Attack Surface Mapper

Modified on Tue, Jul 29 at 8:46 AM

You can find this module at the Company level only.

Attack Surface Mapper scan covers various aspects of a domain's web presence and associated cloud services. By deeply scanning webpage content, headers, and cloud storage services like Open S3 buckets and Open Azure blobs, the scan aims to identify security vulnerabilities and exposures.

Here's how such a scan works:

Webpage Content and Headers: The scan would analyze the HTML content of webpages associated with the domain, looking for references to external resources like images, scripts, stylesheets, and iframes. It would also inspect HTTP response headers such as Content-Security-Policy and Permissions-Policy to understand the security policies and identify any misconfigurations or weaknesses.
Open S3 Buckets and Open Azure Blobs: The scan would check for any open or publicly accessible S3 buckets associated with the domain or its subdomains. Similarly, it would look for publicly accessible Azure blobs or other cloud storage resources. This involves querying DNS records, analyzing website content, and requesting known cloud storage endpoints.
Cloud Provider Information: The scan utilizes APIs provided by cloud service providers to gather information about the domain's cloud infrastructure, including details about storage resources and other services. This could help identify potential security risks associated with cloud configurations.
Subdomain Enumeration: The scan would identify any subdomains associated with the domain by examining DNS records and performing subdomain enumeration techniques. It then analyzes these subdomains to determine if they point to cloud storage endpoints or other relevant resources.

By combining these techniques, the scan provides a comprehensive assessment of the domain's attack surface, highlighting potential security weaknesses and areas for improvement.

Visit our YouTube Channel for more video content: https://www.youtube.com/@connectsecure

Table of Contents
Attack Surface Mapper - Details
Attack Surface Mapper - Toolbar Options
- Jobs
- Alerts
- Info
- Help Link
- Layout Settings
Get Support

Attack Surface Mapper - Details

Access the Attack Surface Mapper from the Assets category.

What data is captured by the Attack Surface Mapper scan?

Here is what you will see once you have completed the Attack Surface Mapper scan against a domain.

Data Label	Description / Use Case
DNS Records	Displays the DNS (Domain Name System) records associated to the domain. Different types will include A, MX, NS, TXT, and SOA record types. These help translate a human-readable domain to an actual IP address. (IE: Phonebook for the Internet)
MX Records	Displays the MX (Mail Exchange) record for the domain. This helps to route email to the correct email server(s).
Open Ports	Displays the count of open ports with the protocol. Ports are used for communication between software applications and services running on a device. The IANA maintains the complete listing found here: IANA Ports Guide.
RAW Headers	Displays the RAW Header information for the domain, which includes Cache-Control, Connection, Content-length, Content-Encoding, Content-Type, Date, Etag, Keep-alive, Server, Set-Cookie, Vary, X-host, and X-us-compatible information. This information is used for communication between web browsers and servers.
S3 Buckets	Displays any S3 (Amazon Simple Storage Service) buckets/containers for the domain; these are used for storing and organizing data on the Amazon Web Services (AWS) platform.
SPF Records	Displays the Sender Policy Framework (SPF), DNS record for the domain. This helps in preventing email spoofing and phishing by verifying that an email is sent from an authorized server.
Subdomains	Displays the count of Subdomains found in the main domain.
Target IPs	Displays the public or target IP for the domain.
Vulnerabilities	Displays the count of Vulnerabilities; the CVE-ID, Severity, Description, EPSS Score, Base Score, Impact Score, and Exploitability Score will be included.

Configuration

When you save a new configuration in Attack Surface Mapper, a scan will start immediately. To postpone the scan, check the "Scan Later" checkbox.

Tap on Add

Complete the required fields as shown here:

Do not include the https:// or .com in the Domain* field

Tap Save when completed.

Edit Domain Configuration

Use the three-dot Action menu to access the Edit Configuration.

Remove Domain Configuration

Use the three-dot Action menu to access the Remove Domain option.

Scan Now

Use the three-dot Action menu to use the Scan Now option.

Results

Tap on the Domain Name to see the ASM details.

Full details displayed.

Use the three-dot Action menu to View Details or Delete the ASM results from the portal.

Attack Surface Mapper - Toolbar Options

Jobs

Tap to view the job details.

Alerts

View our timeline style of System Events captured for each company. You can set an optional date filter range to target a specific date range of events.

Info

Tap here to view your V4 Getting Started Info.

https://cybercns.atlassian.net/wiki/x/MIDKfw

Help Link

Click to access the related documentation page; this link is functional on all screens and will take you to the appropriate documentation page.

Layout Settings

Here, you can change the UI look and feel using various options, including the Theme for color, the Scheme for dark and light mode, the Layout for toolbar and module positions, and the toggle to set the table view default.

I prefer the Teal color, Light mode, and Classic layout with an asset table view.