A powerful Python tool that maps and visualizes the attack surface of any website. Combines reconnaissance, vulnerability scanning, and beautiful interactive visualizations.
Eye4Eye provides comprehensive attack surface analysis through:
- DNS enumeration with customizable wordlists
- Certificate Transparency log analysis
- Interactive tree visualization showing domain hierarchy
- IP resolution for all discovered subdomains
- Quick scan of common ports (21, 22, 80, 443, etc.)
- Full scan option using nmap integration
- Service detection and banner grabbing
- Heatmap visualization of open ports across hosts
- Web server identification (Apache, Nginx, IIS)
- Framework detection (React, Vue, Angular, Django, etc.)
- CMS identification (WordPress, Joomla, Drupal, etc.)
- HTTP header analysis for security configurations
- Visual tech stack graph
- Directory listing detection
- Exposed sensitive files (.git, .env, config files)
- Admin panel discovery
- Security header analysis
- SSL/TLS configuration check
- Severity-based classification (High, Medium, Low, Info)
- Common API path enumeration
- Swagger/OpenAPI documentation parsing
- JavaScript file analysis for endpoints
- robots.txt and sitemap.xml parsing
- Interactive sunburst visualization
- Interactive HTML dashboard with all findings
- Network graphs for subdomain relationships
- Heatmaps for port distribution
- Charts for vulnerability analysis
- JSON export for further processing
- Python 3.8 or higher
- nmap (optional, for advanced port scanning)
# Ubuntu/Debian
sudo apt-get install nmap
# macOS
brew install nmap
# Fedora/RHEL
sudo dnf install nmap# Clone or navigate to the project directory
cd Eye4Eye
# Install required packages
pip install -r requirements.txtpython eye4eye.py example.com# Full port scan with nmap (slower but more detailed)
python eye4eye.py example.com --full-scan
# Skip specific scan phases
python eye4eye.py example.com --skip-subdomains --skip-ports
# Scan only the main domain (skip subdomains)
python eye4eye.py example.com --main-only
# Skip vulnerability scanning
python eye4eye.py example.com --skip-vulns
# Skip API discovery
python eye4eye.py example.com --skip-apipositional arguments:
domain Target domain to scan
optional arguments:
-h, --help Show help message and exit
--skip-subdomains Skip subdomain enumeration
--skip-ports Skip port scanning
--skip-tech Skip technology detection
--skip-vulns Skip vulnerability scanning
--skip-api Skip API discovery
--full-scan Perform full port scan using nmap
--main-only Only scan main domain, skip subdomains
Eye4Eye/
├── eye4eye.py # Main application
├── config.py # Configuration settings
├── requirements.txt # Python dependencies
├── modules/ # Scanning modules
│ ├── __init__.py
│ ├── subdomain_scanner.py # Subdomain enumeration
│ ├── port_scanner.py # Port scanning
│ ├── tech_detector.py # Technology detection
│ ├── vuln_scanner.py # Vulnerability scanning
│ └── api_discovery.py # API endpoint discovery
├── visualizations/ # Visualization components
│ ├── __init__.py
│ └── visualizer.py # Chart and report generation
└── output/ # Generated reports (created automatically)
├── domain_timestamp_report.html
└── domain_timestamp_data.json
The tool generates a beautiful, interactive HTML dashboard featuring:
- Real-time statistics (subdomains, ports, vulnerabilities, endpoints)
- Interactive visualizations using Plotly.js
- Dark theme with gradient accents
- Responsive design for all screen sizes
All data is also exported in JSON format for:
- Integration with other tools
- Custom analysis and reporting
- Automation workflows
- Long-term storage
Edit config.py to customize:
# Scanning parameters
MAX_THREADS = 50 # Concurrent threads
TIMEOUT = 5 # Request timeout in seconds
# Port scanning
COMMON_PORTS = [21, 22, 23, 25, 53, 80, ...]
# Subdomain wordlist
SUBDOMAIN_WORDLIST = ["www", "mail", "ftp", ...]
# Output settings
OUTPUT_DIR = "output"
REPORT_FORMAT = "html"- Uses
dnspythonfor DNS queries - Queries Certificate Transparency logs via crt.sh
- Multi-threaded for performance
- Automatic IP resolution
- Socket-based scanning for speed
- Optional nmap integration for detailed service detection
- Banner grabbing for service identification
- Configurable port ranges
builtwithlibrary integration- HTTP header fingerprinting
- HTML meta tag analysis
- JavaScript framework detection
- CMS pattern matching
- Path enumeration for sensitive files
- Security header validation
- SSL/TLS configuration check
- Admin panel discovery
- Directory listing detection
- Common endpoint enumeration
- Swagger/OpenAPI parsing
- JavaScript source analysis
- robots.txt and sitemap parsing
** IMPORTANT DISCLAIMER**
This tool is designed for authorized security testing only. You must have explicit permission to scan any target that you do not own.
- Legal Use Only: Unauthorized scanning is illegal in most jurisdictions
- Responsible Disclosure: Report vulnerabilities responsibly
- Rate Limiting: The tool includes delays to avoid overwhelming targets
- No Exploitation: This tool only discovers, it does not exploit
Contributions are welcome! Areas for improvement:
- Additional vulnerability checks
- More visualization types
- Performance optimizations
- Additional data sources
- Export format options
This project is licensed under the MIT License - see the LICENSE file for details.
Built with:
- dnspython - DNS toolkit
- python-nmap - Nmap integration
- Plotly - Interactive visualizations
- NetworkX - Graph analysis
- BeautifulSoup - HTML parsing
- Requests - HTTP library
- Colorama - Terminal colors
For questions, suggestions, or security concerns, please open an issue on GitHub.