Automated External Attack Surface Mapping - Developing a High-Performance Reconnaissance Engine using Concurrent Systems in Go
Hämtar...
Ladda ner
Publicerad
Författare
Typ
Examensarbete på kandidatnivå
Bachelor Thesis
Bachelor Thesis
Program
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Organisations that deploy software rapidly often lose track of what they have exposed to the internet. Forgotten staging servers, misconfigured cloud storage buckets, and outdated services running on undocumented ports accumulate faster than
security teams can audit them manually. Attack Surface Management (ASM) addresses this by continuously discovering and monitoring an organisation’s externally
reachable assets from the perspective of an attacker rather than an administrator.
This project designs and implements a high-performance ASM-engine in Go. The
engine operates as a three-phase pipeline. Phase 1, passive Open Source Intelligence
(OSINT) discovery retrieves subdomains and IP addresses from public sources with
out sending any probes to the target. Phase 2, active TCP scanning connects to
each discovered asset, extracts service banners, matches versions against an embedded CVE database to surface known weaknesses, and computes a differential
analysis against the previous scan. Phase 3, cloud storage probing checks for associated storage buckets across AWS, Azure, and Google Cloud Platform. Within each
phase, operations run concurrently, results are persisted to PostgreSQL, and the
differential analysis component reports only what has changed since the last scan
rather than repeating the full inventory every time. A web-UI and a command-line
interface give operators two ways to interact with the engine.
The engine was evaluated against three environments. An isolated Docker Compose
sandbox used to verify differential change detection under controlled conditions, a
live scan of scanme.nmap.org, and a scan of chalmers.se to demonstrate the engine
at organisational scale. All local scans completed in approximately 130 milliseconds.
The entire engine is implemented using Go’s standard library and a single external
PostgreSQL driver. No API keys or third-party scanning infrastructure are required.
Beskrivning
Ämne/nyckelord
attack surface management, OSINT, Go, concurrent scanning, differen tial analysis, vulnerability mapping, cloud storage probing
