Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Latest Release - 1.3.5

The attack-surface-detector-cli program is a command-line tool that takes in a folder location and outputs the set of endpoints detected within that codebase. It uses the ASTAM Correlator's threadfix-ham module to generate these endpoints. The endpoints are output to the console by default, and can save a JSON version of those endpoints through the -output-file and -json flags. See the Wiki for more details.

This tool supports the following frameworks, as supported by the threadfix-ham module:

  • ASP.NET MVC / Web API / Core / Web Forms
  • Struts
  • Django
  • Ruby on Rails
  • Spring MVC
  • JSP

Licensed under the MPL License.

This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) via contract number HHSP233201600058C.

You can’t perform that action at this time.