Introduction¶
ASM scanners are used to identify assets to add to the Escape Platform.
Alongside discovery, the ASM scanners will also execute surface scanning on the assets to provide a glance of the asset risks.
Example¶
Here is an example configuration:
---
port_scanning:
ports:
- 80
- 443
- 22
- 8080
service_discovery:
base_urls_delimiters:
- ^.*/api/v1/
- ^.*/api/v2/
base_urls_wordlist:
- https://api.example.com
blocklisted_domains: []
endpoints_wordlist: []
graphql_endpoints_wordlist: []
user_agents: []
subdomain_enumeration:
blocklist:
- ^.*\.example\.org$
Configuration reference¶
Fields¶
PortScannerConfig¶
Configuration for the port scanner.
ports¶
Type : List[integer]
*
List of ports to scan. If empty, most common ports will be scanned.
ServiceDiscoveryConfig¶
Configuration for the service discovery.
base_urls_delimiters¶
Type : List[string]
*
List of delimiters to use to split the crawled URLs into services.
If you want to customize how Escape splits crawled URLs into services, you can use this list.
This is a list of regexes we will be matched against the crawled URLs using a regex match. Then the smallest right part of the match will be used as the endpoint, and the left part as the service.
Example:
base_urls_wordlist¶
Type : List[string]
*
Wordlist of base URLs to try to discover services on.
blocklisted_domains¶
Type : List[string]
*
List of regexes to filter out domains from service discovery.
If you don't want Escape to explore a specific domain, you can skip it here.
Example:
blocklisted_domains:
- "auth\.example\.com" # Skip one domain
- ".*\.example\.com" # Skip all domains
- "auth" # Greedy match: will skip if "auth" is contained in the string
endpoints_wordlist¶
Type : List[string]
*
Wordlist of endpoints to try to discover services on.
graphql_endpoints_wordlist¶
Type : List[string]
*
Wordlist of GraphQL endpoints to try to discover services on.
If you want to customize how Escape discovers GraphQL services, define a wordlist of endpoints to try. By default, Escape will try most common GraphQL endpoints. If multiples endpoints matches, Escape will retain the first one.
Example:
graphql_endpoints_wordlist:
- '/graphql'
- '/api/graphql'
- '/v1/graphql'
- '/appsync'
# others endpoints to test ...
user_agents¶
Type : List[string]
*
List of user agents to use for the service discovery.
The user agent with the best HTTP status will be used.
Example:
SubdomainEnumerationConfig¶
blocklist¶
Type : List[string]
*
List of regexes to filter out subdomains from enumeration.
If a subdomain matches one of the regexes, it will not be enumerated.
Example: