microsoft
/
AttackSurfaceAnalyzer
зеркало из https://github.com/microsoft/AttackSurfaceAnalyzer.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updated Home (markdown)

Gabe Stocco 2019-11-27 11:14:45 -08:00
Родитель a68042a341
Коммит d204e41839
1 изменённых файлов: 12 добавлений и 23 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

35
Home.md

@ -1,14 +1,14 @@
# Welcome to the Attack Surface Analyzer wiki!
## Attack Surface Analyzer 2.0 Is Now Available
The project master branch is now moved up to 2.1 for ongoing improvements. The 2.0 Official Release is the first release of this version of the tool which is a major update of the classic 1.0 version.
## Attack Surface Analyzer 2.1 Is Now Available
The project master branch is now moved up to 2.2 for ongoing improvements.
## Why Attack Surface Analyzer
Attack Surface Analyzer (ASA) is a Microsoft-developed Security tool that analyzes the attack surface of a Windows 10, Linux or MacOS system and reports on system changes that may have potential security implications that are introduced by the installation of software or by system misconfiguration.
Attack Surface Analyzer 1.0 [classic](https://www.microsoft.com/en-us/download/details.aspx?id=24487) from Microsoft was released in 2012 and while still available it is no longer supported. Attack Surface Analyzer 1,.0 has been valuable to software developers and IT security personnel for years in helping detect key system changes that may occur from software installation.
Attack Surface Analyzer 2.0 is a rewrite from the ground up on Microsoft .NET Core and Electron and is deployed as Open Source for contribution and customization. Note: the official or master branch of the code is still managed by Microsoft.
Attack Surface Analyzer 2.1 is a rewrite from the ground up on Microsoft .NET Core and Electron and is deployed as Open Source for contribution and customization. Note: the official or master branch of the code is still managed by Microsoft.
### Scenarios
1. Attack Surface Analyzer can help identify potential security risks exposed through changes to services, user accounts, files, network ports, certificate stores, and the system registry. It also includes some support for “live” monitoring of certain system changes (i.e. file system and registry).
@ -21,7 +21,7 @@ Attack Surface Analyzer 2.0 is a rewrite from the ground up on Microsoft .NET Co
# How to Run Attack Surface Analyzer
## Overview
Attack Surface Analyzer 2.0 comes with both a command line (CLI) or an Electron-based graphical (GUI) option making it easy to use as part of a testing or release script or for standalone use. When using it, you create “snapshots” before and after you install the target software under consideration for analysis. A clean initial system with minimal additional software is ideal, but not required. Snapshots are stored in a local SQLite database and used to generate reports of system changes.
Attack Surface Analyzer 2.1 comes with both a command line (CLI) or an browser based (GUI) option making it easy to use as part of a testing or release script or for standalone use. When using it, you create “snapshots” before and after you install the target software under consideration for analysis. A clean initial system with minimal additional software is ideal, but not required. Snapshots are stored in a local SQLite database and used to generate reports of system changes.
You can also scan for changes after the software is used or while it is running to potentially capture additional changes made to the system.
@ -37,22 +37,13 @@ The assumption is that both data collection and data analysis will be run on the
elements are collected in the baseline and subsequent scans.
## Running ASA from the GUI
### Full GUI (Electron)
The Full GUI is a standalone Electron application powered by an ASP.NET backend which performs the heavy lifting. The Full GUI is currently available on Windows 10 and Linux.
#### Windows
Navigate to the Attack Surface Analyzer program folder where it was downloaded and right-click ```Attack Surface Analyzer.exe```, and select Run as administrator from the context menu that appears.
#### Linux
```sudo asa```
### Slim GUI
The 'Slim' GUI is just the ASP.NET backend that powers the Electron GUI. This allows you to bring your own browser and is a smaller download. Further, the Slim GUI is available on older versions of Windows, where the Full GUI is restricted to Windows 10.
#### Startup
- Windows, open an Administrator Command Prompt and run ```AttackSurfaceAnalyzer-GUI.exe```.
- Mac OS/Linux, use sudo - ```sudo AttackSurfaceAnalyzer-GUI```.
- Windows, open an Administrator Command Prompt and run ```AsaLaunchGui.bat```.
- Mac OS/Linux, use sudo - ```sudo AsaLaunchGui.sh```.
#### Operating
- Once you have started ```AttackSurfaceAnalyzer-GUI``` navigate to ```localhost:5000``` in your browser of choice.
- Once you have started Attack Surface Analyzer it should automatically launch a browser window in your system default browser to `http://localhost:5000` with the application.
### Collecting Data
* Select Scan located from the top menu or Start Scan from the home page. **Note**: Scanning should never be run on live production servers since it can severely degrade the performance of the system.
@ -68,9 +59,9 @@ The 'Slim' GUI is just the ASP.NET backend that powers the Electron GUI. This a
## Running ASA from the Command Line
To run the program, open a shell as an administrator on Windows or for Linux and MacOS, use a SUDO user account or ensure and the files are located in an appropriate administrator folder respectively.
To run the program, open a shell as an administrator on Windows or for Linux and MacOS, use a sudoer user account or ensure and the files are located in an appropriate administrator folder respectively.
The CLI version of the tool comes with built-in help using a help parameter i.e. run AttackSurfaceAnalyzerCLI.exe with no arguments which lists all top level argument options or "AttackSurfaceAnalzerCLI help " <command> <enter> where <command> is one of the value listed when arguments are supplied e.g. "AttackSurfaceAnalzerCLI help collect".
The CLI version of the tool comes with built-in help using a help parameter i.e. run `asa` with no arguments which lists all top level argument options or "asa help" <command> <enter> where <command> is one of the value listed when arguments are supplied e.g. "AttackSurfaceAnalzerCLI help collect".
Follow the same general baseline and product snapshot procedures for the GUI application.
@ -81,9 +72,9 @@ Note that analyzer has high CPU and disk I/O demands, and may take a considerabl
### Operating System Support
ASA is tested on Windows 7 (CLI version only), Windows 10, Linux (currently Mint) and MacOS systems. No installed pre-requisites or redistributables are required, beyond those of .NET Core.
ASA is tested on Windows 10, Linux and MacOS systems. No installed pre-requisites or redistributables are required, beyond those of .NET Core.
Our core technologies are .NET Core 2.2 and Electron. No other systems are tested at present but .NET Core is supported on the following versions of Windows:
Our core technologies are .NET Core 3.0. No other systems are tested at present but .NET Core is supported on the following versions of Windows:
* Windows 7 SP1
* Windows 8.1
* Windows 10 Anniversary Update (version 1607) or later versions
@ -92,9 +83,7 @@ Our core technologies are .NET Core 2.2 and Electron. No other systems are test
* Windows Server 2012 R2 (Full Server or Server Core)
* Windows Server 2016 or later versions (Full Server, Server Core, or Nano Server)
Additional OS compatibility for .NET Core is located here https://github.com/dotnet/core/blob/master/release-notes/2.2/2.2-supported-os.md.
Due to limitations in functionality of Server Core available, only the command line option is likely to be fully supported.
Additional OS compatibility for .NET Core is located here https://github.com/dotnet/core/blob/master/release-notes/3.0/3.0-supported-os.md.
## Installation