Ishikawa : a framework/architecture for automated Attack Surface Mapping & Vulnerability scanning

- golang based architecture

- information is dynamically mapped into one central directed knowledge graph

- default multithreading

- utilizes existing tools (such as nmap/nuclei/katana/wfuzz/....) instead of reinventing the wheel

- architecture is (tldr) a self supervising logic in which every worker is also a scheduler that based on delta causality uses cartesian fanout and graph overlay mapping including local only witness nodes to dispatch new "jobs" without having a central scheduler or the necessity to scan a central total job queue to prevent duplicate executions.

In this architecture every "action" that can be executed defines an input structure necessary. If the previously mentioned mechanic identifies a possible job execution it will create a job input payload which will automatically be picked up by a worker an executed. Therefor every action is a self containing logic. This results in a organically growing knowledge graph without defining a full execution flow. It is very easy to extend.

I worked on this for the past ~10 years (private time). The sad truth tho is, while this project was initially planned to be open sourced - after i not to long ago for quite some bucks consulted a lawyer, i basically was presented with the fact that if i would publish it i could get sued due to germany's hacker and software reliability laws. So for now its only trapped on my disk and maybe will never see daylight.

Im right now working on a blog article (thats why i even mention it) about the whole thing with quite more detailed description and will also contain some example visual data. Maybe will post it on hackernews will see.

PS:The tool does not need llm/nn.