Skip to main content

AI Attack Surface Mapper — Enterprise CLI for discovering and securing AI infrastructure

Project description

AASM — AI Attack Surface Mapper

CI Python 3.12+ License: MIT

Enterprise CLI for discovering, fingerprinting, and securing AI infrastructure.

AASM is a professional Linux CLI cybersecurity platform built for penetration testers, AI security engineers, blue teams, and red teams. It discovers and assesses AI ecosystems including Local LLMs, MCP Servers, AI Agents, AI Gateways, and AI APIs.

Designed in the philosophy of Nmap, BloodHound, and Trivy — but specialized for AI infrastructure.


Quick Start

# Install from PyPI
pip install aasm

# Or install from source
git clone https://github.com/hashematiyat/AASM.git
cd AASM
pip install -e .

# Run a scan
aasm scan 192.168.1.0/24

# Discover AI services on localhost
aasm discover localhost

# Audit a specific service
aasm audit http://localhost:11434

# Discover MCP servers
aasm mcp 192.168.1.0/24

Features

Module Capability
Discovery Scans networks for Ollama, Open WebUI, LM Studio, LiteLLM, vLLM, HuggingFace TGI, Flowise, and more
Fingerprinting Deep service fingerprinting — version, models, endpoints, auth, framework
MCP Scanner JSON-RPC 2.0 MCP server discovery with tool/resource/prompt enumeration
MCP Analyzer Security analysis of MCP permissions, dangerous tools, and trust boundaries
Agent Analyzer Discovers AI agent frameworks and maps capabilities and risk
Assessment Prompt injection, system prompt disclosure, jailbreak, auth bypass testing
Attack Surface Mapper Builds asset inventory and discovers multi-hop attack paths
Risk Engine CVSS-style scoring with MITRE ATT&CK and OWASP LLM Top 10 mapping
Reporting HTML, JSON, and SARIF report generation
Visualization Graphviz DOT and Mermaid attack surface diagrams

CLI Commands

aasm scan 192.168.1.0/24                  # Full AI infrastructure scan
aasm discover 10.0.0.0/24                 # Quick service discovery
aasm fingerprint http://localhost:11434    # Deep fingerprint one service
aasm audit http://localhost:3000          # Security audit a service
aasm mcp 192.168.1.0/24                  # Discover & audit MCP servers
aasm agents 10.0.0.0/24                  # Discover AI agents
aasm assess http://localhost:11434        # Offensive security assessment
aasm graph scan_result.json              # Generate infrastructure graph
aasm report scan_result.json             # Generate HTML/SARIF reports
aasm risk scan_result.json               # Risk scoring & executive summary
aasm platforms                            # List supported AI platforms
aasm version                              # Show version

Global Options

--config / -c      Config file path (default: aasm.yaml or ~/.config/aasm/config.yaml)
--verbose / -v     Verbose output
--debug            Debug mode

Scan Options

aasm scan 192.168.1.0/24 \
  --ports 11434,3000,8080 \
  --profile aggressive \
  --formats json,html,sarif \
  --output ./reports \
  --no-fingerprint \
  --no-mcp \
  --no-risk

Supported AI Platforms

Platform Type Default Ports
Ollama Local LLM 11434, 11435
Open WebUI AI Web UI 3000, 8080
LM Studio Local LLM 1234, 1235
LiteLLM AI Gateway 4000, 8000
vLLM Local LLM 8000, 8080
HuggingFace TGI Local LLM 8080, 3000
Flowise AI Agent 3000, 3001
OpenAI-Compatible APIs AI API 8000, 5000, …

The plugin system allows adding new platforms without modifying core code.


Docker

# Build
docker build -t aasm .

# Scan a network
docker run --rm -it --network host aasm scan 192.168.1.0/24

# Save reports to host
docker run --rm -it \
  --network host \
  -v $(pwd)/reports:/home/aasm/aasm_reports \
  aasm scan 192.168.1.0/24 -o /home/aasm/aasm_reports

Configuration

# Generate a default config
aasm config --init

# Show effective config
aasm config --show

aasm.yaml:

version: "1"

discovery:
  timeout: 5.0
  concurrency: 50
  verify_ssl: false
  ports: [11434, 3000, 1234, 4000, 8080, 8000]

assessment:
  prompt_injection: true
  prompt_leakage: true
  jailbreak: false
  max_payloads: 20

reporting:
  output_dir: ./aasm_reports
  formats: [json, html]

profiles:
  quick:
    name: quick
    ports: [11434, 3000, 1234, 4000]
    timeout: 3.0
    concurrency: 100

Use profiles: aasm scan 192.168.1.0/24 --profile aggressive


Plugin System

Add new platform detectors or assessment modules without touching core code:

# my_plugin.py
from aasm.plugins.base import DetectorPlugin
from aasm.core.models import AIService, AIServiceType

class MyCustomDetector(DetectorPlugin):
    name = "my-platform"
    version = "1.0.0"
    description = "Detects MyCustom AI platform"
    platform_name = "MyCustom"
    default_ports = [9999]

    async def detect(self, host: str, port: int) -> AIService | None:
        # Your detection logic here
        ...

Load plugins:

aasm plugins --load ./my_plugins/

Report Formats

Format Description
JSON Machine-readable full scan result (suitable for SIEM ingestion)
HTML Professional dark-themed HTML report with risk matrix
SARIF Static Analysis Results Interchange Format (GitHub, Azure DevOps)

Security Assessments

⚠ Only assess systems you own or have explicit written permission to test.

# Standard assessment (prompt injection + auth bypass)
aasm assess http://localhost:11434

# Full offensive assessment (includes jailbreak testing)
aasm assess http://localhost:11434 --jailbreak

# Targeted test
aasm assess http://localhost:11434 --no-prompt-injection --auth-bypass

OWASP LLM Top 10 2025 coverage:

  • LLM01 — Prompt Injection
  • LLM02 — Sensitive Information Disclosure
  • LLM06 — Excessive Agency
  • LLM07 — System Prompt Leakage
  • LLM08 — Weak Guardrails

Development

# Install dev dependencies
pip install -e ".[dev]"

# Run tests
pytest tests/ -v --cov=aasm

# Lint
ruff check aasm/

# Type check
mypy aasm/

Architecture

aasm/
├── aasm/
│   ├── cli/                    # Typer CLI commands
│   │   ├── main.py             # App entry point
│   │   ├── output.py           # Rich terminal output
│   │   └── commands/           # One file per subcommand
│   ├── core/                   # Shared domain
│   │   ├── config.py           # YAML config & profiles
│   │   ├── logger.py           # Enterprise logging
│   │   └── models.py           # Pydantic domain models
│   ├── modules/                # Feature modules (9 modules)
│   │   ├── discovery/          # Module 1 — AI Discovery Engine
│   │   │   └── platforms/      # Per-platform detectors (plugin-able)
│   │   ├── fingerprint/        # Module 2 — Fingerprinting Engine
│   │   ├── mcp/                # Module 3 — MCP Scanner & Analyzer
│   │   ├── agents/             # Module 4 — AI Agent Analyzer
│   │   ├── assessment/         # Module 5 — Security Assessment Engine
│   │   ├── mapper/             # Module 6 — Attack Surface Mapper
│   │   ├── risk/               # Module 7 — Risk Engine
│   │   ├── reporting/          # Module 8 — Reporting Engine
│   │   └── visualization/      # Module 9 — Visualization Engine
│   └── plugins/                # Plugin framework
├── tests/                      # pytest test suite
├── config/                     # Default YAML configs
├── Dockerfile
├── pyproject.toml
└── README.md

MITRE ATT&CK & OWASP Mapping

AASM maps all findings to:

  • MITRE ATT&CK (T-codes for traditional TTPs)
  • MITRE ATLAS (AML-codes for AI/ML specific threats)
  • OWASP LLM Top 10 2025 for AI-specific vulnerability categories

Roadmap

  • PDF report generation
  • Neo4j graph export for BloodHound-style visualization
  • MITRE ATLAS full mapping
  • Kubernetes AI workload discovery
  • Real-time streaming scan output
  • CI/CD pipeline integration mode
  • Langchain/LangGraph agent detection
  • OpenTelemetry tracing
  • Web dashboard (optional companion)

License

MIT — See LICENSE


AASM is intended for authorized security testing only. Always obtain written permission before scanning networks or systems you do not own.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aasm_cli-0.1.0.tar.gz (110.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

aasm_cli-0.1.0-py3-none-any.whl (123.8 kB view details)

Uploaded Python 3

File details

Details for the file aasm_cli-0.1.0.tar.gz.

File metadata

  • Download URL: aasm_cli-0.1.0.tar.gz
  • Upload date:
  • Size: 110.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.9

File hashes

Hashes for aasm_cli-0.1.0.tar.gz
Algorithm Hash digest
SHA256 a0a3f4f2a3658d9ea944dd46903a47c26552b9e0f39eaf11ab89d256a127e986
MD5 c0d6e7ce1d7677d741500f0811230ccf
BLAKE2b-256 ea9dc4a27b73997c764b27a09cd1d2c64cee50c2d81571e5d2f30c17d8051273

See more details on using hashes here.

File details

Details for the file aasm_cli-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: aasm_cli-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 123.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.9

File hashes

Hashes for aasm_cli-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 3fe44cc9757a6b9025fd91df9bb906f7ac127fa02e942123e9e181df506ab5c7
MD5 7f4e746a1dcb483c26db9064de43cf7e
BLAKE2b-256 c78926c379abaab6d272aff03827b1e78c1b7a86ff45f5863f1407616a90970a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page