DEF CON 31 Recon Village - Jason Haddix - Easy EASM The Zero-Dollar Attack Surface Management Tool

preview_player
Показать описание
Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets.

The industry is dominated by "Attack Surface Management," but OG bug bounty hunters and red teamers know the truth. External ASM was born out of the bug bounty scene.

With ten lines of setup or less, using open source tools, and one button deployment, Easy EASM will give your organization a complete view of your online assets. Easy EASM scans you daily and alerts you via Slack or Discord on newly found assets! Easy EASM also spits out an Excel skeleton for a Risk Register or Asset Database! This isn't rocket science.. but it's USEFUL. Grab Easy EASM and feel confident you know what's facing attackers on the internet.

Easy EASM uses a collection of tools tied together to perform recon on a target or set of targets. Utilizing Amass, Subfinder, Chaos, Notify, r7 Sonar, eyewitness, and Cloud Certs. It will run daily and track all assets discovered for your targets. With a Discord or Slack key, you'll get this output to chat every morning if any new assets have appeared. You can choose the "fast" or "comprehensive" deployment, which adds additional methods to the discovery (brute force, permutation discovery, screenshots, and tech profiling).

BUT... literally, all the user does is one-click deploy and add a Slack or Discord token. Then they start receiving bacon... I mean recon... I mean EASM data.

------------------------------------------------------------------------------------------------------------------------------------------

This talk was recorded at the @ReconVillage - at @DEFCONConference 31 , Hotel Linq, Las Vegas.

For more updates and announcements, follow us on

Cheers,
Recon Village Team.
Рекомендации по теме