Open-source platform for cybersecurity Attack Surface Management. Built to help security teams identify, monitor, and manage external assets and potential security exposures across their digital infrastructure.
Features • System Architecture • Installation • Documentation • Developer Guide • Screenshots
- Asset Discovery & Management: Discover and manage internet-facing assets (domains, IPs, services) with grouping and multi-workspace support.
- Vulnerability Assessment: Scan for vulnerabilities and misconfigurations with issue tracking, risk analysis, and remediation guidance.
- Technology Detection: Identify technologies and services running on discovered assets.
- Distributed Scanning Engine: High-performance distributed workers that can be easily scaled for parallel scanning tasks.
- Tool Integration: Extensible framework for integrating security scanning tools.
- AI Assistant Integration: MCP server integration for AI assistants to query asset data via natural language.
- Workflow Automation: Automated scanning schedules, alerts, and remediation workflows.
- Real-time Monitoring: Monitor asset changes with instant notifications and a statistics dashboard.
- Search & Analytics: Search and filter asset data with analytics for risk trends and reporting.
The system runs on a distributed architecture consisting of:
- A web-based console for user interaction and monitoring.
- A core API service handling business logic, data persistence, and job orchestration.
- Distributed workers for high-performance scanning tasks with auto-scaling capabilities.
- PostgreSQL database for data storage and Better Auth for authentication.
graph TD
%% Actors & External
User[User / Security Team]
AI[AI Assistant / LLM]
Internet[Internet / Attack Surface]
%% Core Components
subgraph "OASM Platform"
Console[Web Console]
API[Core API Service]
DB[(PostgreSQL)]
MCP[MCP Server]
subgraph "Execution Plane"
Worker[Distributed Workers]
end
end
%% Relationships
User -->|Manage & Monitor| Console
Console <-->|REST API| API
API <-->|Persist Data| DB
%% Job Flow
API -->|Dispatch Scan Jobs| Worker
Worker -->|Report Results| API
Worker -->|Scan & Discovery| Internet
%% AI Flow
AI <-->|Query Context| MCP
MCP <-->|Fetch Asset Data| API
To quickly get started with OASM using Docker:
-
Clone the repository:
git clone https://github.com/oasm-platform/oasm-docker.git cd oasm-docker -
Rename the example environment file:
cp .env.example .env
-
Start the services:
docker compose up -d
This will launch the entire system, including the console, core API, workers, and database. Access the application at the configured URL (http://localhost:6276).
For detailed instructions on setting up your development environment, running services, and contributing, please refer to our dedicated Developer Guide.