You're viewing a demo portfolio

Join the waitlist
PRSM

diff_attack_paths

Active

Tool of io.github.Baneado98/cloud-pathfinder

declared in 0.1.0

DIFFERENTIAL attack-path analysis for a change to Infrastructure-as-Code — the CI/CD gate. Give it the IaC BEFORE and AFTER a change (e.g. a pull request's base and head trees, each a map of filename→content) and it builds the full resource graph + runs the internet→crown-jewel reachability search on BOTH states, then reports exactly what the change did to your attack surface: which breach chains it INTRODUCES (e.g. 'this PR opens a NEW Internet→admin route via a newly-public security group + an over-broad IAM grant'), which it ELIMINATES, and which it AGGRAVATES (makes more exploitable). Returns an INTRODUCES_BREACH / REDUCES_RISK / NEUTRAL / MIXED verdict — the single check to wire into PR review so a change that opens a path to your data/secrets/admin is caught before merge. This is something a per-file linter or a single-state scan cannot answer: it needs both graphs and a semantic cross-state path match. Heuristic static analysis of declared IaC.

Parameters schema

{
  "type": "object",
  "required": [
    "before",
    "after"
  ],
  "properties": {
    "deep": {
      "type": "boolean",
      "description": "When true, runs the PREMIUM deep diff: the full changed chains with per-hop file:line evidence, before→after exploitability scores, and which choke points newly matter. Requires CLOUD_PATHFINDER_KEY; without one you get unlock instructions. The free diff verdict + counts need no key."
    },
    "after": {
      "type": "object",
      "properties": {
        "files": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        },
        "source": {
          "type": "string"
        },
        "filename": {
          "type": "string"
        }
      },
      "description": "The IaC state AFTER the change (the PR head). Same shape as `before`."
    },
    "before": {
      "type": "object",
      "properties": {
        "files": {
          "type": "object",
          "additionalProperties": {
            "type": "string"
          }
        },
        "source": {
          "type": "string"
        },
        "filename": {
          "type": "string"
        }
      },
      "description": "The IaC state BEFORE the change (the PR base). Provide { files: {filename: content} } or { source, filename }."
    }
  }
}

What this tool wraps· 1 endpoint

min confidence0.700.50

Parent server

io.github.Baneado98/cloud-pathfinder

https://github.com/Baneado98/cloud-pathfinder

2/7 registries
View full server →