A Python-based security assessment tool for continous automated security scanning and monitoring or domains .
- Port scanning and service detection using nmap
- Subdomain discovery using subfinder
- Vulnerability assessment
- Automated security reporting
- Integration with Slack for alerts (configurable)
- Jira ticket creation for vulnerabilities (configurable)
- Python 3.8+
- nmap
- subfinder
- nuclei
- naabu
- tlsx
- gau
- ffuf
- Clone the repository:
git clone [https://github.com/shadsidd/continuous-security-assessment-tool.git]
cd [https://github.com/shadsidd/continuous-security-assessment-tool]- Install Python dependencies:
pip install -r requirements.txt- Install system dependencies (on macOS):
# Add ProjectDiscovery tap for security tools
brew tap projectdiscovery/tap
# Install all required tools
brew install nmap
brew install projectdiscovery/tap/nuclei
brew install projectdiscovery/tap/subfinder
brew install projectdiscovery/tap/naabu
brew install projectdiscovery/tap/tlsx
brew install projectdiscovery/tap/gau
brew install ffufRun the tool by executing:
python CAST.pyWhen prompted, enter the target domain (e.g., example.com).
The tool uses the Agno framework and can be configured through environment variables:
OPENAI_API_KEY: Your OpenAI API key for the GPT-4 modelSLACK_TOKEN: (Optional) Slack API token for notificationsJIRA_TOKEN: (Optional) Jira API token for ticket creation
The tool generates:
- Detailed security assessment reports
- Port scanning results
- Subdomain enumeration
- Vulnerability findings
- SSL/TLS information
- Historical URL data
- Exposed endpoint information
Please ensure you have proper authorization before scanning any domain. Unauthorized scanning may be illegal in your jurisdiction.
[Add your license information here]