Assessment Capabilities
The Advantage Attack Surface Management (ASM) team monitors the threat landscape and adds new capabilities into the discovery process on a near-daily basis. This document discusses some of the specifics of these capabilities.
Port Scanning
By default, ASM scans the following TCP ports across both Ipv4 and Ipv6 hosts:
21,22,23,35,53,80,81,82,106,110,135,143,443,445,465,502,503,587,993,995,1090,1098,1270,
4444,1723,1883,2181,2222,2375,2376,2888,3299,3306,3389,3888,4190,4443,4444,4445,4505,4506,
4786,4848,5000,5555,5556,5672,5900,5901,5985,5986,6379,6443,7001,7002,7003,7004,7070,7071,
7443,7777,8000,8001,8002,8003,8009,8032,8080,8081,8278,8291,8443,8649,8686,8883,9000,9001,
9002,9003,9012,9091,9092,9094,9100,9200,9201,9300,9301,9443,9503,10999,10443,11099,11111,
11211,11443,11994,12443,13443,20443,27017,27018,27019,22222,30443,40443,45000,45001,47001,
47002,49152,49154,50500,53413
By default, ASM scans the following UDP ports across both Ipv4 and Ipv6 hosts:
53,123,135,139,161,500,631,1434,1900,2049,17185
Protocol Interaction
ASM interacts with the following protocols and attempts to validate that the protocol is being served on a given port. If no protocol is expected or found on a given port, an HTTP connection is always attempted.
AMQP
Apache Zookeeper Atomic Broadcast (Raw)
Cisco Smart Install
DNS
Elasticsearch
FTP
Ganglia (Raw)
HTTP / HTTPS
IMAP
Memcached (Raw)
Mongodb
Mysql
Oracle IIOP (Raw)
Oracle T3 (Raw)
Pop3
RDP (Raw)
Redis
SAP NI (Raw)
SMB
SMTP
SNMP
SSH
Telnet
UPNP
"Exposed Service" Issues are automatically created for the following protocols when detected:
- Database Service (Detected: AMQP, Zookeeper, Elasticsearch, Memcached, MongoDb, Mysql, Oracle IIOP, Oracle T3, Redis)
- FTP Service
- SMB Service
- SMB Service
- Telnet Service
- UPNP Service
Technologies Fingerprinted
Over 4500 Hardware, Operating System, and Application technologies are fingerprinted when a new NetworkService or Uri is identified. To see the full list of these technologies, see the ASM Library.
CVE Inference
All discovered technologies are passively checked against the NIST NVD CVE database when a new NetworkService or Uri is identified. To see the full list of these CVEs, see the National Vulnerability Database (NVD) website.
Vulnerability Checks
ASM provides nearly 300 passive and active vulnerability checks when a known vulnerability, misconfiguration, leak, or compromise is identified. To see the full list of these checks, see the ASM Library.
Updated 15 days ago