███████ █████████ █████████ ██████ ██████
███░░░░░███ ███░░░░░███ ███░░░░░███░░██████ ██████
███ ░░███ ████████ ███████ ░███ ░███ ░███ ░░░ ░███░█████░███
░███ ░███░░███░░███ ███░░███ ░███████████ ░░█████████ ░███░░███ ░███
░███ ░███ ░███ ░░░ ░███ ░███ ░███░░░░░███ ░░░░░░░░███ ░███ ░░░ ░███
░░███ ███ ░███ ░███ ░███ ░███ ░███ ███ ░███ ░███ ░███
░░░███████░ █████ ░░███████ █████ █████░░█████████ █████ █████
░░░░░░░ ░░░░░ ░░░░░███░░░░░ ░░░░░ ░░░░░░░░░ ░░░░░ ░░░░░
███ ░███
░░██████ V3.0.0
░░░░░░
A tool for mapping the attack surface of any type of target, it can find subdomains, IPs and ports, services and then scan them with other tools like nuclei, gobuster, wafwoof, etc....
It can also pivot to other related FQDNs and IPs. Last but not least, it features a web export with all the information found, and a modularity that makes it easy to add data from your tools!
All is organized by a configuration.yaml file, here you can set all the settings of the initial scan and others tools.
- Discover Attack Surface
- Find subdomains related to domains
- Easy modularity on API to find new subs
- Easy configuration file
- Find FQDN from an IP and find all associated subs
- Retreive all certificates of the IP and FQDNs founds and detect SAN
- Can pivot to others related FQDNs
- Can limit to a scope (regex(s), list, file)
- Pass traffic through proxies automatically fetched from public lists (you can add your own)
- Can launch others tools after initial scan completed
- Can resume a scan to the last tool used
- Modular web export for easy adding
Need python3
git clone https://github.com/ugomeguerditchian/OrgASM
cd OrgASM
pip install -r requirements.txt
python main.py -h
- Alienvault
- Crt.sh
- Hackertarget
- Rapiddns
- AnubisDB
- Certspotter
- Ports scanner
- Service detector
- Wappalayzer for detected web ports and FQDNs
- Nuclei scan
- Gobuster
- WafWoof
usage: main.py [-h] [-d DOMAIN] [-ip IP] [-net NETWORK] [-R RECURSIVE] [--resume RESUME]
options:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
Domain to scan
-ip IP, --ip IP IP to scan
-net NETWORK, --network NETWORK
Network to scan, don't forget the CIDR (ex: 192.168.1.0/24)
-R RECURSIVE, --recursive RECURSIVE
Recursive scan, will rescan all the subdomains finds and go deeper as you want, default is 0
--resume RESUME Resume a scan from the json export and to a tool (the last one to have finished), split with a ':' (ex: --resume exports/mydomain/date.json:nuclei) You
can also use --resume exports/mydomain/date.json:export to just generate the html report
Next week :
- Option to re do the intial scan after a tool
- More api
- During intial scan handling of API for IP informations
- Add res.metadata to store statistic of the scan
- Possibility to add your own jinja template for an html object inside the mapper of the tool
- Add new API for subs finding
- Add new tools
- Add new tools data to html report
We would love for you to contribute to OrgASM and help make it even better than it is today!
You can easily add new API for subs, new tools to add with their data parser for the html report.
Here are the guidelines we'd like you to follow:
If you find a bug in the project or want to propose a new feature, please submit an issue on our GitHub Issues page.
If you'd like to contribute code to this project you can do so through GitHub by forking the repository and sending a pull request. Here's how:
- Fork the project via GitHub interface
- Clone your fork to your machine.
- Create a new branch with a meaningful name.
- Make your changes and commit them to your branch.
- Push your branch to your fork on GitHub.
- Create a new pull request via GitHub interface, pointing to your fork and branch.
- Fill in the required information and submit the pull request.
Please follow the coding conventions already established in the project. Consistency is key!
In the interest of fostering an open and welcoming environment, we ask that our contributors adhere to a code of conduct which promotes respect and inclusivity. Harassment of any kind will not be tolerated.