Skip to content

CLI Walkthrough

Jump to bottom
Gabe Stocco edited this page May 22, 2024 · 3 revisions

This page has screenshots with a step-by-step demonstration for doing a simple file system analysis with AttackSurfaceAnalyzer.

  1. First perform your baseline scan. This baseline scan collects files -f only in the relative directory test, which we can see begins empty (for this demonstration). asa collect -f --directories test image image
  2. Next perform your test actions. In this case we create an unsigned binary and a text file in the directory. image
  3. Next we perform our compare scan using the same arguments as the baseline scan. asa collect -f --directories test image
  4. Now we can perform a comparison between the two runs and run the analyses built into ASA. When running export-collect you can specify the runId, when not specified it will compare the latest two collection runs. In this case, we've chosen to output sarif using the --outputsarif argument. asa export-collect --outputsarif image
  5. View the sarif in the sarif viewer of your choice, for example, the Sarif Web Component. image
  6. The default report includes changes to the system that did not match a rule, with their default severity level from the ruleset. To exclude those findings add --disableimplicitfindings like asa export-collect --outputsarif --disableimplicitfindings image
Clone this wiki locally