txt
- endpoints_with_params.txt
📊 Report Generation
Automatically generates:
recon_summary_.txt
Includes:
- Target details
- Scan duration
- Subdomains discovered
- Live hosts
- URLs collected
- JavaScript files
- Endpoints
- Parameters
⚠️ Interrupt Handling
Single Ctrl+C: → Opens interactive menu
Options:
c → Restart tool
n → Skip tool
s → Stop scan
Double Ctrl+C: → Force exit
🧹 Filtering & Exclusions
Supports:
- Single domain exclusion (-skip-u)
- File-based exclusion (-skip-f)
Applies filtering across all output files.
🔗 Aggregation Mode
For multi-target scans:
- Individual results per target
- Combined dataset in "mixed" directory
Useful for large-scale recon.
🧠 Design Philosophy
- Automation-first
- Maximum coverage
- Clean output
- Modular pipeline
- Resilient execution
⚡ Example Workflow
- Run SurfMap
- Analyze endpoints_with_params.txt
- Feed into fuzzers (ffuf, Burp Suite, etc.)
- Identify vulnerabilities
🚧 Limitations
- Requires external tools setup
- Performance depends on system resources
- Optional tools enhance coverage
🔮 Future Improvements
- Parallel execution
- GUI interface
- Cloud recon support
- Built-in vulnerability scanning
👨💻 Author
Created by: Khrish
Cybersecurity Specialist & VAPT Analyst
🚦 Versions
1.2.0
1.2.0 - Dependency setup flow refactor, Added setup mode and environment bootstrap, Removed forced reinstall flag
1.0.0
1.0.0 - Base Version
1.0.1 - Few Updates
1.0.2 - Added interactive c, s, n to Continue, Stop, Next
1.1.0 - Python Packaging Published
⚖️ Disclaimer
This tool is intended for authorized security testing and educational purposes only.
Do NOT use it against systems without permission.
🔐 Final Note
SurfMap is a complete reconnaissance framework built for serious security work.
Use it responsibly. Stay ethical. Stay secure.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file surfmap-1.2.1.tar.gz.
File metadata
- Download URL: surfmap-1.2.1.tar.gz
- Upload date:
- Size: 18.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d46ccb8c2fd8dae7b1c16bbdb4f19fc754c7c93ab6520dbaa4e2e98a5f63bd39
|
|
| MD5 |
b7131bc9f4266613b98990b410384ca8
|
|
| BLAKE2b-256 |
3d9a3cfc13101c53a7628a9cbef9a6ace2ced384af89925b877782d2149d038d
|
Provenance
The following attestation bundles were made for surfmap-1.2.1.tar.gz:
Publisher:
publish.yml on Dev-Khrish/SurfMap
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
surfmap-1.2.1.tar.gz -
Subject digest:
d46ccb8c2fd8dae7b1c16bbdb4f19fc754c7c93ab6520dbaa4e2e98a5f63bd39 - Sigstore transparency entry: 1369261097
- Sigstore integration time:
-
Permalink:
Dev-Khrish/SurfMap@d831bc6738b9b81754d84e673c18824ea2e7379a -
Branch / Tag:
refs/tags/1.2.1 - Owner: https://github.com/Dev-Khrish
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d831bc6738b9b81754d84e673c18824ea2e7379a -
Trigger Event:
release
-
Statement type:
File details
Details for the file surfmap-1.2.1-py3-none-any.whl.
File metadata
- Download URL: surfmap-1.2.1-py3-none-any.whl
- Upload date:
- Size: 15.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0600ae60bead82d2b946a47430f42d06550a7afb084833d7b6f172eaa4eab6d7
|
|
| MD5 |
3b15c7637b0233c532fae5ec71b88c90
|
|
| BLAKE2b-256 |
8cf501aa8c830baf39c99b5351e3c3555f604b11c1fcbe2a881f55cd7fc047a2
|
Provenance
The following attestation bundles were made for surfmap-1.2.1-py3-none-any.whl:
Publisher:
publish.yml on Dev-Khrish/SurfMap
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
surfmap-1.2.1-py3-none-any.whl -
Subject digest:
0600ae60bead82d2b946a47430f42d06550a7afb084833d7b6f172eaa4eab6d7 - Sigstore transparency entry: 1369261211
- Sigstore integration time:
-
Permalink:
Dev-Khrish/SurfMap@d831bc6738b9b81754d84e673c18824ea2e7379a -
Branch / Tag:
refs/tags/1.2.1 - Owner: https://github.com/Dev-Khrish
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@d831bc6738b9b81754d84e673c18824ea2e7379a -
Trigger Event:
release
-
Statement type: