AASD — API Attack Surface Discovery
Interactive booth application for GITEX 2026. Visitors enter a domain, the app discovers live subdomains via HTTPS/TLS probing, and they select one to scan with GoTestWAF against a Wallarm WAF endpoint.
Enter domain → Discover subdomains → Pick target → GoTestWAF scan → AI report → QR code
Quick Start
# Build (from source)
cd ~/gitex2026/aasd/src
go build -o ../bin/aasd ./cmd/aasd/
# Quick deploy (pre-built binary in bin/)
sudo cp bin/aasd /opt/aasd/aasd
sudo systemctl restart aasd
# Monitor
sudo journalctl -u aasd -f
Booth Flow
- Visitor enters a domain (e.g.
example.com) or an IP address
- Discovery runs — probes 5000 common subdomain names via HTTPS/TLS (
Checking 142 / 5000 subdomains…)
- Live progress — frontend shows real-time counter with pulsing indicator
- Subdomains displayed — only those with valid TLS certificates (filters wildcard DNS noise)
- Visitor picks one — selects a subdomain to scan
- GoTestWAF scans — tests the selected subdomain against the Wallarm WAF endpoint
- AI report generated — resilience narrative (or fallback if AI unavailable)
- QR code shown — visitor shares with booth team for full consultant report
Deployment
Structure
gitex2026/aasd/
├── bin/ # Pre-built binaries
│ ├── aasd # Compiled Go binary (31M)
│ └── gotestwaf # WAF scanner binary (27M)
├── src/ # Go source code
├── docs/ # Documentation
├── install.sh # Production installer (creates /opt/aasd/)
├── sample.config.yaml # Config template (copy to /opt/aasd/config.yaml)
├── sample.env # Environment variable template
├── README.md # This file
└── VERSION
/opt/aasd/ # Deployed runtime (created by install.sh)
├── aasd # Compiled binary (from bin/)
├── config.yaml # Server URL, admin credentials, AI key
├── prompt.txt # DeepSeek system prompt
├── subdomains.txt # Subdomain wordlist
├── gotestwaf # WAF scanner binary (from bin/)
├── gotestwaf-config.yaml # HTTP headers for scans
├── testcases/ # GoTestWAF attack payloads
├── static/ # Frontend files
├── templates/ # Admin dashboard template
├── reports/ # Generated scan reports
└── logs/ # Server logs
Configuration
Sample configuration files are provided in the project root:
| File |
Purpose |
sample.config.yaml |
Full config template with placeholder values (copy to /opt/aasd/config.yaml) |
sample.env |
Environment variable template (source with source sample.env) |
Important: The install.sh script prompts for credentials at deploy time and generates config.yaml automatically. Sample files are for reference only — never commit real credentials.
Environment Variables
All config values can be overridden via environment variables:
| Variable |
Overrides |
Description |
AASD_BASE_URL |
server.base_url |
Public base URL for report links & QR codes |
SMTP_HOST |
— |
SMTP server hostname (default: smtp.openxchange.eu) |
SMTP_PORT |
— |
SMTP server port (default: 587) |
SMTP_USERNAME |
— |
SMTP auth username (default: post@sechpoint.app) |
SMTP_PASSWORD |
— |
SMTP auth password |
SMTP_FROM |
— |
Sender email address (default: post@sechpoint.app) |
Service Management
sudo systemctl start aasd # Start
sudo systemctl stop aasd # Stop
sudo systemctl restart aasd # Restart
sudo systemctl status aasd # Status
sudo journalctl -u aasd -f # Follow logs
Credentials
| Interface |
Username |
Password |
| Admin Dashboard |
sechpoint |
Git3x2o26 |
API Endpoints
| Endpoint |
Auth |
Description |
GET / |
Public |
Landing page |
POST /start |
Public |
Submit domain, start discovery |
GET /select-subdomain?token= |
Public |
Subdomain selection page |
POST /select-subdomain |
Public |
Select subdomain, start scan |
GET /analysing?token= |
Public |
Scan progress page |
GET /scan-status/:token |
Public |
Poll status (JSON) |
GET /admin-dashboard |
Basic Auth |
Consultant dashboard |
GET /api/scans |
Public |
Scan list (JSON) |
POST /email-report |
Public |
Send report via email ({"token":"...","email":"..."}) |
GET /reports/visitor_*.html |
Public |
Visitor-facing report (with Home button) |
GET /reports/consultant_*.html |
Public |
GoTestWAF consultant report (with email-send form) |
GET /qrcode?text= |
Public |
QR code generator |
Report Types
| File |
Content |
Size |
visitor_{token}.html |
AI resilience narrative or fallback |
~4KB |
consultant_{token}.html |
Raw GoTestWAF output (if scan succeeded) |
~59KB |
Architecture
src/
├── cmd/aasd/main.go # HTTP server, routes, lifecycle
├── internal/
│ ├── scanner/
│ │ ├── scanner.go # Orchestrator, pipeline, scan results
│ │ ├── probe.go # Wordlist-based HTTPS/TLS subdomain discovery
│ │ └── gotestwaf.go # GoTestWAF binary execution
│ ├── report/report.go # Static HTML report generation
│ ├── ai/deepseek.go # DeepSeek API integration
│ └── mailer/smtp.go # SMTP email delivery
└── static/ # Frontend source files
Key Design Decisions
- No email collection — domain is the only input, avoiding data-mining appearance
- TLS cert validation as subdomain filter — reliable signal vs wildcard DNS noise
- Interactive selection — visitor participates by choosing the scan target
- 5000-name wordlist from SecLists — comprehensive but fast (~2 min probe)
- In-memory scan state — volatile (restart clears), reports are files on disk (persist)
- IP fast-path — skips discovery when an IP address is entered
Development
# Repository
cd ~/gitex2026
# aasd/src/ — Go source
# aasd/bin/ — Pre-built binaries
# aasd/docs/ — Documentation
# Build (outputs to bin/)
cd ~/gitex2026/aasd/src
go build -o ../bin/aasd ./cmd/aasd/
go vet ./...
# Update wordlist (optional, defaults to built-in 40 names)
curl -sL -o /opt/aasd/subdomains.txt \
"https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/subdomains-top1million-5000.txt"
License
Proprietary — For internal event use at GITEX 2026.
