VeigarEli
Login
Portfolio/AASM Security
Automated Attack Surface Mapping

AASM

Automated attack surface mapping for institutions and companies. Scans are triggered from a web UI, queued in Redis by a FastAPI service, executed by Celery workers, written to Postgres, and explored instantly in the UI. Built for scale, automation, and clear dashboards.

Final Report (PDF)Back to Projects

API

FastAPI

Queue

Redis + Celery

Database

Supabase

AASM home dashboard

Tech Stack

Technologies Used

PythonPython
FastAPIFastAPI
RedisRedis
PostgreSQLPostgreSQL
DockerDocker
LinuxLinux
GitGit
BashBash
PythonPython
FastAPIFastAPI
RedisRedis
PostgreSQLPostgreSQL
DockerDocker
LinuxLinux
GitGit
BashBash

Core Capabilities

Comprehensive Security Scanning

Automated Discovery

Discover subdomains, endpoints, metadata, screenshots, ports using Masscan/Nmap, and vulnerabilities with Nuclei scanning.

Async Task Queue

Redis and Celery pipeline handles discovery tasks asynchronously for scalable, distributed scanning operations.

Real-Time Dashboard

Explore scan results instantly through a clean web UI with comprehensive dashboards and detailed reporting.

Visual Preview

Screenshots

AASM scan results

Deep Dive

Project Case Study

Want to learn more about the technical details and challenges?

The Challenge

Organizations struggle to maintain visibility into their external attack surface. As companies grow, new services get deployed, subdomains are created, and infrastructure changes - often without centralized tracking. Manual discovery is time-consuming and quickly becomes outdated. I needed to build a system that could scale efficiently, process long-running tasks, integrate multiple security tools, provide real-time visibility, and store historical data.

The Solution

I designed AASM as a distributed system with three main layers: FastAPI REST API for handling requests and task orchestration, Redis + Celery task queue for asynchronous scan processing with horizontal scaling, and PostgreSQL for storing scan results with JSONB columns for flexible data storage. When a user initiates a scan, FastAPI validates the target, queues a Celery task in Redis, workers execute security tools, and results stream back to PostgreSQL in real-time.

Technical Deep Dive

AASM integrates multiple industry-standard security tools including Subfinder for subdomain discovery, Httpx for HTTP probing, Nuclei for vulnerability scanning with 4000+ templates, Masscan for high-speed port scanning, Nmap for service detection, and Gowitness for screenshot capture. Scans run in parallel using Celery groups to maximize performance. The entire system runs in Docker containers ensuring consistent environments and easy deployment.

Results & Impact

2000+

Subdomains discovered

150+

Vulnerabilities found

<10 min

Average scan time

70%

Time reduction

The project received excellent marks during thesis defense and demonstrated practical application of distributed systems concepts in security automation.