Merge branch 'master' of https://github.com/Microsoft/AttackSurfaceAnalyzer

Author: Gabe Stocco

README.md

@@ -1,38 +1,26 @@
-# Attack Surface Analyzer v2.0
+# Attack Surface Analyzer 
 
-## Version
+## Version 2.0-preview
 
-The current version is an Alpha internal only release suitable for testing core
-features.  Check future release notes here to see what's new.  A pre-release is
-planned for late March and full release sometime in late April of 2019.
+The current version is a Preview suitable for testing core features.  Check future release notes here to see what's new.  A final release is planned for late April of 2019.
 
 ## Overview
 
-Attack Surface Analyzer (ATSAN) is a Microsoft-developed open source security tool 
-located at https://GitHub/microsoft/AttackSurfaceAnalyzer that analyzes the attack 
+Attack Surface Analyzer is a Microsoft-developed open source security tool 
+available at https://github.com/microsoft/AttackSurfaceAnalyzer that analyzes the attack 
 surface of a target system and reports on potential security vulnerabilities introduced by 
-the installation of software or by misconfiguration. 
+the installation of software or by system misconfiguration. 
 
-ATSAN replaces the older ASA classic version of the tool released by Microsoft in 2012 
+Attack Surface Analyzer 2.0 replaces the classic version of the Attack Surface Analyzer tool released by Microsoft in 2012 
 as a downloadable https://www.microsoft.com/en-us/download/details.aspx?id=24487 
-that is outdated, no longer supported and was limited to versions of Microsoft Windows 
-prior to Windows 10.  
+which is no longer supported and lacks Windows 10 support.  
 
-The application works by taking a snapshot before and after software installation for 
-comparing key security impactful changes.
-
-ATSAN analysis has proven to be valuable in identifying additional items to be 
-considered in a threat model and detecting specific areas for additional fuzz testing.
-
-Typical users of ATSAN include:
+Example users of ASA include:
 * DevOps Engineers - view changes to the system attack surface introduced by your 
 software.
 * IT Security Auditors - evaluate risk presented by select software before general 
 distribution and use.
 
-Ideally, you would install the tool on a clean system with just the OS, the
-Attack Surface Analyzer and software you plan to analyze.
-
 ## Features
 
 - Files (static snapshot and live monitoring available)
@@ -42,29 +30,28 @@ Attack Surface Analyzer and software you plan to analyze.
 - Certificates
 - Registry (Windows)
 
-Future planned features:
+## Future planned features:
 - Code signing info
 - Drivers (partially covered presently under files)
 - Firewall settings
 - Redistributable installations
 - Requested features which existed in ASA Classic
 - Network traffic live monitoring
-- Registry modifications (Windows) live monitoring
+- Registry modifications (Windows) for Live monitoring
 
 ## Installation
 
-ATSAN runs on Windows, Linux, and macOS using .NET Core and has both CLI and 
-Electron .NET runtime options.  There is no setup per se.
-
-The GUI version will work without installing the .NET framework, but the CLI will not*.  
-Both must be run as Administrator to function properly.  It is planned to package it 
-so it does not require the framework to be installed before any public release.
-See https://dotnet.microsoft.com/download, if you need the framework to run apps (not the SDK).
+ASA runs on Windows, Linux, and macOS and is built on .NET Core.  It has both CLI and 
+Electron .NET runtime options.  There is currently no installer.
 
 ## Building
 
-To build ATSAN from source please visit our future developers guide (docs/project-
-docs/developer-guide.md) once available.
+To build ASA from source see the BUILD.md project file.
+
+## Misc Notes
+The release version of the CLI is a [Warp Package](https://github.com/dgiagio/warp), and on first run may take a few seconds to expand.
+
+By default data is stored in a database in your current directory named "asa.sqlite".
 
 ## Contributing
 
@@ -86,36 +73,8 @@ contact [[email protected]](mailto:[email protected]) with any additio
 
 ## How to Use
 
-To run the GUI right click 
-“ElectronNet.Host.Exe” and run as Administrator.  To run the CLI, run AttackSurfaceAnalyzerCli as root/administrator.
-
-The CLI version of the tool comes with built-in help using a help parameter i.e. ATSAN 
-/help for specifying specific collections to capture and other options.  
-
-For future additional assistance using the Electron.NET GUI see our wiki at 
-https://github.com/microsoft/AttackSurfaceAnalyzer/wiki once it becomes available.
-
-## Notes and FAQ
-
-- When comparing the results of two runs against one another the CLI this will output a 
-results.html file whereas the GUI provides in application comparison.
-- Collecting files is slow, due to the number of items processed.
-- Collecting registry entries is slow, due to the number of items processed.
-- Comparing large runs is slow.
-
-GUI:
-
-- Switching tabs in the GUI while an action is underway may make the application 
-unresponsive to further input.  This is being resolved in the next version.
-- Status reporting in the collect tab is manual and requires pressing the get status button.
-- Sometimes when collecting files in the GUI the option to get status may be 
-unresponsive.
-- Debug output is enabled in the GUI in this version.
-- The GUI is *not final* and is in the process of being updated.
-
-For future assistance with use please see our FAQ list once it is available at 
-https://github.com/microsoft/AttackSurfaceAnalyzer/wiki 
+See project wiki located on this site
 
 ## License
 
-Attack Surface Analyzer 2019 or ATSAN is licensed under the MIT license.
+Attack Surface Analyzer 2.0 or ASA is licensed under the MIT license.