Documentation

Assessment Capabilities

The Advantage Attack Surface Management (ASM) team monitors the threat landscape and adds new capabilities into the discovery process on a near-daily basis. This document discusses some of the specifics of these capabilities.

Port Scanning

By default, ASM scans the following TCP ports across both Ipv4 and Ipv6 hosts:

21,22,23,35,53,80,81,82,106,110,135,143,443,445,465,502,503,587,993,995,1090,1098,1270,
4444,1723,1883,2181,2222,2375,2376,2888,3299,3306,3389,3888,4190,4443,4444,4445,4505,4506,
4786,4848,5000,5555,5556,5672,5900,5901,5985,5986,6379,6443,7001,7002,7003,7004,7070,7071,
7443,7777,8000,8001,8002,8003,8009,8032,8080,8081,8278,8291,8443,8649,8686,8883,9000,9001,
9002,9003,9012,9091,9092,9094,9100,9200,9201,9300,9301,9443,9503,10999,10443,11099,11111,
11211,11443,11994,12443,13443,20443,27017,27018,27019,22222,30443,40443,45000,45001,47001,
47002,49152,49154,50500,53413

By default, ASM scans the following UDP ports across both Ipv4 and Ipv6 hosts:

53,123,135,139,161,500,631,1434,1900,2049,17185

Protocol Interaction

ASM interacts with the following protocols and attempts to validate that the protocol is being served on a given port. If no protocol is expected or found on a given port, an HTTP connection is always attempted.

AMQP
Apache Zookeeper Atomic Broadcast (Raw)
Cisco Smart Install
DNS
Elasticsearch
FTP
Ganglia (Raw)
HTTP / HTTPS
IMAP
Memcached (Raw)
Mongodb
Mysql
Oracle IIOP (Raw)
Oracle T3 (Raw)
Pop3
RDP (Raw)
Redis
SAP NI (Raw)
SMB
SMTP
SNMP
SSH
Telnet
UPNP

"Exposed Service" Issues are automatically created for the following protocols when detected:

  • Database Service (Detected: AMQP, Zookeeper, Elasticsearch, Memcached, MongoDb, Mysql, Oracle IIOP, Oracle T3, Redis)
  • FTP Service
  • SMB Service
  • SMB Service
  • Telnet Service
  • UPNP Service

Technologies Fingerprinted

Over 4500 Hardware, Operating System, and Application technologies are fingerprinted when a new NetworkService or Uri is identified. To see the full list of these technologies, see the ASM Library.

CVE Inference

All discovered technologies are passively checked against the NIST NVD CVE database when a new NetworkService or Uri is identified. To see the full list of these CVEs, see the National Vulnerability Database (NVD) website.

Vulnerability Checks

ASM provides nearly 300 passive and active vulnerability checks when a known vulnerability, misconfiguration, leak, or compromise is identified. To see the full list of these checks, see the ASM Library.

Updated 17 days ago