Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

An attack surface mapper is a tool or technique used to identify and analyze the potential vulnerabilities and entry points within a system, network, or application that could be exploited by attackers. It involves discovering assets, enumerating services, scanning for vulnerabilities, mapping dependencies, and assessing risks. The goal is to gain a comprehensive understanding of the attack surface and generate actionable insights to prioritise prioritize and address potential weaknesses. By regularly assessing and updating the attack surface, security professionals can proactively mitigate risks and enhance the overall security posture.

Info

Attack Surface Mapper checks for Domain Enumeration, Port scanning, Vulnerability scanning, Sub Domain monitoring, DNS Records Usernames, and Emails.

  • Navigate to Company View and select the company of your choice.

  • Navigate to Attack Surface Mapper to set up the scan.

  • Add the Domain name and click on Scan.

  • Image Removed

    Once clicked on scan, the scan starts.

  • Image Removed

    Once the scan completes, results are shown for the same.

  • Results shows Target IP Addresses, S3 Buckets details.

  • Image Removed

    Results shows DNS Records.

...

  • Results on the left menu.

...

  • Under Configurations, click on +Add.

  • Specify a name for the Attack Surface Mapper configuration to be added.

  • Enter the domain name, and select the Scan later option if prefer to conduct the domain scan at a later time; otherwise, keep it unchecked to initiate it upon saving it. Then click Save button.

...

  • Once it is added, It will create a record and show under the Configurations.

...

  • The Configurations can be Edited, deleted, or Scanned using the Action Option.

...

  • Once the scan is initiated, Jobs will be created for that particular configuration under Jobs.

...

  • Job Details can be viewed and Jobs can be Terminated under the Action.

...

  • Results tab shows Domain Name scanned with details under the Results section.

...

  • Information summary of Vulnerabilities, Open Ports, Target IPs, Emails, Usernames, Subdomains is shown under details of the results.

...

  • Results also show DNS Records.

...

  • Results also shows MX Records, Sender Policy Framework(SPF) Records, DMARC Records, and RAW Headers.

...

  • Results shows show Sub-Domains.

...

This completes the Attack Surface Mapper documentation.