...
Panel | ||
---|---|---|
| ||
What is the Attack Surface Mapper? 🤔 |
It is critical to identify and analyze different aspects of an organization's infrastructure that may be vulnerable to exploitation by malicious actors. This includes scanning network hosts, analyzing web applications, enumerating subdomains, identifying open ports, and performing other reconnaissance tasks. This helps prioritize security efforts, focus on areas that require immediate attention, and mitigate potential risks.
Attack Surface Mapper scan covers various aspects of a domain's web presence and associated cloud services. By deeply scanning webpage content, headers, and cloud storage services like Open S3 buckets and Open Azure blobs, the scan aims to identify security vulnerabilities and exposures. |
...
Here's how such a scan works:
Webpage Content and Headers: The scan would analyze the HTML content of webpages associated with the domain, looking for references to external resources like images, scripts, stylesheets, and iframes. It would also inspect HTTP response headers such as Content-Security-Policy and Permissions-Policy to understand the security policies and identify any misconfigurations or weaknesses.
Open S3 Buckets and Open Azure Blobs: The scan would check for any open or publicly accessible S3 buckets associated with the domain or its subdomains. Similarly, it would look for publicly accessible Azure blobs or other cloud storage resources. This involves querying DNS records, analyzing website content, and requesting known cloud storage endpoints.
Cloud Provider Information: The scan utilizes APIs provided by cloud service providers to gather information about the domain's cloud infrastructure, including details about storage resources and other services. This could help identify potential security risks associated with cloud configurations.
Subdomain Enumeration: The scan would identify any subdomains associated with the domain by examining DNS records and performing subdomain enumeration techniques. It then analyzes these subdomains to determine if they point to cloud storage endpoints or other relevant resources.
By combining these techniques, the scan provides a comprehensive assessment of the domain's attack surface, highlighting potential security weaknesses and areas for improvement.
...
Info |
---|
For a list of the IPs used for Attack Surface Mapper (ASM) scanning, please check out the documentation page here: Agent Configurations |
...
What data is captured by the Attack Surface Mapper scan? 🤔
...
Data Label | Description / Use Case |
---|---|
DNS Records | Displays the DNS (Domain Name System) records associated to the domain. Differen Different types will include record types of A, MX, NS, TXT, and SOA record types. These help in the translation of a human-readable domain to an actual IP address. (IE: Phonebook for the Internet) Emails |
MX Records | Displays the MX (Mail Exchange) record for the domain. This help to route email to the correct email server(s). |
Open Ports | Displays the count of open ports with the protocol. Ports are used for communication between software applications and services running on a device. The IANA maintains the full listing found here: IANA Ports Guide |
RAW Headers | Displays the RAW Header information for the domain, which includes Cache Control, Connection, Content-length, Content Encoding, Content Type, Date, Etag, Keep-alive, Server, Set Cookie, Vary, X-host, and X-us-compatible information. This information is used for communication between web browsers and servers. |
S3 Buckets | Displays any S3 (Amazon Simple Storage Service) buckets/containers for the domain; these are used for storing and organizing data on the Amazon Web Services (AWS) platform. |
SPF Records | Displays the Sender Policy Framework (SPF), DNS record for the domain. This helps in preventing email spoofing and phishing by verifying that an email sent from an authorized server. |
Subdomains | Displays the count of Subdomains found the main domain. |
Target IPs | Displays the public or target IP for the domain. Usernames |
Vulnerabilities | Displays the count of Vulnerabilites; the CVE-ID, Severity, Description, EPSS Score, Base Score, Impact Score, and Exploitability Score will be included. |
...
Company Attack Surface Mapper - Table of Contents
Table of Contents | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Company Attack Surface Mapper - Overview
On this page, you can view a list of domains configured for scanning.
...
Use the side navigation toolbar to add a ‘New Domain’ if no records are displayed.
...
ASM is designed with two main sections: Configurations and Results.
...
Configurations are where you will configure the attack surface mapper scan parameters.
Results are where you can view the results from the UI, or use the Standard Report.
...
Company Attack Surface Mapper - Details
You will find the Name and Domain listed under the Domain Configuration section.
...
Add Domain Configuration
Note |
---|
When you save a new configuration in Attack Surface Mapper, a scan will start immediately. To delay postpone the scan, tick check the "Scan Later" checkbox displayed above. |
...
Column Label
...
Description / Use Case
...
Name
...
Displays the given name of the scanning profile.
Example: Ryans ASM Test for Google
...
Domain
...
Displays the domain of the scanning profile.
Do Not Include WWW in your setup.
Example: google.com
Company Attack Surface Mapper - Side Navigation Toolbar Overview
Add Domain - tap to add a new domain configuration to the ASM scanning.
Edit Domain - select one record first, then tap to Edit the scan details.
Remove Domain - select at least one record first, then tap to Remove the selected domain configuration.
Scan Now - select at least one record first, then tap to initiate an ASM scan.
Jobs - tap see historical ASM job history and details.
Alerts - tap to see the system events in our timeline-style format.
Company Attack Surface Mapper - Side Navigation Toolbar Actions
Add Domain
Tap to create a new domain configuration for ASM scanning. You must include the Name and Domain and tap the save button to finish.
...
NOTE: Tap the ‘Scan Later’ checkbox if you do not want to run the ASM scan right away.
Edit Domain
First, select one record from the left side checkbox, then tap the Edit Domain icon to make any changes.
...
Tap Save once you are completed; otherwise, click Cancel to go back.
Remove Domain
Select at least one record, then tap the Remove Domain icon to delete the profile. You will be prompted with a confirmation message to click Yes to remove the domain.
...
Click Yes; otherwise, click Cancel to back out and keep the domain.
Scan Now
You must select at least one record first, then tap the Scan Now icon to initiate an Attack Surface Mapper scan manually. This will show up under the Jobs section, where you can monitor the progress.
...
Tap on Add
...
Complete the required fields as shown here:
...
Info |
---|
Do not include the https:// or .com in the Domain* field |
Tap Save when completed.
...
Edit Domain Configuration
Use the three-dot Action menu to access the Edit Configuration
...
Remove Domain Configuration
Use the three-dot Action menu to access the Remove Domain option.
...
Scan Now
Use the three-dot Action menu to use the Scan Now option.
...
Jobs
Tap the Jobs icon to see a history of the Jobs running for the company selected.
...
Alerts
You can use the timeline style to view the changes and updates in the System Events.
...
Need Support?
Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.
...