PitchHut logo
Log in / Sign up
CASM - Continuous Attack Surface Monitoring
by
ggunullu
Evidence-first attack surface monitoring with safe, scope-bound verification and change tracking.
Preview url
Visit project
Pitch

CASM helps security teams continuously monitor external attack surface exposure. It discovers assets, verifies HTTP/TLS posture and compares each run against a baseline to show exactly what changed. Built around safety and traceability, CASM enforces scope controls and produces evidence-backed findings with outputs in SARIF, Markdown, PDF, and JSONL for both CI pipelines and stakeholder reporting.

Description

CASM (Continuous Attack Surface Monitoring) is an evidence-first attack surface monitoring toolkit for authorized environments. It discovers externally exposed assets, verifies HTTP/TLS posture, and tracks deltas between runs so teams can see what changed and why. It combines discovery, verification, and reporting into one workflow focused on operational clarity and safe execution. Instead of one-off scanner snapshots, it emphasizes run-over-run visibility with traceable findings.

Core Capabilities

  • Discover: map externally exposed targets across HTTP, DNS, and TLS contexts.
  • Verify: check security headers, transport controls, and related web hardening signals.
  • Track: compare current results against a baseline to identify added, removed, and unchanged findings.
  • Report: generate SARIF, Markdown, and PDF outputs for CI pipelines and stakeholder communication.

Why CASM

  • Delta-first monitoring: highlights change over time, not just current state.
  • Evidence-first findings: each result is backed by raw (redacted) evidence for auditability.
  • Safety by design: scope-bound execution, rate controls, and non-destructive verification defaults.
  • Practical architecture: Python orchestration with focused Go tooling for execution paths.

Safety Model

  • Authorization-first scope controls (domains, IPs, ports, protocols).
  • Default dry-run support for configuration validation.
  • Rate limiting and concurrency caps to reduce operational risk.
  • No payload exploitation or brute-force behavior in default verification flows.

Evidence and Reporting

  • JSONL evidence stream with engagement/run IDs, timestamps, tool metadata, and status.
  • SARIF output for automation and CI integrations.
  • Markdown/PDF reports with executive summary, technical details, and change-focused sections.

Quick Start

# Install from PyPI
pip install g2cv-casm
# Run unified monitoring
casm run unified --config scopes/scope.yaml --targets-file targets/target-harness.example.json
# Compare with a previous run
casm diff --old runs/baseline/results.sarif --new runs/current/results.sarif

CASM helps teams move from periodic scanning to continuous, evidence-backed attack surface visibility.

0 comments

No comments yet.

Sign in to be the first to comment.