AttackSurfaceAnalyzer
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
Attack Surface Analyzer is a [Microsoft](https://github.com/microsoft/) developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration. The project is written primarily in C#, distributed under the MIT License license, first published in 2019. It has gained significant community traction with 2,938 stars and 292 forks on GitHub. Key topics include: attack-surface, security-tools.
Attack Surface Analyzer
Attack Surface Analyzer is a Microsoft developed open source security tool that analyzes the attack
surface of a target system and reports on potential security vulnerabilities introduced during
the installation of software or system misconfiguration.
Latest Version
Development for Attack Surface Analyzer is focused on the release/v2.3 branch.
Getting Attack Surface Analyzer
If you have the .NET SDK installed you can install Attack Surface Analyzer with
dotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLI.
Platform specific binaries for Attack Surface Analyzer are distributed via our GitHub releases page.
Dependencies on Linux/Docker
Attack Surface Analyzer is built on .NET so .NET's linux dependencies must be installed to run ASA. Some linux distributions may not contain these packages by default.
For running Attack Surface Analyzer in Docker you should use the .NET Docker Image Base or another image that has the .NET SDK installed, and then install the ASA tool from Nuget in your Dockerfile like RUN dotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLI
Documentation
Documentation is available on the Wiki.
Documentation for the API is available on GitHub Pages.
New Features in 2.3
- New Blazor GUI with Rule Authoring and Testing Sandbox
- New Collectors
- Improved collection and analysis performance.
- Support for C# 10/.NET 6
Overview
Attack Surface Analyzer 2 replaces the original Attack Surface Analyzer tool, released publicly in 2012.
Potential users of Attack Surface Analyzer include:
- DevOps Engineers - View changes to the system attack surface introduced when your software is installed.
- IT Security Auditors - Evaluate risk presented by when third-party software is installed.
Core Features
The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed and to run arbitrary complex rules on the results to surface interesting findings. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes.
Attack Surface Analyzer currently reports on changes to the following operating system components:
- File system (static snapshot and live monitoring available)
- User accounts
- Services
- Network Ports
- Certificates
- Registry
- COM Objects
- Event Logs
- Firewall Settings
- Wifi Networks
- Cryptographic Keys
- Processes
- TPM Information
All data collected is stored in a set of local SQLite databases.
How to Use Attack Surface Analyzer
Run the following commands in an Administrator Shell (or as root). Replace asa with asa.exe as appropriate for your platform.
CLI Mode
To start a default all collectors run: asa collect -a
To compare the last two collection runs: asa export-collect
For other commands run: asa --help
GUI Mode
For the GUI interface run: asa gui and a browser window should open directed at http://localhost:5000 with the web based interface.
Detailed information on how to use Attack Surface Analyzer can be found on our
wiki.
Building
To build Attack Surface Analyzer, see BUILD.
Versions
The latest public version of Attack Surface Analyzer with public builds is 2.3 (see Release\v2.3).
Contributing
This project welcomes contributions and suggestions. Most contributions require you to
agree to a Contributor License Agreement (CLA) declaring that you have the right to,
and actually do, grant us the rights to use your contribution. For details, visit
https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you
need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply
follow the instructions provided by the bot. You will only need to do this once across all
repos using our CLA.
This project has adopted the
Microsoft Open Source Code of Conduct.
For more information see the Code of Conduct FAQ or
contact opencode@microsoft.com with any additional questions or comments.
Reporting Security Issues
Security issues and bugs should be reported privately, via email, to the Microsoft Security
Response Center (MSRC) at secure@microsoft.com. You should
receive a response within 24 hours. If for some reason you do not, please follow up via
email to ensure we received your original message. Further information, including the
MSRC PGP key, can be found in
the Security TechCenter.
License
Attack Surface Analyzer 2 is licensed under the
MIT license.
Contributors
Showing top 10 contributors by commit count.
Related Repositories
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
1N3/Sn1per
Automated penetration testing & attack surface management platform. Recon, scan, exploit, report — 600+ exploits, 90+ integrations, 10K+ detections.
projectdiscovery/uncover
Quickly discover exposed hosts on the internet using multiple search engines.
superhedgy/AttackSurfaceMapper
AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.
stanislav-web/OpenDoor
OWASP Web Recon & Directory Discovery Platform
chiasmod0n/chiasmodon
Chiasmodon is an OSINT tool designed to assist in the process of gathering information about a target domain. Its primary functionality revolves around searching for domain-related data, including domain emails, domain credentials, CIDRs , ASNs , and subdomains, the tool also allows users to search Google Play application ID.