If you have .NET Core 3.1 installed you can install Attack Surface Analyzer with dotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLI
from NuGet
While 2.2 is in Beta you may receive a message that you need to specify a version. That message should include the latest version flag to use.
Platform specific binaries for Attack Surface Analyzer are distributed via our GitHub releases page.
The library is available on NuGet
The latest stable version of Attack Surface Analyzer is 2.1 (see Release\v2.1).
2.2 is available in Beta.
2.3 is now in development. You can see the features coming here.
- Expanded analysis engine allowing users to define arbitrary boolean expressions across clauses and access sub properties of objects. See https://github.com/microsoft/AttackSurfaceAnalyzer/wiki/Analysis-Ruleset for more information on creating rules.
- Improved collection and analysis performance.
Attack Surface Analyzer is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration.
Attack Surface Analyzer 2 replaces the original Attack Surface Analyzer tool, released publicly in 2012.
Potential users of Attack Surface Analyzer include:
- DevOps Engineers - View changes to the system attack surface introduced when your software is installed.
- IT Security Auditors - Evaluate risk presented by when third-party software is installed.
The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed and to run arbitrary complex rules on the results to surface interesting findings. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes.
Attack Surface Analyzer currently reports on changes to the following operating system components:
- File system (static snapshot and live monitoring available)
- User accounts
- Services
- Network Ports
- Certificates
- Registry
- COM Objects
- Event Logs
- Firewall Settings
All data collected is stored in a set of local SQLite databases.
Run the following commands in an Administrator Shell (or as root). Replace asa
with asa.exe
as appropriate for your platform.
To start a default all collectors run: asa collect
To compare the last two collection runs: asa export-collect
For other commands run: asa --help
For the GUI interface run: asa gui
and a browser window should open directed at http://localhost:5000
with the web based interface.
Detailed information on how to use Attack Surface Analyzer can be found on our wiki.
Attack Surface Analyzer runs on Windows, Linux, and MacOS, and is built using .NET Core.
Packages are available on our releases page as compressed archives.
To build Attack Surface Analyzer, see BUILD.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct.
For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.
Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) at [email protected]. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.
Attack Surface Analyzer 2.x is licensed under the MIT license.