Skip to content

Using the Command Line Interface

Gabe Stocco edited this page Sep 10, 2020 · 2 revisions

ASA CLI

Collect and Compare Workflow

The basic usage pattern for Attack Surface Analyzer is to run two collections, followed by a comparison and export.

First Collection

This will start a collection with all default collectors enabled.

asa collect -a

To choose a subset of collectors or provide extra arguments to collectors run asa collect --help for the full list of options. For example, to collect information about files in some selected directories and ports

asa collect -fp --selected-directories C:\System32,C:\Windows

Target

Perform the system operations (for example, software install) that you would like to analyze.

Second Collection

Run a second collection using the same options you used for the first collection.

asa collect -your --opts-here

Analysis

This will compare the latest two runs using the default ruleset and output a JSON report with the results.

asa export-collect

To provide your own analysis file:

asa export-collect --analysesfile path/to/your/analyses.json

Operations Available

The ASA CLI has a number of operations triggered by a first argument keyword. For a full list of the available Operations run asa --help.

As of the time of this writing the result of asa --help looks like below.

PS D:\GitHub\AttackSurfaceAnalyzer> asa --help
[10:21:04 INF] AttackSurfaceAnalyzer v.2.2.57+7af37f8172
Asa 2.2.57+7af37f8172
c Microsoft Corporation. All rights reserved.

  collect           Collect operating system metrics

  monitor           Continue running and monitor activity

  export-monitor    Output a .json report for a monitor run

  export-collect    Compare ASA executions and output a .json report

  config            Configure and query the database

  gui               Launch the GUI in a browser

  verify            Verify your analysis rules

  help              Display more information on a specific command.

  version           Display version information.