-
Notifications
You must be signed in to change notification settings - Fork 271
Using the Command Line Interface
The basic usage pattern for Attack Surface Analyzer is to run two collections, followed by a comparison and export.
This will start a collection with all default collectors enabled.
asa collect -a
To choose a subset of collectors or provide extra arguments to collectors run asa collect --help for the full list of options. For example, to collect information about files in some selected directories and ports
asa collect -fp --selected-directories C:\System32,C:\Windows
Perform the system operations (for example, software install) that you would like to analyze.
Run a second collection using the same options you used for the first collection.
asa collect -your --opts-here
This will compare the latest two runs using the default ruleset and output a JSON report with the results.
asa export-collect
To provide your own analysis file:
asa export-collect --analysesfile path/to/your/analyses.json
The ASA CLI has a number of operations triggered by a first argument keyword. For a full list of the available Operations run asa --help.
As of the time of this writing the result of asa --help looks like below.
PS D:\GitHub\AttackSurfaceAnalyzer> asa --help
[10:21:04 INF] AttackSurfaceAnalyzer v.2.2.57+7af37f8172
Asa 2.2.57+7af37f8172
c Microsoft Corporation. All rights reserved.
collect Collect operating system metrics
monitor Continue running and monitor activity
export-monitor Output a .json report for a monitor run
export-collect Compare ASA executions and output a .json report
config Configure and query the database
gui Launch the GUI in a browser
verify Verify your analysis rules
help Display more information on a specific command.
version Display version information.