AI Attack Surface Mapper — Enterprise CLI for discovering and securing AI infrastructure
Project description
AASM — AI Attack Surface Mapper
Enterprise CLI for discovering, fingerprinting, and securing AI infrastructure.
AASM is a professional Linux CLI cybersecurity platform built for penetration testers, AI security engineers, blue teams, and red teams. It discovers and assesses AI ecosystems including Local LLMs, MCP Servers, AI Agents, AI Gateways, and AI APIs.
Designed in the philosophy of Nmap, BloodHound, and Trivy — but specialized for AI infrastructure.
Quick Start
# Install from PyPI
pip install aasm
# Or install from source
git clone https://github.com/hashematiyat/AASM.git
cd AASM
pip install -e .
# Run a scan
aasm scan 192.168.1.0/24
# Discover AI services on localhost
aasm discover localhost
# Audit a specific service
aasm audit http://localhost:11434
# Discover MCP servers
aasm mcp 192.168.1.0/24
Features
| Module | Capability |
|---|---|
| Discovery | Scans networks for Ollama, Open WebUI, LM Studio, LiteLLM, vLLM, HuggingFace TGI, Flowise, and more |
| Fingerprinting | Deep service fingerprinting — version, models, endpoints, auth, framework |
| MCP Scanner | JSON-RPC 2.0 MCP server discovery with tool/resource/prompt enumeration |
| MCP Analyzer | Security analysis of MCP permissions, dangerous tools, and trust boundaries |
| Agent Analyzer | Discovers AI agent frameworks and maps capabilities and risk |
| Assessment | Prompt injection, system prompt disclosure, jailbreak, auth bypass testing |
| Attack Surface Mapper | Builds asset inventory and discovers multi-hop attack paths |
| Risk Engine | CVSS-style scoring with MITRE ATT&CK and OWASP LLM Top 10 mapping |
| Reporting | HTML, JSON, and SARIF report generation |
| Visualization | Graphviz DOT and Mermaid attack surface diagrams |
CLI Commands
aasm scan 192.168.1.0/24 # Full AI infrastructure scan
aasm discover 10.0.0.0/24 # Quick service discovery
aasm fingerprint http://localhost:11434 # Deep fingerprint one service
aasm audit http://localhost:3000 # Security audit a service
aasm mcp 192.168.1.0/24 # Discover & audit MCP servers
aasm agents 10.0.0.0/24 # Discover AI agents
aasm assess http://localhost:11434 # Offensive security assessment
aasm graph scan_result.json # Generate infrastructure graph
aasm report scan_result.json # Generate HTML/SARIF reports
aasm risk scan_result.json # Risk scoring & executive summary
aasm platforms # List supported AI platforms
aasm version # Show version
Global Options
--config / -c Config file path (default: aasm.yaml or ~/.config/aasm/config.yaml)
--verbose / -v Verbose output
--debug Debug mode
Scan Options
aasm scan 192.168.1.0/24 \
--ports 11434,3000,8080 \
--profile aggressive \
--formats json,html,sarif \
--output ./reports \
--no-fingerprint \
--no-mcp \
--no-risk
Supported AI Platforms
| Platform | Type | Default Ports |
|---|---|---|
| Ollama | Local LLM | 11434, 11435 |
| Open WebUI | AI Web UI | 3000, 8080 |
| LM Studio | Local LLM | 1234, 1235 |
| LiteLLM | AI Gateway | 4000, 8000 |
| vLLM | Local LLM | 8000, 8080 |
| HuggingFace TGI | Local LLM | 8080, 3000 |
| Flowise | AI Agent | 3000, 3001 |
| OpenAI-Compatible APIs | AI API | 8000, 5000, … |
The plugin system allows adding new platforms without modifying core code.
Docker
# Build
docker build -t aasm .
# Scan a network
docker run --rm -it --network host aasm scan 192.168.1.0/24
# Save reports to host
docker run --rm -it \
--network host \
-v $(pwd)/reports:/home/aasm/aasm_reports \
aasm scan 192.168.1.0/24 -o /home/aasm/aasm_reports
Configuration
# Generate a default config
aasm config --init
# Show effective config
aasm config --show
aasm.yaml:
version: "1"
discovery:
timeout: 5.0
concurrency: 50
verify_ssl: false
ports: [11434, 3000, 1234, 4000, 8080, 8000]
assessment:
prompt_injection: true
prompt_leakage: true
jailbreak: false
max_payloads: 20
reporting:
output_dir: ./aasm_reports
formats: [json, html]
profiles:
quick:
name: quick
ports: [11434, 3000, 1234, 4000]
timeout: 3.0
concurrency: 100
Use profiles: aasm scan 192.168.1.0/24 --profile aggressive
Plugin System
Add new platform detectors or assessment modules without touching core code:
# my_plugin.py
from aasm.plugins.base import DetectorPlugin
from aasm.core.models import AIService, AIServiceType
class MyCustomDetector(DetectorPlugin):
name = "my-platform"
version = "1.0.0"
description = "Detects MyCustom AI platform"
platform_name = "MyCustom"
default_ports = [9999]
async def detect(self, host: str, port: int) -> AIService | None:
# Your detection logic here
...
Load plugins:
aasm plugins --load ./my_plugins/
Report Formats
| Format | Description |
|---|---|
| JSON | Machine-readable full scan result (suitable for SIEM ingestion) |
| HTML | Professional dark-themed HTML report with risk matrix |
| SARIF | Static Analysis Results Interchange Format (GitHub, Azure DevOps) |
Security Assessments
⚠ Only assess systems you own or have explicit written permission to test.
# Standard assessment (prompt injection + auth bypass)
aasm assess http://localhost:11434
# Full offensive assessment (includes jailbreak testing)
aasm assess http://localhost:11434 --jailbreak
# Targeted test
aasm assess http://localhost:11434 --no-prompt-injection --auth-bypass
OWASP LLM Top 10 2025 coverage:
- LLM01 — Prompt Injection
- LLM02 — Sensitive Information Disclosure
- LLM06 — Excessive Agency
- LLM07 — System Prompt Leakage
- LLM08 — Weak Guardrails
Development
# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest tests/ -v --cov=aasm
# Lint
ruff check aasm/
# Type check
mypy aasm/
Architecture
aasm/
├── aasm/
│ ├── cli/ # Typer CLI commands
│ │ ├── main.py # App entry point
│ │ ├── output.py # Rich terminal output
│ │ └── commands/ # One file per subcommand
│ ├── core/ # Shared domain
│ │ ├── config.py # YAML config & profiles
│ │ ├── logger.py # Enterprise logging
│ │ └── models.py # Pydantic domain models
│ ├── modules/ # Feature modules (9 modules)
│ │ ├── discovery/ # Module 1 — AI Discovery Engine
│ │ │ └── platforms/ # Per-platform detectors (plugin-able)
│ │ ├── fingerprint/ # Module 2 — Fingerprinting Engine
│ │ ├── mcp/ # Module 3 — MCP Scanner & Analyzer
│ │ ├── agents/ # Module 4 — AI Agent Analyzer
│ │ ├── assessment/ # Module 5 — Security Assessment Engine
│ │ ├── mapper/ # Module 6 — Attack Surface Mapper
│ │ ├── risk/ # Module 7 — Risk Engine
│ │ ├── reporting/ # Module 8 — Reporting Engine
│ │ └── visualization/ # Module 9 — Visualization Engine
│ └── plugins/ # Plugin framework
├── tests/ # pytest test suite
├── config/ # Default YAML configs
├── Dockerfile
├── pyproject.toml
└── README.md
MITRE ATT&CK & OWASP Mapping
AASM maps all findings to:
- MITRE ATT&CK (T-codes for traditional TTPs)
- MITRE ATLAS (AML-codes for AI/ML specific threats)
- OWASP LLM Top 10 2025 for AI-specific vulnerability categories
Roadmap
- PDF report generation
- Neo4j graph export for BloodHound-style visualization
- MITRE ATLAS full mapping
- Kubernetes AI workload discovery
- Real-time streaming scan output
- CI/CD pipeline integration mode
- Langchain/LangGraph agent detection
- OpenTelemetry tracing
- Web dashboard (optional companion)
License
MIT — See LICENSE
AASM is intended for authorized security testing only. Always obtain written permission before scanning networks or systems you do not own.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aasm_cli-0.1.0.tar.gz.
File metadata
- Download URL: aasm_cli-0.1.0.tar.gz
- Upload date:
- Size: 110.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a0a3f4f2a3658d9ea944dd46903a47c26552b9e0f39eaf11ab89d256a127e986
|
|
| MD5 |
c0d6e7ce1d7677d741500f0811230ccf
|
|
| BLAKE2b-256 |
ea9dc4a27b73997c764b27a09cd1d2c64cee50c2d81571e5d2f30c17d8051273
|
File details
Details for the file aasm_cli-0.1.0-py3-none-any.whl.
File metadata
- Download URL: aasm_cli-0.1.0-py3-none-any.whl
- Upload date:
- Size: 123.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3fe44cc9757a6b9025fd91df9bb906f7ac127fa02e942123e9e181df506ab5c7
|
|
| MD5 |
7f4e746a1dcb483c26db9064de43cf7e
|
|
| BLAKE2b-256 |
c78926c379abaab6d272aff03827b1e78c1b7a86ff45f5863f1407616a90970a
|