justtahsin/surface-mapper

# surface    $ surface target.com surface — AI-Powered Attack Surface Mapper Target: target.com ✓ 87 unique subdomains discovered ✓ 61 subdomains are live Resolved Subdomains (61) ┏━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━┓ ┃ Subdomain ┃ IP ┃ Org / ASN ┃ ┃ ┡━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━┩ │ admin.target.com │ 104.21.3.12 │ AS13335 Cloudflare │ ★ │ │ api.target.com │ 104.21.3.12 │ AS13335 Cloudflare │ ★ │ │ dev.target.com │ 52.14.88.201 │ AS16509 Amazon AWS │ ★ │ │ staging.target.com │ 52.14.88.201 │ AS16509 Amazon AWS │ ★ │ │ vpn.target.com │ 185.199.11.4 │ AS36459 GitHub │ ★ │ │ mail.target.com │ 104.21.3.12 │ AS13335 Cloudflare │ ★ │ │ jenkins.target.com │ 34.102.136.1 │ AS15169 Google Cloud │ ★ │ │ ... │ ... │ ... │ │ └─────────────────────────┴───────────────┴────────────────────────┴────┘ ★ Interesting subdomains (7): admin, api, dev, staging, vpn, mail, jenkins Wayback Machine: 312 historical URLs, 94 unique paths ╔══ Claude Analysis ══════════════════════════════════════╗ ## Attack Surface Summary Target exposes 61 live hosts across 3 major providers... ## High-Value Targets - **jenkins.target.com** (34.102.136.1) — Jenkins on Google Cloud, likely unauthenticated or default creds. Check /login and /script endpoint. - **dev.target.com** — AWS-hosted, likely a staging environment with relaxed security. Historical URLs show /api/v2/internal/ paths. ... ## What it does `surface` runs **entirely passive** recon across multiple sources, aggregates the results, and feeds them to Claude for a prioritized threat analysis — no active scanning, no touching the target directly. | Source | What it collects | |---|---| | **crt.sh** | Subdomains via certificate transparency logs | | **HackerTarget** | Additional subdomain enumeration | | **Wayback Machine** | Historical URLs and exposed paths | | **ipinfo.io** | IP geolocation, ASN, hosting provider | | **DNS resolution** | Which subdomains are actually live | | **Claude (claude-opus-4-7)** | Threat analysis, prioritization, next steps | ## Install git clone https://github.com/tahsinbab6/surface cd surface pip install -r requirements.txt Or install as a CLI tool: pip install surface-mapper ## Usage export ANTHROPIC_API_KEY="sk-ant-..." # Full recon + AI analysis surface target.com # Recon only (no Claude, no API key needed) surface target.com --no-ai # Save raw results to JSON surface target.com -o results.json # Skip AI and save surface target.com --no-ai -o results.json ## Requirements - Python 3.11+ - `ANTHROPIC_API_KEY` — only needed for AI analysis. Recon works without it. - No Shodan, VirusTotal, or other paid API keys required. ## Disclaimer This tool is intended for **authorized security testing, bug bounty programs, and educational purposes only**. Always ensure you have explicit permission before scanning any target. The author is not responsible for misuse.