{"id":38707945,"url":"https://github.com/oasm-platform/open-asm","last_synced_at":"2026-04-01T19:40:13.842Z","repository":{"id":299362132,"uuid":"1002710587","full_name":"oasm-platform/open-asm","owner":"oasm-platform","description":"Open-source platform for cybersecurity Attack Surface Management (OASM).","archived":false,"fork":false,"pushed_at":"2026-03-22T16:08:11.000Z","size":9454,"stargazers_count":83,"open_issues_count":5,"forks_count":13,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-03-22T18:40:12.345Z","etag":null,"topics":["ai-agents","attack-surface-management","cybersecurity","easm","hacking","oasm","open-asm","pentest","pentest-tool","recon","secutiry"],"latest_commit_sha":null,"homepage":"https://oasm.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oasm-platform.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2025-06-16T02:48:34.000Z","updated_at":"2026-03-22T15:58:16.000Z","dependencies_parsed_at":"2026-01-22T07:02:35.719Z","dependency_job_id":"70c29665-6f65-4d75-985d-3c6ef701bcd6","html_url":"https://github.com/oasm-platform/open-asm","commit_stats":null,"previous_names":["oasm-platform/open-asm"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/oasm-platform/open-asm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasm-platform%2Fopen-asm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasm-platform%2Fopen-asm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasm-platform%2Fopen-asm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasm-platform%2Fopen-asm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oasm-platform","download_url":"https://codeload.github.com/oasm-platform/open-asm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oasm-platform%2Fopen-asm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31291175,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","attack-surface-management","cybersecurity","easm","hacking","oasm","open-asm","pentest","pentest-tool","recon","secutiry"],"created_at":"2026-01-17T10:57:53.442Z","updated_at":"2026-04-01T19:40:13.826Z","avatar_url":"https://github.com/oasm-platform.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Open Attack Surface Management (OASM)\n\n[![Latest Release](https://img.shields.io/github/v/release/oasm-platform/open-asm.svg)](https://github.com/oasm-platform/open-asm/releases)\n[![CI](https://github.com/oasm-platform/open-asm/actions/workflows/build-nightly.yml/badge.svg)](https://github.com/oasm-platform/open-asm/actions/workflows/build-nightly.yml)\n[![Docker Build](https://img.shields.io/badge/docker-build-blue.svg)](https://github.com/oasm-platform/open-asm/actions/workflows/build-release.yml)\n[![Docker Hub](https://img.shields.io/badge/docker-oasm-blue.svg)](https://hub.docker.com/u/oasm)\n[![Docker Pulls](https://img.shields.io/docker/pulls/oasm/oasm-api)](https://hub.docker.com/r/oasm/oasm-api)\n[![Security Scanning](https://img.shields.io/badge/security-trivy-green.svg)](https://github.com/oasm-platform/open-asm/actions/workflows/build-unstable.yml)\n\nOpen-source platform for cybersecurity Attack Surface Management. Built to help security teams identify, monitor, and manage external assets and potential security exposures across their digital infrastructure.\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n  \u003ca href=\"#system-architecture\"\u003eSystem Architecture\u003c/a\u003e •\n  \u003ca href=\"#installation\"\u003eInstallation\u003c/a\u003e •\n  \u003ca href=\"https://docs.oasm.dev\" target=\"_blank\"\u003eDocumentation\u003c/a\u003e •\n  \u003ca href=\"#developer-guide\"\u003eDeveloper Guide\u003c/a\u003e •\n  \u003ca href=\"#screenshots\"\u003eScreenshots\u003c/a\u003e\n\u003c/p\u003e\n\n## Features\n\n- **Asset Discovery \u0026 Management**: Discover and manage internet-facing assets (domains, IPs, services) with grouping and multi-workspace support.\n- **Vulnerability Assessment**: Scan for vulnerabilities and misconfigurations with issue tracking, risk analysis, and remediation guidance.\n- **Technology Detection**: Identify technologies and services running on discovered assets.\n- **Distributed Scanning Engine**: High-performance distributed workers that can be easily scaled for parallel scanning tasks.\n- **Tool Integration**: Extensible framework for integrating security scanning tools.\n- **AI Assistant Integration**: MCP server integration for AI assistants to query asset data via natural language.\n- **Workflow Automation**: Automated scanning schedules, alerts, and remediation workflows.\n- **Real-time Monitoring**: Monitor asset changes with instant notifications and a statistics dashboard.\n- **Search \u0026 Analytics**: Search and filter asset data with analytics for risk trends and reporting.\n\n## System Architecture\n\nThe system runs on a distributed architecture consisting of:\n\n* A web-based console for user interaction, asset management, and real-time monitoring.\n* A core API service responsible for business logic, data persistence, and job orchestration.\n* A Redis-based queue and caching layer enabling asynchronous job distribution, rate limiting, and system decoupling.\n* Distributed workers that execute high-performance scanning tasks, designed for horizontal auto-scaling and fault tolerance.\n* A PostgreSQL database for persistent storage of assets, scan results, and system state.\n* An MCP (Model Context Protocol) server that provides structured context to AI systems.\n* Integration with AI/LLM components to enable intelligent querying, analysis, and automation over collected asset data.\n\n```mermaid\ngraph TD\n    %% Actors \u0026 External\n    User[User / Security Team]\n    AI[AI Assistant / LLM]\n    Internet[Internet / Attack Surface]\n\n    %% Core Components\n    subgraph \"OASM Platform\"\n        Console[Web Console]\n        API[Core API Service]\n        DB[(PostgreSQL)]\n        Redis[(Redis)]\n        MCP[MCP Server]\n\n        subgraph \"Execution Plane\"\n            W1[Worker 1]\n            W2[Worker 2]\n            WN[Worker N]\n        end\n    end\n\n    %% Relationships\n    User --\u003e|Manage \u0026 Monitor| Console\n    Console \u003c--\u003e|REST API| API\n\n    API \u003c--\u003e|Persist Data| DB\n    API \u003c--\u003e|Queue / Cache| Redis\n\n    %% Job Flow (2-way)\n    API \u003c--\u003e|Job / Result| W1\n    API \u003c--\u003e|Job / Result| W2\n    API \u003c--\u003e|Job / Result| WN\n\n    %% Scan\n    W1 --\u003e|Scan| Internet\n    W2 --\u003e|Scan| Internet\n    WN --\u003e|Scan| Internet\n\n    %% AI Flow\n    AI \u003c--\u003e|Query Context| MCP\n    MCP \u003c--\u003e|Fetch Asset Data| API\n```\n\n## Screenshots\n\n![Dashboard](docs/images/dashboard.png)\n\n![Assets1](docs/images/assets_1.png)\n\n![Assets2](docs/images/assets_2.png)\n\n![Technologies](docs/images/technologies.png)\n\n![Vulnerabilities1](docs/images/vulnerabilities_1.png)\n\n![Vulnerabilities2](docs/images/vulnerabilities_2.png)\n\n![Tools](docs/images/tools.png)\n\n![Workers](docs/images/workers.png)\n\n![McpConnect](docs/images/mcp.png)\n\n![JobRegistry](docs/images/job_registry.png)\n\n## Installation\n\nTo quickly get started with OASM using Docker:\n\n1. Clone the repository:\n\n   ```bash\n   git clone https://github.com/oasm-platform/oasm-docker.git\n   cd oasm-docker\n   ```\n\n2. Rename the example environment file:\n\n   ```bash\n   cp .env.example .env\n   ```\n\n3. Start the services:\n   ```bash\n   docker compose up -d\n   ```\n\nThis will launch the entire system, including the console, core API, workers, and database. Access the application at the configured URL (http://localhost:6276).\n\n[Docker Repository](https://github.com/oasm-platform/oasm-docker)\n\n## Developer Guide\n\nFor detailed instructions on setting up your development environment, running services, and contributing, please refer to our dedicated [Developer Guide](DEVELOPER_GUIDE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foasm-platform%2Fopen-asm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foasm-platform%2Fopen-asm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foasm-platform%2Fopen-asm/lists"}