/attack-surface-analyzer

A tool for analyzing the attack surface of an application

Primary LanguageJavaApache License 2.0Apache-2.0

attack-surface-analyzer

A tool for analyzing the attack surface of an application.

Supported Frameworks

Java

-JAX-RS -Spring

Javascript

-Express

Python

-Django

Golang

Currently does simple checking on .Handle, .Post, and .Put function invocations. Very much a work in progress.

Building

Maven is required for building.

mvn clean install

Arguments

Arg Description Required
sourceDirectory Directory containing source code for analysis true
outputFile File containing output with discovered routes true
exclusions Comma delimited regex pattern for excluding files from analysis false
parser-stderr Enable stderr logging from parsers. Off by defaultr false
properties Properties file to load. Use enabling/disabling analyzers false
threads Number of threads to use. Defaults to 1 false

JSON report

The output JSON schema is as follows

{
  "routes": [
    {
      "path": "my/app/route",
      "fileName": "/path/to/associated/source/file",
      "method": "GET",
      "parameters": [
        {
          "dataType": "int",
          "name": "id",
          "category": "PathParam"
        }
      ]
    }
  ]
}

Properties File

Analyzers can be enabled/disabled via a properties file. If no properties file is provided, all analyzers will be enabled and be triggers if there is a relevant source file type.

visitor.golang=true
visitor.java.jaxrs=true
visitor.java.spring=true
visitor.js.express=true
visitor.python.django=true
visitor.java.frameworkdetection=true

Docker Support

After building the app you can build your container as such.

docker build -t <tag_of_your_choice> /path/to/attack-surface-analyzer

Your docker container will need at least one mount point for the directory containing your app. Here is an example.

docker run --read-only -v /source/path/to/app:/path/to/app/in/container -it <tag_built_with> -sourceDirectory /path/to/app/in/container -outputFile output.json -exclusions .*test.*

The --mount variant of mounting a volume can also be used if desired. If you want to write the output to a location outside of your container, then you will have to set a second mount point or re-use the existing one. If memory issues are encounterd, try running container with increased memory using the -m argument.