Attack Surface Discovery User Guide
Last updated
Last updated
SecureMetrics' Attack Surface Discovery PowerBI Template allows security teams or consultants to report on their external-facing attack surface discovered using the open-source tool OWASP Amass.
Note: there are two license versions for the Attack Surface Discovery Template: Internal & Consultant. There is no difference between the template, only the licensing terms.
When you purchase the Attack Surface Discovery PowerBI Template, you will receive a download with the following items:
PowerBI template file (.pbit)
Sample database file (.sqlite)
The PowerBI template will connect to a local sqlite database to load data into the dashboards. This database is auto-generated by the discovery engine, Amass. Your purchase also includes a sample database for testing connectivity.
In order to use this template, you will need to install and run the open-source attack surface discovery tool Amass, by OWASP. Because the dashboards connect directly to the Amass database, there are few requirements on how you operate the tool.
You can install Amass in a variety of methods, as described in their documentation.
In order to populate the database, you'll need to run a discovery using Amass. Because the PowerBI template is pulling directly from the Amass Sqlite database, you can run multiple discoveries over time for continuous reporting.
There are many options to get the most out of Amass. However, the easiest way to get started is to run the following command:
Note: Make sure you use the -dir flag to denote the output directory for ease of management. You can choose to keep one central database, or create a new database for each discovery (such as different clients). If a database is already present in the output directory, Amass will append the results to it. If no database is present in the output directory, it will create a new one.
Unfortunately, you cannot connect to a SQLite database by default in PowerBI. In order to accomplish this, you will need to download and install a SQLite ODBC driver such as this open-source one: http://www.ch-werner.de/sqliteodbc/
Locate the SQLite database file generated by Amass. It will be located in the output directory and defaults to the filename amass.sqlite.
Whenever you open the PowerBI template file (.pbit), you will be prompted for the location of the SQLite database file. Paste the path, removing the quotations (") if present.
That's it!
You can now either use the dashboard locally in PowerBI Desktop, or publish to the PowerBI Service to host in the cloud.