Automated External Attack Surface Mapping - Developing a High-Performance Reconnaissance Engine using Concurrent Systems in Go

dc.contributor.authorAllahbakhsh, Arvin
dc.contributor.departmentChalmers tekniska högskola / Institutionen för data och informationstekniksv
dc.contributor.departmentChalmers University of Technology / Department of Computer Science and Engineeringen
dc.date.accessioned2026-06-30T11:39:00Z
dc.date.issued2026
dc.date.submitted
dc.description.abstractOrganisations that deploy software rapidly often lose track of what they have exposed to the internet. Forgotten staging servers, misconfigured cloud storage buckets, and outdated services running on undocumented ports accumulate faster than security teams can audit them manually. Attack Surface Management (ASM) addresses this by continuously discovering and monitoring an organisation’s externally reachable assets from the perspective of an attacker rather than an administrator. This project designs and implements a high-performance ASM-engine in Go. The engine operates as a three-phase pipeline. Phase 1, passive Open Source Intelligence (OSINT) discovery retrieves subdomains and IP addresses from public sources with out sending any probes to the target. Phase 2, active TCP scanning connects to each discovered asset, extracts service banners, matches versions against an embedded CVE database to surface known weaknesses, and computes a differential analysis against the previous scan. Phase 3, cloud storage probing checks for associated storage buckets across AWS, Azure, and Google Cloud Platform. Within each phase, operations run concurrently, results are persisted to PostgreSQL, and the differential analysis component reports only what has changed since the last scan rather than repeating the full inventory every time. A web-UI and a command-line interface give operators two ways to interact with the engine. The engine was evaluated against three environments. An isolated Docker Compose sandbox used to verify differential change detection under controlled conditions, a live scan of scanme.nmap.org, and a scan of chalmers.se to demonstrate the engine at organisational scale. All local scans completed in approximately 130 milliseconds. The entire engine is implemented using Go’s standard library and a single external PostgreSQL driver. No API keys or third-party scanning infrastructure are required.
dc.identifier.urihttps://hdl.handle.net/20.500.12380/311682
dc.language.isoeng
dc.setspec.uppsokTechnology
dc.subjectattack surface management, OSINT, Go, concurrent scanning, differen tial analysis, vulnerability mapping, cloud storage probing
dc.titleAutomated External Attack Surface Mapping - Developing a High-Performance Reconnaissance Engine using Concurrent Systems in Go
dc.type.degreeExamensarbete på kandidatnivåsv
dc.type.degreeBachelor Thesisen
dc.type.uppsokM2

Ladda ner

Original bundle

Visar 1 - 1 av 1
Hämtar...
Bild (thumbnail)
Namn:
CSE 26-16 AA.pdf
Size:
1.52 MB
Format:
Adobe Portable Document Format

License bundle

Visar 1 - 1 av 1
Hämtar...
Bild (thumbnail)
Namn:
license.txt
Size:
2.35 KB
Format:
Item-specific license agreed upon to submission
Description: