The attack-surface-detector-cli program is a command-line tool that takes in a folder location and outputs the set of endpoints detected within that codebase. It uses the ASTAM Correlator's threadfix-ham module to generate these endpoints. The endpoints are output to the console by default, and can save a JSON version of those endpoints through the -output-file and -json flags. See the Wiki for more details.
This tool supports the following frameworks, as supported by the threadfix-ham module:
- ASP.NET MVC / Web API / Core / Web Forms
- Struts
- Django
- Ruby on Rails
- Spring MVC
- JSP
Licensed under the MPL License.
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) via contract number HHSP233201600058C.