# Identifikasi Attack Surface
Attack Surface adalah seluruh titik yang dapat dijadikan pintu masuk oleh penyerang untuk menyerang sistem. Memahami attack surface sangat penting karena menjadi dasar strategi pentest dan eksploitasi.
—
# 1. Elemen Attack Surface
### 1.1 External Attack Surface
– domain & subdomain,
– IP publik,
– exposed APIs,
– CDN endpoints,
– cloud assets (bucket, load balancer).
### 1.2 Internal Attack Surface
– internal networks (VLAN),
– internal applications,
– file servers,
– database servers,
– CI/CD pipelines.
### 1.3 Application Attack Surface
– login forms,
– upload forms,
– API endpoints,
– admin panels,
– business logic.
### 1.4 Human Attack Surface
– employee emails,
– weak passwords,
– phishing likelihood,
– exposed credentials.
—
# 2. Langkah Identifikasi Attack Surface
### Langkah 1: Enumerasi Aset
Gunakan OSINT + scanning untuk menemukan aset.
### Langkah 2: Klasifikasi Aset
Pisahkan berdasarkan kategori:
– exposed,
– internal,
– third-party,
– legacy.
### Langkah 3: Validasi Risiko
Nilai aset berdasarkan:
– criticality,
– sensitivity,
– exposure level.
—
# 3. Risiko Umum dari Attack Surface yang Buruk
– shadow IT,
– forgotten subdomain,
– exposed dev/staging system,
– misconfigured S3 buckets.
—
# 4. Blok Perintah (Semua Tools dalam 1 Code Block)
“`bash
# ASSET DISCOVERY
subfinder -d target.com
amass enum -d target.com
dnsx -d target.com -resp
# PORT & SERVICE SCAN
nmap -p- -T4 target.com
nmap -sV -sC target.com
# WEB TECHNOLOGY FINGERPRINTING
whatweb target.com
wappalyzer http://target.com
# API DISCOVERY
katana -u http://target.com
# CLOUD ENUM INDICATORS
aws s3 ls s3://target-bucket –no-sign-request
gcloud dns managed-zones list
az storage blob list –account-name target
# INTERNAL ATTACK SURFACE (POST-COMPROMISE)
nmap -sV 10.0.0.0/24
crackmapexec smb 10.0.0.0/24
