Merge branch 'master' of https://github.com/Microsoft/AttackSurfaceAn…

…alyzer

BUILD.md

@@ -1,8 +1,53 @@
 # Build How-to
-Zeroth: Install Node.js, the .NET Core 2.1 SDK, and Visual Studio 2017. 
 
-Download the code and open the command line in the “GUI” directory.
+## Pre-requisites
 
-Run: dotnet tool install ElectronNET.CLI -g
-Followed by: npm install electron-packager --global
-Finally: electronize start
+### CLI:
+- .NET Core 2.1 SDK
+- Visual Studio 2017
+
+### GUI: 
+- Node.js 
+- .NET Core 2.1 SDK
+- Visual Studio 2017. 
+- Electron.NET CLI tool - ```dotnet tool install ElectronNET.CLI -g```
+
+## Building
+
+### CLI:
+
+#### Building a Debug version
+
+```
+dotnet build
+```
+
+#### Building a Release version
+On Windows you can use the script at Cli\Build.ps1 to build the release package.
+```
+.\build.ps1 -release Release
+```
+
+Linux
+```
+sh build-linux.sh -r Release
+```
+
+Mac
+```
+sh build-mac.sh -r Release
+```
+
+### GUI
+
+#### Running
+```
+electronize start
+```
+
+#### Building
+
+```
+electronize build /target win
+```
+Will create the Electron application in ```AttackSurfaceAnalyzer\Gui\bin\desktop```

Cli/build_linux.sh

@@ -0,0 +1,17 @@
+release = "Debug"
+
+while [ "$1" != "" ]; do
+    case $1 in
+        -r | --release )           shift
+                                release=$1
+    esac
+    shift
+done
+
+if ["$release" = "Debug"); then
+    dotnet build
+fi
+if ["$release" = "Release"]; then
+    dotnet publish -c Release -r linux-x64 --self-contained true && ../Tools/linux-x64.warp-packer --arch linux-x64 --input_dir bin/Release/netcoreapp2.1/linux-x64/publish/ --exec AttackSurfaceAnalyzerCli --output AttackSurfaceAnalyzerCli
+    chmod +x AttackSurfaceAnalyzerCli
+fi

Cli/build_mac.sh

@@ -0,0 +1,17 @@
+release = "Debug"
+
+while [ "$1" != "" ]; do
+    case $1 in
+        -r | --release )           shift
+                                release=$1
+    esac
+    shift
+done
+
+if ["$release" = "Debug"); then
+    dotnet build
+fi
+if ["$release" = "Release"]; then
+    dotnet publish -c Release -r osx-x64 --self-contained true && ../Tools/macos-x64.warp-packer --arch osx-x64 --input_dir bin/Release/netcoreapp2.1/osx-x64/publish/ --exec AttackSurfaceAnalyzerCli --output AttackSurfaceAnalyzerCli
+    chmod +x AttackSurfaceAnalyzerCli
+fi

README.md

@@ -25,31 +25,31 @@ ATSAN analysis has proven to be valuable in identifying additional items to be
 considered in a threat model and detecting specific areas for additional fuzz testing.
 
 Typical users of ATSAN include:
-• DevOps Engineers - view changes to the system attack surface introduced by your 
+* DevOps Engineers - view changes to the system attack surface introduced by your 
 software.
-• IT Security Auditors - evaluate risk presented by select software before general 
+* IT Security Auditors - evaluate risk presented by select software before general 
 distribution and use.
 
 Ideally, you would install the tool on a clean system with just the OS, the
 Attack Surface Analyzer and software you plan to analyze.
 
 ## Features
 
-Files (static snapshot and live monitoring available)
-User accounts
-Services
-Network Ports
-Registry (Windows)
+- Files (static snapshot and live monitoring available)
+- User accounts
+- Services
+- Network Ports
+- Certificates
+- Registry (Windows)
 
 Future planned features:
-Certificate store
-Code signing info
-Drivers (partially covered presently under files)
-Firewall settings
-Redistributable installations
-Requested features which existed in ASA Classic
-Network traffic live monitoring
-Registry modifications (Windows) live monitoring
+- Code signing info
+- Drivers (partially covered presently under files)
+- Firewall settings
+- Redistributable installations
+- Requested features which existed in ASA Classic
+- Network traffic live monitoring
+- Registry modifications (Windows) live monitoring
 
 ## Installation
 
@@ -87,9 +87,7 @@ contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additio
 ## How to Use
 
 To run the GUI right click 
-“ElectronNet.Host.Exe” and run as Administrator.  To run the CLI, ensure you have 
-.NET Core 2.1 framework installed**,  open a command prompt as administrator 
-and run “dotnet AttackSurfaceAnalyzer-CLI.dll”.
+“ElectronNet.Host.Exe” and run as Administrator.  To run the CLI, run AttackSurfaceAnalyzerCli as root/administrator.
 
 The CLI version of the tool comes with built-in help using a help parameter i.e. ATSAN 
 /help for specifying specific collections to capture and other options.  
@@ -99,21 +97,21 @@ https://github.com/microsoft/AttackSurfaceAnalyzer/wiki once it becomes availabl
 
 ## Notes and FAQ
 
--When comparing the results of two runs against one another the CLI this will output a 
+- When comparing the results of two runs against one another the CLI this will output a 
 results.html file whereas the GUI provides in application comparison.
--Collecting files is slow, due to the number of items processed.
--Collecting registry entries is slow, due to the number of items processed.
--Comparing large runs is slow.
+- Collecting files is slow, due to the number of items processed.
+- Collecting registry entries is slow, due to the number of items processed.
+- Comparing large runs is slow.
 
 GUI:
 
--Switching tabs in the GUI while an action is underway may make the application 
+- Switching tabs in the GUI while an action is underway may make the application 
 unresponsive to further input.  This is being resolved in the next version.
--Status reporting in the collect tab is manual and requires pressing the get status button.
--Sometimes when collecting files in the GUI the option to get status may be 
+- Status reporting in the collect tab is manual and requires pressing the get status button.
+- Sometimes when collecting files in the GUI the option to get status may be 
 unresponsive.
--Debug output is enabled in the GUI in this version.
--The GUI is *not final* and is in the process of being updated.
+- Debug output is enabled in the GUI in this version.
+- The GUI is *not final* and is in the process of being updated.
 
 For future assistance with use please see our FAQ list once it is available at 
 https://github.com/microsoft/AttackSurfaceAnalyzer/wiki