surfacemap 2.0.0__tar.gz

surfacemap-2.0.0/.gitignore

@@ -0,0 +1,49 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+*.egg-info/
+*.egg
+dist/
+build/
+.eggs/
+
+# Virtual environments
+.venv/
+venv/
+env/
+ENV/
+
+# Environment variables
+.env
+.env.*
+
+# Database
+*.db
+*.sqlite
+*.sqlite3
+
+# Output
+output/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.mypy_cache/
+.ruff_cache/
+
+# Jupyter
+.ipynb_checkpoints/

surfacemap-2.0.0/CLAUDE.md

@@ -0,0 +1,82 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+SurfaceMap is an LLM-driven attack surface discovery tool. Given a company name or domain, it runs 30+ discovery modules concurrently to enumerate subdomains, IPs, ports, cloud buckets, certificates, and more. Results are deduplicated, risk-scored, and output as terminal trees, JSON, CSV, HTML mindmaps, or Mermaid diagrams.
+
+## Build & Run Commands
+
+```bash
+# Install (editable, all extras)
+pip install -e ".[all]"
+
+# Install core only (no API/LLM/Slack)
+pip install -e .
+
+# Run CLI
+surfacemap discover "Target Corp" --domain target.com --tree --json
+
+# Run API server
+uvicorn surfacemap.api.server:app --host 0.0.0.0 --port 8000
+
+# Run config viewer
+surfacemap config
+```
+
+There is no test suite, linter, or formatter configured yet. The `tests/` directory exists but is empty.
+
+## Architecture
+
+### Execution Flow
+
+CLI (`cli/main.py`) or API (`api/server.py`) → `DiscoveryEngine` → 4-phase pipeline:
+1. **Phase 0**: LLM Brainstorm (optional) — identifies subsidiaries, infrastructure hints
+2. **Phase 1**: Passive Recon — 15 modules run concurrently via `asyncio.gather()`
+3. **Phase 2**: Active Probing — 14 modules (CORS checks, sensitive paths, JS analysis)
+4. **Phase 3**: LLM Analysis — risk scoring, attack path generation
+
+### Module System
+
+All discovery modules extend `DiscoveryModule` ABC in `discovery/base.py`:
+- Must implement `name`, `description` properties and `discover(target, result)` async method
+- `safe_discover()` wraps execution with timeout (120s default) and error handling
+- Module failures are isolated — they don't crash the pipeline
+
+Modules are organized by category across files in `discovery/`:
+- `dns.py` — DNS records, subdomains, zone transfers, cloud detection, subdomain takeover
+- `http.py` — HTTP probing, port scanning (nmap)
+- `web.py` — Wayback, cert transparency, URL scanning, web tech detection
+- `osint.py` — WHOIS, ASN, reverse DNS, SSL analysis, email security
+- `active.py` — Sensitive paths, JS analysis, CORS, cookie security
+- `enrichment.py` — VirusTotal, Shodan, GitHub dorks, email harvesting
+
+### Data Model
+
+`core/models.py` defines the asset-centric model:
+- **Asset**: type (16 `AssetType` enums), value, status, severity, metadata dict
+- **ScanResult**: container with fingerprint-based deduplication (SHA256 of type:value)
+- Assets are added via `ScanResult.add_asset()` which handles dedup automatically
+
+### LLM Integration
+
+`core/llm.py` — `LLMBrain` class with provider fallback chain: Gemini → Anthropic → OpenAI. Used for brainstorming targets, risk scoring, and false-positive filtering. Entirely optional — tool works without any LLM key.
+
+### Configuration
+
+`core/config.py` — `SurfaceMapConfig` dataclass, singleton via `get_config()`. All settings come from environment variables (auto-loads `.env` file). Key prefixes: `SURFACEMAP_*` for tool settings, plus `GEMINI_API_KEY`, `VIRUSTOTAL_API_KEY`, `SHODAN_API_KEY`, `GITHUB_TOKEN`, `HUNTER_API_KEY` for external services.
+
+### Storage & Output
+
+- `storage/db.py` — async SQLite via aiosqlite, stores scans and assets
+- `output/mindmap.py` — generates standalone HTML with D3.js force-directed graph
+- `output/formatters.py` — JSON, CSV, Rich tree, Mermaid export
+
+## Key Conventions
+
+- **Async-first**: All discovery, HTTP, DNS, and DB operations are async. Use `asyncio` patterns.
+- **Fault tolerance**: Every module runs inside `safe_discover()` with per-module timeouts. Never let one module failure affect others.
+- **No secrets in code**: All API keys via env vars. The `.env` file is gitignored.
+- **External tools are optional**: `dig`, `nmap`, `subfinder` enhance results but the tool must work without them (check availability before calling).
+- Python 3.11+ required. Build system is Hatch/Hatchling.

surfacemap-2.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yash Korat
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

surfacemap-2.0.0/PKG-INFO

@@ -0,0 +1,250 @@
+Metadata-Version: 2.4
+Name: surfacemap
+Version: 2.0.0
+Summary: LLM-driven attack surface discovery — find every asset from just a company name
+Author: Yash Korat
+License-Expression: MIT
+License-File: LICENSE
+Keywords: attack-surface,discovery,osint,recon,security
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Requires-Python: >=3.11
+Requires-Dist: aiosqlite>=0.20.0
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: rich>=13.7.0
+Requires-Dist: typer[all]>=0.9.0
+Provides-Extra: all
+Requires-Dist: anthropic>=0.40.0; extra == 'all'
+Requires-Dist: fastapi>=0.115.0; extra == 'all'
+Requires-Dist: google-genai>=1.0.0; extra == 'all'
+Requires-Dist: slack-sdk>=3.30.0; extra == 'all'
+Requires-Dist: uvicorn>=0.30.0; extra == 'all'
+Provides-Extra: api
+Requires-Dist: fastapi>=0.115.0; extra == 'api'
+Requires-Dist: uvicorn>=0.30.0; extra == 'api'
+Provides-Extra: llm
+Requires-Dist: anthropic>=0.40.0; extra == 'llm'
+Requires-Dist: google-genai>=1.0.0; extra == 'llm'
+Provides-Extra: notifications
+Requires-Dist: slack-sdk>=3.30.0; extra == 'notifications'
+Description-Content-Type: text/markdown
+
+# SurfaceMap
+
+**LLM-driven attack surface discovery. Find every external asset from just a company name.**
+
+SurfaceMap combines passive OSINT techniques, DNS enumeration, HTTP probing, port scanning, cloud bucket enumeration, and LLM intelligence to build a complete map of an organization's attack surface.
+
+---
+
+## Quick Start
+
+```bash
+# Install
+pip install -e ".[all]"
+
+# Set your LLM API key
+export GEMINI_API_KEY="your-key-here"
+
+# Discover everything about a company
+surfacemap discover "Acme Corp" --domain acme.com --tree --json
+
+# Or just scan a domain
+surfacemap discover example.com --mindmap
+```
+
+## Installation
+
+```bash
+# Core (CLI + discovery)
+pip install -e .
+
+# With API server
+pip install -e ".[api]"
+
+# With LLM intelligence
+pip install -e ".[llm]"
+
+# With Slack notifications
+pip install -e ".[notifications]"
+
+# Everything
+pip install -e ".[all]"
+```
+
+### External Tools (Optional)
+
+SurfaceMap works without these, but they enhance discovery:
+
+| Tool | Purpose | Install |
+|------|---------|---------|
+| `dig` | DNS record enumeration | Included with most OS |
+| `nmap` | Port scanning | `brew install nmap` / `apt install nmap` |
+| `subfinder` | Passive subdomain enum | `go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest` |
+
+## CLI Usage
+
+```bash
+# Full discovery with tree output
+surfacemap discover "Google" --domain google.com --tree
+
+# Export to JSON and CSV
+surfacemap discover example.com --json --csv --output ./results
+
+# Generate interactive HTML mindmap
+surfacemap discover "Acme Corp" -d acme.com --mindmap
+
+# Check version
+surfacemap version
+```
+
+### Options
+
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--domain` | `-d` | Primary domain (if target is a company name) |
+| `--output` | `-o` | Output directory for results |
+| `--tree` | `-t` | Display results as a rich tree in terminal |
+| `--mindmap` | `-m` | Generate interactive D3.js HTML mindmap |
+| `--json` | `-j` | Export results to JSON |
+| `--csv` | | Export results to CSV |
+
+## API Server
+
+```bash
+# Start the API server
+uvicorn surfacemap.api.server:app --host 0.0.0.0 --port 8000
+
+# Start a scan
+curl -X POST "http://localhost:8000/discover?target=example.com"
+
+# Get scan results
+curl "http://localhost:8000/scans/{scan_id}"
+
+# Health check
+curl "http://localhost:8000/health"
+```
+
+### API Endpoints
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `POST` | `/discover` | Start a new discovery scan |
+| `GET` | `/scans/{id}` | Get scan results by ID |
+| `GET` | `/scans` | List recent scans |
+| `GET` | `/health` | Health check |
+
+## Discovery Modules
+
+SurfaceMap runs discovery in 6 phases:
+
+| # | Phase | Module | Description |
+|---|-------|--------|-------------|
+| 1 | Company Intel | LLM Brain | Discover domains, subsidiaries, and related entities via LLM |
+| 1 | Company Intel | Subsidiary Discovery | Identify acquisitions, brands, and child companies |
+| 2 | DNS | DNS Records | Enumerate A, AAAA, MX, NS, TXT, CNAME, SOA records |
+| 2 | DNS | Subdomain - subfinder | Passive subdomain enumeration via subfinder |
+| 2 | DNS | Subdomain - crt.sh | Certificate transparency log mining |
+| 2 | DNS | Subdomain - Brute Force | DNS brute force with 100+ common prefixes |
+| 2 | DNS | Subdomain - LLM | AI-suggested subdomain candidates |
+| 3 | HTTP | HTTP Probe | Probe all hosts for HTTP/HTTPS services |
+| 3 | HTTP | Technology Detection | Identify web servers, frameworks, CMS from headers |
+| 3 | HTTP | Security Headers | Check for missing HSTS, CSP, X-Frame-Options, etc. |
+| 3 | HTTP | CDN Detection | Identify Cloudflare, CloudFront, Fastly, Akamai, etc. |
+| 3 | HTTP | WAF Detection | Detect web application firewalls |
+| 4 | Ports | Port Scan | nmap service version detection on discovered IPs |
+| 5 | Cloud | S3 Bucket Enum | Check for public/existing AWS S3 buckets |
+| 5 | Cloud | Azure Blob Enum | Check for Azure Blob Storage containers |
+| 5 | Cloud | GCS Bucket Enum | Check for Google Cloud Storage buckets |
+| 5 | Takeover | Subdomain Takeover | Detect dangling CNAMEs across 17 providers |
+| 6 | Dorks | Google Dorks | LLM-generated targeted search queries |
+
+### Asset Types
+
+| Type | Description |
+|------|-------------|
+| `domain` | Root domains |
+| `subdomain` | Discovered subdomains |
+| `ip` | IP addresses |
+| `port` | Open ports |
+| `service` | Running services with version info |
+| `cloud_bucket` | S3, Azure Blob, GCS buckets |
+| `email_server` | MX record mail servers |
+| `nameserver` | NS record nameservers |
+| `cdn` | Content delivery networks |
+| `waf` | Web application firewalls |
+| `certificate` | TLS/SSL certificates |
+| `github_repo` | GitHub repositories |
+| `social_media` | Social media profiles |
+| `url` | Discovered URLs |
+| `technology` | Detected technologies |
+| `subsidiary` | Subsidiaries and acquisitions |
+
+## Configuration
+
+All settings are configured via environment variables:
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `GEMINI_API_KEY` | | Google Gemini API key |
+| `ANTHROPIC_API_KEY` | | Anthropic Claude API key |
+| `SURFACEMAP_LLM_PROVIDER` | `gemini` | LLM provider (`gemini` or `anthropic`) |
+| `SURFACEMAP_LLM_MODEL` | `gemini-2.5-flash` | LLM model name |
+| `SURFACEMAP_HTTP_TIMEOUT` | `15` | HTTP probe timeout (seconds) |
+| `SURFACEMAP_DNS_TIMEOUT` | `10` | DNS lookup timeout (seconds) |
+| `SURFACEMAP_SCAN_TIMEOUT` | `300` | nmap scan timeout (seconds) |
+| `SURFACEMAP_OUTPUT_DIR` | `./output` | Default output directory |
+| `SURFACEMAP_DB_PATH` | `./surfacemap.db` | SQLite database path |
+| `SURFACEMAP_SLACK_WEBHOOK` | | Slack webhook URL for notifications |
+| `SURFACEMAP_SLACK_TOKEN` | | Slack Bot Token for notifications |
+| `SURFACEMAP_SLACK_CHANNEL` | `#security` | Slack channel for notifications |
+| `SURFACEMAP_MAX_SUBDOMAINS` | `500` | Maximum subdomains to enumerate |
+| `SURFACEMAP_MAX_PROBES` | `20` | Concurrent HTTP probes |
+| `SURFACEMAP_MAX_DNS` | `50` | Concurrent DNS lookups |
+| `SURFACEMAP_NMAP_ARGS` | `-sV -T4 --top-ports 100` | nmap arguments |
+
+## Output Formats
+
+- **Terminal Tree** — Rich tree display with color-coded statuses
+- **JSON** — Full scan data with metadata
+- **CSV** — Flat export for spreadsheet analysis
+- **HTML Mindmap** — Interactive D3.js force-directed graph with dark theme, zoom, drag, and tooltips
+- **Mermaid** — Mermaid.js mindmap diagram for embedding in docs
+
+## Architecture
+
+```
+surfacemap/
+  core/
+    config.py      — Environment-based configuration
+    models.py      — Asset, ScanResult, enums
+    llm.py         — LLM integration (Gemini/Claude)
+  discovery/
+    base.py        — DiscoveryModule ABC
+    dns.py         — DNS, subdomain, takeover, cloud modules
+    http.py        — HTTP probe, port scan modules
+    engine.py      — 6-phase orchestration engine
+  cli/
+    main.py        — Typer CLI application
+  output/
+    mindmap.py     — D3.js HTML and Mermaid export
+  api/
+    server.py      — FastAPI REST API
+  notifications/
+    slack.py       — Slack Block Kit notifications
+  storage/
+    db.py          — SQLite persistence with aiosqlite
+```
+
+## License
+
+MIT License. Copyright (c) 2026 Yash Korat.
+
+---
+
+Built by [BreachLine Labs](https://breachline.io)

surfacemap-2.0.0/README.md

@@ -0,0 +1,214 @@
+# SurfaceMap
+
+**LLM-driven attack surface discovery. Find every external asset from just a company name.**
+
+SurfaceMap combines passive OSINT techniques, DNS enumeration, HTTP probing, port scanning, cloud bucket enumeration, and LLM intelligence to build a complete map of an organization's attack surface.
+
+---
+
+## Quick Start
+
+```bash
+# Install
+pip install -e ".[all]"
+
+# Set your LLM API key
+export GEMINI_API_KEY="your-key-here"
+
+# Discover everything about a company
+surfacemap discover "Acme Corp" --domain acme.com --tree --json
+
+# Or just scan a domain
+surfacemap discover example.com --mindmap
+```
+
+## Installation
+
+```bash
+# Core (CLI + discovery)
+pip install -e .
+
+# With API server
+pip install -e ".[api]"
+
+# With LLM intelligence
+pip install -e ".[llm]"
+
+# With Slack notifications
+pip install -e ".[notifications]"
+
+# Everything
+pip install -e ".[all]"
+```
+
+### External Tools (Optional)
+
+SurfaceMap works without these, but they enhance discovery:
+
+| Tool | Purpose | Install |
+|------|---------|---------|
+| `dig` | DNS record enumeration | Included with most OS |
+| `nmap` | Port scanning | `brew install nmap` / `apt install nmap` |
+| `subfinder` | Passive subdomain enum | `go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest` |
+
+## CLI Usage
+
+```bash
+# Full discovery with tree output
+surfacemap discover "Google" --domain google.com --tree
+
+# Export to JSON and CSV
+surfacemap discover example.com --json --csv --output ./results
+
+# Generate interactive HTML mindmap
+surfacemap discover "Acme Corp" -d acme.com --mindmap
+
+# Check version
+surfacemap version
+```
+
+### Options
+
+| Flag | Short | Description |
+|------|-------|-------------|
+| `--domain` | `-d` | Primary domain (if target is a company name) |
+| `--output` | `-o` | Output directory for results |
+| `--tree` | `-t` | Display results as a rich tree in terminal |
+| `--mindmap` | `-m` | Generate interactive D3.js HTML mindmap |
+| `--json` | `-j` | Export results to JSON |
+| `--csv` | | Export results to CSV |
+
+## API Server
+
+```bash
+# Start the API server
+uvicorn surfacemap.api.server:app --host 0.0.0.0 --port 8000
+
+# Start a scan
+curl -X POST "http://localhost:8000/discover?target=example.com"
+
+# Get scan results
+curl "http://localhost:8000/scans/{scan_id}"
+
+# Health check
+curl "http://localhost:8000/health"
+```
+
+### API Endpoints
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `POST` | `/discover` | Start a new discovery scan |
+| `GET` | `/scans/{id}` | Get scan results by ID |
+| `GET` | `/scans` | List recent scans |
+| `GET` | `/health` | Health check |
+
+## Discovery Modules
+
+SurfaceMap runs discovery in 6 phases:
+
+| # | Phase | Module | Description |
+|---|-------|--------|-------------|
+| 1 | Company Intel | LLM Brain | Discover domains, subsidiaries, and related entities via LLM |
+| 1 | Company Intel | Subsidiary Discovery | Identify acquisitions, brands, and child companies |
+| 2 | DNS | DNS Records | Enumerate A, AAAA, MX, NS, TXT, CNAME, SOA records |
+| 2 | DNS | Subdomain - subfinder | Passive subdomain enumeration via subfinder |
+| 2 | DNS | Subdomain - crt.sh | Certificate transparency log mining |
+| 2 | DNS | Subdomain - Brute Force | DNS brute force with 100+ common prefixes |
+| 2 | DNS | Subdomain - LLM | AI-suggested subdomain candidates |
+| 3 | HTTP | HTTP Probe | Probe all hosts for HTTP/HTTPS services |
+| 3 | HTTP | Technology Detection | Identify web servers, frameworks, CMS from headers |
+| 3 | HTTP | Security Headers | Check for missing HSTS, CSP, X-Frame-Options, etc. |
+| 3 | HTTP | CDN Detection | Identify Cloudflare, CloudFront, Fastly, Akamai, etc. |
+| 3 | HTTP | WAF Detection | Detect web application firewalls |
+| 4 | Ports | Port Scan | nmap service version detection on discovered IPs |
+| 5 | Cloud | S3 Bucket Enum | Check for public/existing AWS S3 buckets |
+| 5 | Cloud | Azure Blob Enum | Check for Azure Blob Storage containers |
+| 5 | Cloud | GCS Bucket Enum | Check for Google Cloud Storage buckets |
+| 5 | Takeover | Subdomain Takeover | Detect dangling CNAMEs across 17 providers |
+| 6 | Dorks | Google Dorks | LLM-generated targeted search queries |
+
+### Asset Types
+
+| Type | Description |
+|------|-------------|
+| `domain` | Root domains |
+| `subdomain` | Discovered subdomains |
+| `ip` | IP addresses |
+| `port` | Open ports |
+| `service` | Running services with version info |
+| `cloud_bucket` | S3, Azure Blob, GCS buckets |
+| `email_server` | MX record mail servers |
+| `nameserver` | NS record nameservers |
+| `cdn` | Content delivery networks |
+| `waf` | Web application firewalls |
+| `certificate` | TLS/SSL certificates |
+| `github_repo` | GitHub repositories |
+| `social_media` | Social media profiles |
+| `url` | Discovered URLs |
+| `technology` | Detected technologies |
+| `subsidiary` | Subsidiaries and acquisitions |
+
+## Configuration
+
+All settings are configured via environment variables:
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `GEMINI_API_KEY` | | Google Gemini API key |
+| `ANTHROPIC_API_KEY` | | Anthropic Claude API key |
+| `SURFACEMAP_LLM_PROVIDER` | `gemini` | LLM provider (`gemini` or `anthropic`) |
+| `SURFACEMAP_LLM_MODEL` | `gemini-2.5-flash` | LLM model name |
+| `SURFACEMAP_HTTP_TIMEOUT` | `15` | HTTP probe timeout (seconds) |
+| `SURFACEMAP_DNS_TIMEOUT` | `10` | DNS lookup timeout (seconds) |
+| `SURFACEMAP_SCAN_TIMEOUT` | `300` | nmap scan timeout (seconds) |
+| `SURFACEMAP_OUTPUT_DIR` | `./output` | Default output directory |
+| `SURFACEMAP_DB_PATH` | `./surfacemap.db` | SQLite database path |
+| `SURFACEMAP_SLACK_WEBHOOK` | | Slack webhook URL for notifications |
+| `SURFACEMAP_SLACK_TOKEN` | | Slack Bot Token for notifications |
+| `SURFACEMAP_SLACK_CHANNEL` | `#security` | Slack channel for notifications |
+| `SURFACEMAP_MAX_SUBDOMAINS` | `500` | Maximum subdomains to enumerate |
+| `SURFACEMAP_MAX_PROBES` | `20` | Concurrent HTTP probes |
+| `SURFACEMAP_MAX_DNS` | `50` | Concurrent DNS lookups |
+| `SURFACEMAP_NMAP_ARGS` | `-sV -T4 --top-ports 100` | nmap arguments |
+
+## Output Formats
+
+- **Terminal Tree** — Rich tree display with color-coded statuses
+- **JSON** — Full scan data with metadata
+- **CSV** — Flat export for spreadsheet analysis
+- **HTML Mindmap** — Interactive D3.js force-directed graph with dark theme, zoom, drag, and tooltips
+- **Mermaid** — Mermaid.js mindmap diagram for embedding in docs
+
+## Architecture
+
+```
+surfacemap/
+  core/
+    config.py      — Environment-based configuration
+    models.py      — Asset, ScanResult, enums
+    llm.py         — LLM integration (Gemini/Claude)
+  discovery/
+    base.py        — DiscoveryModule ABC
+    dns.py         — DNS, subdomain, takeover, cloud modules
+    http.py        — HTTP probe, port scan modules
+    engine.py      — 6-phase orchestration engine
+  cli/
+    main.py        — Typer CLI application
+  output/
+    mindmap.py     — D3.js HTML and Mermaid export
+  api/
+    server.py      — FastAPI REST API
+  notifications/
+    slack.py       — Slack Block Kit notifications
+  storage/
+    db.py          — SQLite persistence with aiosqlite
+```
+
+## License
+
+MIT License. Copyright (c) 2026 Yash Korat.
+
+---
+
+Built by [BreachLine Labs](https://breachline.io)

surfacemap-2.0.0/pyproject.toml

@@ -0,0 +1,53 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "surfacemap"
+version = "2.0.0"
+description = "LLM-driven attack surface discovery — find every asset from just a company name"
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.11"
+authors = [
+    { name = "Yash Korat" },
+]
+keywords = ["security", "recon", "attack-surface", "osint", "discovery"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Information Technology",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+]
+
+dependencies = [
+    "typer[all]>=0.9.0",
+    "httpx>=0.27.0",
+    "rich>=13.7.0",
+    "aiosqlite>=0.20.0",
+]
+
+[project.optional-dependencies]
+api = [
+    "fastapi>=0.115.0",
+    "uvicorn>=0.30.0",
+]
+llm = [
+    "google-genai>=1.0.0",
+    "anthropic>=0.40.0",
+]
+notifications = [
+    "slack-sdk>=3.30.0",
+]
+all = [
+    "surfacemap[api,llm,notifications]",
+]
+
+[project.scripts]
+surfacemap = "surfacemap.cli.main:app"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/surfacemap"]

surfacemap-2.0.0/src/surfacemap/__init__.py

@@ -0,0 +1,10 @@
+"""SurfaceMap — LLM-driven attack surface discovery.
+
+Discover every external asset of a company from just its name.
+Combines passive OSINT, DNS enumeration, HTTP probing, port scanning,
+cloud storage enumeration, and LLM intelligence to build a complete
+attack surface map.
+"""
+
+__version__ = "2.0.0"
+__author__ = "Yash Korat"