Attack Surface Mapping & Passive Reconnaissance Toolkit

Executive Summary

Attack Surface Mapping & Passive Reconnaissance Toolkit • Domain: sagarbiswas-multihat.github.io • Date: March 20, 2026 at 05:52 UTC • Version: 1.0.0

24

/ 100

LOW EXPOSURE

SSL Issues: 0/20
Missing Headers: 14/20
DNS Issues: 5/15
Admin Exposure: 0/15

Scope & Methodology

Assessment method: passive, non-destructive reconnaissance only. No brute force, payload injection, or exploitation techniques were used.

DNS, certificate transparency, archive intelligence, and metadata inspection
Homepage-depth surface extraction and header posture review
Historical URL triage and weighted exposure scoring

Subdomains

Name	Status	IP	CDN

DNS Analysis

Records

Type	Values
A	185.199.110.153, 185.199.108.153, 185.199.111.153, 185.199.109.153
AAAA	2606:50c0:8002::153, 2606:50c0:8001::153, 2606:50c0:8000::153, 2606:50c0:8003::153
MX
NS
TXT
CNAME

Flags

MEDIUM SPF record missing or malformed.
MEDIUM DMARC record missing or invalid.
LOW No DKIM hints discovered in queried TXT records.

SSL/TLS

Issuer: CN=R12,O=Let's Encrypt,C=US

Expiry: 2026-05-07T21:41:52+00:00 (48 days)

TLS Version: TLSv1.3

Wildcard: Yes

Risk Flags

Technology Stack

GitHub.com Django Fastly

Security Headers

Header	Value
access-control-allow-origin	*
strict-transport-security	max-age=31556952

Findings

HIGH Content-Security-Policy header is missing
MEDIUM X-Frame-Options header is missing
HIGH CORS policy allows wildcard origin (*)
LOW x-content-type-options header is missing
LOW referrer-policy header is missing
LOW permissions-policy header is missing
LOW x-xss-protection header is missing

Attack Surface Map

Internal links: 32 | External links: 70

Forms: 0 | Scripts: 2

API-like routes: None detected

Admin paths: None detected

Wayback Findings

Historical URL	Risk

Risk Summary

ID	Category	Risk	Finding	Impact
HDR-001	Security Headers	HIGH	Content-Security-Policy header is missing	8
HDR-004	Security Headers	MEDIUM	X-Frame-Options header is missing	5
HDR-005	Security Headers	HIGH	CORS policy allows wildcard origin (*)	8
HDR-103	Security Headers	LOW	x-content-type-options header is missing	2
HDR-104	Security Headers	LOW	referrer-policy header is missing	2
HDR-105	Security Headers	LOW	permissions-policy header is missing	2
HDR-106	Security Headers	LOW	x-xss-protection header is missing	2
DNS-SPF-001	DNS	MEDIUM	SPF record missing or malformed.	5
DNS-DMARC-001	DNS	MEDIUM	DMARC record missing or invalid.	5
DNS-DKIM-001	DNS	LOW	No DKIM hints discovered in queried TXT records.	2

Recommendations

HDR-001 — Implement a strict CSP policy tailored to required assets.
HDR-004 — Set X-Frame-Options to DENY or SAMEORIGIN.
HDR-005 — Restrict CORS origins to trusted domains.
HDR-103 — Set a secure default for x-content-type-options.
HDR-104 — Set a secure default for referrer-policy.
HDR-105 — Set a secure default for permissions-policy.
HDR-106 — Set a secure default for x-xss-protection.
DNS-SPF-001 — Publish a valid SPF record to reduce spoofing risks.
DNS-DMARC-001 — Configure DMARC with monitoring and enforcement policy.
DNS-DKIM-001 — Ensure DKIM selectors are configured for active mail domains.

Appendix

Raw Subdomains: 0

Raw DNS A Records: 185.199.110.153, 185.199.108.153, 185.199.111.153, 185.199.109.153

Historical Subdomains:

Non-Security Headers

Header	Value
connection	keep-alive
content-length	17260
server	GitHub.com
content-type	text/html; charset=utf-8
last-modified	Fri, 20 Mar 2026 01:17:44 GMT
etag	W/"69bca038-14e3a"
expires	Fri, 20 Mar 2026 04:41:22 GMT
cache-control	max-age=600
content-encoding	gzip
x-proxy-cache	MISS
x-github-request-id	71C6:119B58:35A56B:3AD9FF:69BCCD99
accept-ranges	bytes
date	Fri, 20 Mar 2026 05:52:46 GMT
via	1.1 varnish
age	1
x-served-by	cache-sin-wsss1830049-SIN
x-cache	HIT
x-cache-hits	1
x-timer	S1773985966.364171,VS0,VE2
vary	Accept-Encoding
x-fastly-request-id	6a8aae96dbf653c6fec1368a213a08770e21dcf7