{"id":31762391,"url":"https://github.com/mdabir1203/shadowmap","last_synced_at":"2025-10-09T22:18:45.624Z","repository":{"id":313538528,"uuid":"1051775961","full_name":"mdabir1203/ShadowMap","owner":"mdabir1203","description":"ShadowMap is an open-source, hacker-grade reconnaissance framework that maps, scans, and analyzes subdomains at global scale with precision and speed.","archived":false,"fork":false,"pushed_at":"2025-10-01T16:56:39.000Z","size":409,"stargazers_count":0,"open_issues_count":11,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-01T18:28:56.784Z","etag":null,"topics":["cloudsecurity","hacker","rust","rust-lang","software-development","vulnerability-detection"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mdabir1203.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null},"funding":{"buy_me_a_coffee":"uKnowWho","custom":["medium.com/@md.abir1203","https://uknowwho42.gumroad.com/"]}},"created_at":"2025-09-06T17:40:51.000Z","updated_at":"2025-10-01T16:56:43.000Z","dependencies_parsed_at":"2025-09-06T19:28:30.069Z","dependency_job_id":"0d3d2ea6-091c-4641-bd79-1d8c38d1d812","html_url":"https://github.com/mdabir1203/ShadowMap","commit_stats":null,"previous_names":["mdabir1203/shadowmap.","mdabir1203/shadowmap"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/mdabir1203/ShadowMap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdabir1203%2FShadowMap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdabir1203%2FShadowMap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdabir1203%2FShadowMap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdabir1203%2FShadowMap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mdabir1203","download_url":"https://codeload.github.com/mdabir1203/ShadowMap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdabir1203%2FShadowMap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002105,"owners_count":26083307,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudsecurity","hacker","rust","rust-lang","software-development","vulnerability-detection"],"created_at":"2025-10-09T22:18:27.761Z","updated_at":"2025-10-09T22:18:45.615Z","avatar_url":"https://github.com/mdabir1203.png","language":"Rust","readme":"# ShadowMap\n\n\u003cimg width=\"512\" alt=\"ShadowMap logo\" src=\"https://github.com/user-attachments/assets/95d39e5e-d51c-4eb4-9053-2db1e1042410\" /\u003e\n\nShadowMap is a Rust framework for disciplined subdomain enumeration, vulnerability detection, and attack-surface mapping at scale.\n\n---\n\n## Key Features\n\n- **Comprehensive discovery**: Aggregates subdomains from CRT.sh and complementary sources with IDN normalization and wildcard handling.\n- **Built-in validation**: Resolves DNS, inspects headers and TLS, and flags CORS or takeover risks with heuristic de-duplication.\n- **Performance-first engine**: Async Rust core with configurable concurrency to cover large scopes quickly.\n- **Actionable exports**: Ships clean CSV, JSON, and TXT outputs for reporting or downstream automation.\n- **Extensible recon modules**: Plug-in architecture for port scanning, fingerprinting, and cloud exposure checks.\n- **Rig-style autonomy**: Optional agent orchestrator that sequences every recon module, retries failures, and flags deep cloud assets automatically.\n\n---\n\n## Getting Started\n\n### Prerequisites\n- Rust 1.70 or newer (includes Cargo)\n\n### Build \u0026 Install\n```bash\ngit clone https://github.com/YOUR-ORG/ShadowMap.git\ncd ShadowMap\ncargo build --release\n```\n\n### First Scan\n```bash\n./target/release/shadowmap -d example.com -o results.csv\n```\n\n### Quality Checks\n```bash\ncargo fmt --all\ncargo clippy --workspace --all-targets -- -D warnings\n```\n\n### Supply Chain Security\n\nShadowMap includes a lightweight workflow for generating a Software Bill of Materials (SBOM) and scanning it for known vulnerab\nilities. The steps below follow the [cargo-cyclonedx + Grype quickstart](https://gitlab.com/-/snippets/4892073) from the securi\nty guide referenced in this task.\n\n1. **Install cargo-cyclonedx** (once per machine):\n   ```bash\n   cargo install cargo-cyclonedx\n   ```\n\n2. **Install Grype** (Linux/WSL example):\n   ```bash\n   curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin\n   ```\n   Refer to the [Grype README](https://github.com/anchore/grype) for macOS and Windows alternatives.\n\n3. **Generate the SBOM** in CycloneDX JSON format with all ShadowMap features enabled. Overriding the filename causes `cargo-cyclonedx` to place the SBOM in the current working directory, making it easy to move or archive:\n   ```bash\n   cargo cyclonedx --format json --spec-version 1.5 --all-features --override-filename bom\n   # cargo-cyclonedx writes bom.json into the current working directory; move it if you prefer a different location\n   ```\n\n4. **Scan the SBOM with Grype** (pointing at whichever location you chose above):\n   ```bash\n   grype sbom:./bom.json\n   ```\n\n5. (Optional) Export detailed findings:\n   ```bash\n   grype sbom:./bom.json -o json --file vulnerability-report.json\n   ```\n\nFor repeatability you can run `./scripts/security-scan.sh` which wraps the SBOM generation and Grype scan with sensible defaults.\n\n### Data Security \u0026 Compliance\n\nShadowMap aligns its operational safeguards with SOC 2 Trust Services Criteria and GDPR privacy requirements. The\n[Data Security and Compliance Strategy](docs/data-security.md) describes the control owners, evidence expectations, and\nvalidation activities that keep reconnaissance data secure throughout its lifecycle.\n\n### Application Governance \u0026 Resilience\n\nTeams that need to spot unapproved apps, fragmented data flows, or silent system failures can extend ShadowMap's\ndiscoveries into governance and reliability workflows using the\n[Application Governance Integration guide](docs/app-governance-integration.md). It outlines how to fuse ShadowMap outputs\nwith CMDBs, data lineage tools, and observability platforms to close monitoring gaps.\n\n### Organizational Adoption Playbook\n\nSecurity programs that want to operationalize ShadowMap across large enterprises can follow the\n[Organizational Adoption Playbook](docs/org-adaptation.md). It lays out governance structures, stakeholder roles, and\nbusiness metrics that translate reconnaissance coverage into measurable risk reduction and executive-aligned value.\n\n### Automated security workflow\n\nThe repository ships with a dedicated GitHub Action located at [`.github/workflows/security-scan.yml`](.github/workflows/security-scan.yml). It installs `cargo-cyclonedx` and `grype`, generates `shadowmap-bom.json`, scans it for vulnerabilities, and uploads the SBOM plus a JSON report as build artifacts. The workflow runs automatically for pull requests and pushes to `main`, and can also be started manually from the **Actions** tab via the **Run workflow** button.\n\n### Desktop GUI (optional)\n```bash\ncargo run --features gui --bin shadowmap-gui\n```\nEnter a target domain in the GUI and select **Run Scan**; results are written to the output directory displayed on completion. The interface is implemented entirely in Rust via [`iced`](https://github.com/iced-rs/iced).\n\n---\n\n## Usage\n\nRun a default reconnaissance scan and export CSV output:\n```bash\nshadowmap -d example.com -o results.csv\n```\n\nAdjust concurrency to tune throughput for large scopes:\n```bash\nshadowmap -d example.com -c 50 -o results.json\n```\n\nPipe JSON output for downstream automation:\n```bash\nshadowmap -d target.com --json \u003e report.json\n```\n\nEnable the autonomous Rig-inspired orchestrator with deep cloud discovery:\n```bash\nshadowmap -d target.com --autonomous\n```\nThe agent executes each reconnaissance stage with retry-aware control flow, surfaces SaaS predictors, and produces `cloud_assets.json` alongside traditional reports for deep storage/bucket exposure review.\n\n---\n\n## Output\n\n```csv\nsubdomain,http_status,server_header,open_ports,cors_issues,fingerprints,takeover_risks\napi.example.com,200,nginx,\"80,443\",\"Wildcard CORS allowed\",\"{server: nginx, framework: react}\",\"None\"\ncdn.example.com,0,,,\"\",\"\",Potential AWS S3 takeover\n```\n\n## Roadmap\n\n- Passive and active DNS integrations (SecurityTrails, Shodan, etc.)\n- Advanced port fingerprinting through Nmap integration\n- Plugin system for bespoke reconnaissance modules\n- Cloud asset exposure detection (GCP Buckets, Azure Blobs, etc.)\n- Continuous recon mode for persistent monitoring\n\n## Acknowledgements\n\nShadowMap's SBOM generation and vulnerability scanning workflows rely on the\n[CycloneDX](https://cyclonedx.org/) standard and the [Grype](https://github.com/anchore/grype)\nscanner maintained by Anchore. If you redistribute ShadowMap guidance or reuse the automation\nscripts, please keep those upstream attributions (or submodule references) intact so the\nmaintainers receive credit for their work.\n\n## Disclaimer\nThis tool is for educational and authorized security testing only.\nDo not use ShadowMap against systems you don’t own or have explicit permission to test.\n\n## Contributing\nPull requests are welcome! Please open an issue to discuss improvements, new modules, or bug fixes.\n\n## Project Principles\nShadowMap is built on the idea that defenders need fast, global, reliable, and open tooling to match adversary velocity.\n\n## Contributions \n\n![Alt](https://repobeats.axiom.co/api/embed/09cd32b3e91b58e3094e7592a33604c397c96f40.svg \"Repobeats analytics image\")\n","funding_links":["https://buymeacoffee.com/uKnowWho","medium.com/@md.abir1203","https://uknowwho42.gumroad.com/"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdabir1203%2Fshadowmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmdabir1203%2Fshadowmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdabir1203%2Fshadowmap/lists"}