Skip to content
Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation.
Branch: master
Clone or download
Latest commit 93a41a1 Jun 12, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
AsaDemoGenerator Adds a little windows demo app (#230) Jun 4, 2019
Cli Adds a little windows demo app (#230) Jun 4, 2019
Gui LGTM Fixes (#233) Jun 12, 2019
Lib Adds a little windows demo app (#230) Jun 4, 2019
Tools Update version of Electron.NET (#220) May 31, 2019
docfx_project Update Mar 30, 2019
docs Set theme jekyll-theme-slate Mar 30, 2019
.gitattributes First code commit. Mar 26, 2019
.gitignore Update filters.json for Windows files (#88) Apr 6, 2019
AttackSurfaceAnalyzer.sln Update dependencies Jun 1, 2019
AttackSurfaceAnalyzer.sln.licenseheader Adding license headers. Mar 29, 2019 Update (#232) Jun 6, 2019 Add files via upload Mar 28, 2019
Directory.Build.props Add warning to results page when viewing the page without any results… Mar 27, 2019
LICENSE.txt Gfs/add win7 support (#28) Apr 1, 2019
NOTICE.txt Update NOTICE.txt (#222) May 31, 2019
NuGet.Config Adds a little windows demo app (#230) Jun 4, 2019 Guydalf privacy (#100) Apr 30, 2019 Update May 31, 2019
Resources.Designer.cs Add Localizability Support (#109) Apr 12, 2019
Resources.resx Add Localizability Support (#109) Apr 12, 2019
filters.json Gfs/#15 (#148) Apr 23, 2019
version.json Set version to '2.1-alpha' Apr 29, 2019

Attack Surface Analyzer

Getting Attack Surface Analyzer

The latest release is available on GitHub.

Note on Version

The latest released version of Attack Surface Analyzer is 2.0 (see Release\v2.0).
You are currently viewing the master branch, which tracks continuing development and is not recommended for production use.


Attack Surface Analyzer is a Microsoft-developed open source security tool that analyzes the attack surface of a target system and reports on potential security vulnerabilities introduced during the installation of software or system misconfiguration.

Attack Surface Analyzer 2.0 replaces the original Attack Surface Analyzer tool, released publicly in 2012.

Potential users of Attack Surface Analyzer include:

  • DevOps Engineers - View changes to the system attack surface introduced when your software is installed.
  • IT Security Auditors - Evaluate risk presented by when third-party software is installed.

Core Features

The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes.

Attack Surface Analyzer currently reports on changes to the following operating system components:

  • File system (static snapshot and live monitoring available)
  • User accounts
  • Services
  • Network Ports
  • Certificates
  • Registry (Windows only)

All data collected is stored in a local SQLite database called asa.sqlite.

How to Use Attack Surface Analyzer

Information on how to use Attack Surface Analyzer can be found on our wiki.

Future Plans (tentative)

We plan on adding additional features to Attack Surface Analyzer, including those from the list below:

  • Code signing info
  • Drivers (partially covered presently via file system monitoring)
  • Firewall settings
  • Redistributable installations
  • Network traffic (live monitoring)
  • Registry (live monitoring)
  • Requested features which existed in the original Attack Surface Analyzer.

If you have feedback on these or other features, please open an issue.


Attack Surface Analyzer runs on Windows, Linux, and MacOS, and is built using .NET Core. It has both a command-line interface and ElectronNET GUI option available. Neither version currently has an installer.

Packages are available on our releases page as compressed archives.


To build Attack Surface Analyzer, see BUILD.


This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct.

For more information see the Code of Conduct FAQ or contact with any additional questions or comments.

Reporting Security Issues

Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) at You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter.


Attack Surface Analyzer 2.0 is licensed under the MIT license.

You can’t perform that action at this time.