V.

AASM

Automated Attack Surface Mapping

Automated attack surface mapping for institutions and companies. Scans are triggered from a web UI, queued in Redis by a FastAPI service, executed by Celery workers, written to Postgres, and explored instantly in the UI. Built for scale, automation, and clear dashboards.

Final Report (PDF)

API

FastAPI

Queue

Redis + Celery

Database

Supabase

Scanning

Nuclei

Network

Masscan/Nmap

Infra

Docker Compose

Screenshots

AASM home dashboard
AASM scan results

System Architecture

Web UI
FastAPI
Redis Queue
Celery Workers
PostgreSQL
Dashboard

Tech Stack

UI
Standalone web interface to start scans and browse results.
API
FastAPI REST (companies, domains, IPs, endpoints, vulnerabilities, scans).
Workers
Redis + Celery pipeline handles discovery tasks asynchronously.
Data
Supabase Postgres; screenshots in Supabase Storage with DB paths.
Discovery
Subdomains, endpoints, metadata, screenshots, ports (Masscan/Nmap), vulnerabilities (Nuclei).
Ops
Docker-compose microservices; cloud-ready and horizontally scalable.