Kali Linux

Attack-Surface-Framework : Tool To Discover External And Internal Network Attack Surface

Attack-Surface-Framework aims to protect organizations acting as an attack surface watchdog, provided an “Object” which might be a: Domain, IP address or CIDR (Internal or External), ASF will discover assets/subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible attacking and alerting framework leveraging an additional layer of support against 0 day vulnerabilities with publicly available POCs.

Motivation

The lack of support and flexibility to automate discovery of dynamic assets and their associated vulnerabilities through continuous scanning or exploitation in a single pane of glass was the driving force in the creation of ASF, the current solutions are restricted by the technology or the program they are built for, we wanted a solution that is scalable as well as utilizes popular Open Source security tools for handling a full vulnerability lifecycle.

ASF is a breed of open source projects leveraging a powerful arsenal of tools wrapped in a single pane of glass on top of a GUI. ASF architectural diagram illustrated below:

Prerequisites

Latest version of Kali Linux (tested on 64 bits) – https://kali.org/get-kali/

16 GB of RAM at least

1 TB HD – XFS filesystem recommended

Build & Run

As root

  • git clone https://github.com/vmware-labs/attack-surface-framework.git /opt/asf
  • cd /opt/asf/
  • Run ./setup.sh
  • Assign your user, email and yourpass

Once the installation is completed

  • cd /opt/asf/frontend/asfgui/
  • . bin/activate
  • python3 manage.py runserver 0.0.0.0:8080 – We recommend to run it on a screen session to leave server persistent (screen -S asf)

Security

ASF is not meant to be publicly exposed, assuming you install it on a cloud provider or even on a local instance, we recommend to access it using port forwarding through SSH, here is an example:

ssh -i "key.pem" -L 8080:127.0.0.1:8080 user@yourhost – For ASF GUI

ssh -i "key.pem" -L 9045:127.0.0.1:9045 user@yourhost – To access Graylog2 Panel

Then open your browser and go to:

http://127.0.0.1:8080 – For ASF – user:youruser pass:yourpass (provided in initial setup)

https://127.0.0.1:9045 – For Graylog2 – user:admin pass:admin #Change it in /graylog/docker-compose.yaml

Graylog2 requires a few steps to start receiving logs from ASF:

Once logged in, go to System/”Content Packs” and import the Content Pack located at /opt/asf/tools/graylog/content_pack_ASF.json, click on the “Upload” button and you should see “Basic” reflected in the “Select Content Packs” section, click on “Basic”, make sure the “ASF” radio button is selected and hit the “Apply content” button, this will create the Global input to parse JSON logs and related extractors.

Now you are ready to receive logs from ASF and setup your streams / alerts / dasboards !

More info @ https://docs.graylog.org/en/4.1/

Documentation

ASF has two scopes:

A) External: For your publicly exposed assets.

B) Internal: Assets in your corporate network.

For the External scope, the flow goes through four basic steps:

A.1 Targets – Here is where you input your targets

A.2 Discovery – Module that runs the Amass process to discover publicly exposed assets, feel free to create your configuration file to setup your API keys https://github.com/OWASP/Amass/blob/master/examples/config.ini

A.3 Enumeration – Module that runs the NMAP process to enumerate ports/services and create filters for the Redteam module. Default setup is to look for --top-ports 200 but you can suit it to your needs in /opt/asf/tools/nmap/*.sh

A.4 Redteam – Module that runs submodules located in “/opt/asf/redteam”

Note: For the Internal scope, the flow goes through A.1(Targets),A.3(Enumeration) and A.4(Redteam).

R K

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

2 hours ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 hours ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

22 hours ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

22 hours ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

22 hours ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

3 days ago