Closed d0nest closed 1 year ago
gfs
commented
2 years ago Just confirming - did you try opening a new terminal window after installing asa? The path may not be refreshed until you open a new instance of terminal.
What is the result if you run which -a Asa? This should print the location of all things matching Asa on your path.
gfs
commented
2 years ago I can't reproduce with the latest build using the .NET tool on Windows.
It sounds to me like this is a PATH configuration issue.
You can also install the .net tool to a local path of your choice like
dotnet tool install Microsoft.CST.AttackSurfaceAnalyzer.CLI --tool-path toolsdir
And then run it with
toolsdir\asa
d0nest
commented
2 years ago Just confirming - did you try opening a new terminal window after installing asa? The path may not be refreshed until you open a new instance of terminal.
What is the result if you run
which -a Asa? This should print the location of all things matching Asa on your path.
yes, i ran source .zsh_profile before running any asa command and running which -a asa prints
/usr/bin/asa
/Users/d0nest/.dotnet/tools/asa
gfs
commented
2 years ago Thanks for the extra information. I'll try to reproduce on a mac.
d0nest
commented
2 years ago Thank you!
d0nest
commented
2 years ago Thanks for the extra information. I'll try to reproduce on a mac.
when i ran .dotnet/tools/asa the following output was generated.
A fatal error occurred. The required library libhostfxr.dylib could not be found.
If this is a self-contained application, that library should exist in [/Users/d0nest/.dotnet/tools/.store/microsoft.cst.attacksurfaceanalyzer.cli/2.3.284/microsoft.cst.attacksurfaceanalyzer.cli/2.3.284/tools/net6.0/any/].
If this is a framework-dependent application, install the runtime in the global location [/usr/local/share/dotnet] or use the DOTNET_ROOT environment variable to specify the runtime location or register the runtime location in [/etc/dotnet].
The .NET runtime can be found at:
- https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=osx.12-x64&apphost_version=6.0.4I see a number of users on stackoverflow reporting the issue you're seeing is an issue with dotnet on the M series processor macs. I only have an intel mac so I likely won't be able to reproduce this.
You can try the fix they suggest here to reinstall the arm64 version of .net EF.
d0nest
commented
2 years ago Sorry, for the delay in response buy i am using intel processor too.
gfs
commented
2 years ago Gotcha. I also have an intel Mac I can get access to to be able to test with it later this week. I had a colleague test on an M1 Mac and they had an issue on first run of Asa but it appears to be resolved itself with a second call to Asa.
My primary suspicion is that this is an issue with your .NET install at this point but I'm not totally sure.
gfs
commented
2 years ago I've now tested on an intel Mac and cannot reproduce this.
Double checking the report I notice that you're not on the latest .NET SDK (6.0.400).
The next steps I could recommend would be to install the latest SDK and then reinstall ASA.
dotnet tool uninstall -g Microsoft.CST.AttackSurfaceAnalyzer.CLIdotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLId0nest
commented
2 years ago While installing the tool:
$ dotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLI
/var/folders/8t/92jz7nqs3_q30ltwc2w7w2pm0000gn/T/2tsgukgi.pd1/restore.csproj : error NU1301: Unable to load the service index for source https://api.nuget.org/v3/index.json.
The tool package could not be restored.
Tool
'microsoft.cst.attacksurfaceanalyzer.cli' failed to install. This failure may have been caused by:
For more reasons, including package naming enforcement, visit https://aka.ms/failure-installing-tool
gfs
commented
2 years ago That error looks like you can't access nuget.org. I have no issue running the same install command on my system.
What if you try a different .NET tool? This is another one of our tools you can install just to test your .NET:
dotnet tool install -g Microsoft.CST.RecursiveExtractor.CLI
d0nest
commented
2 years ago d0nest@Rohans-MacBook-Air ~ % dotnet tool install -g Microsoft.CST.RecursiveExtractor.CLI
You can invoke the tool using the following command: RecursiveExtractor
Tool 'microsoft.cst.recursiveextractor.cli' (version '1.1.11') was successfully installed.
d0nest
commented
2 years ago $ RecursiveExtractor
RecursiveExtractor.Cli 1.1.11+77fed84a8f
© Microsoft Corporation. All rights reserved.
ERROR(S): Required option 'i, input' is missing.
-i, --input Required. The name of the archive to extract.
-o, --output (Default: .) The directory to extract to.
-p, --passwords Comma-separated list of passwords to use.
-a, --allow-globs Comma-separated list of glob expressions. When set, files are ONLY written to disk if they match one of these filters.
-d, --deny-globs Comma-separated list of glob expressions. When set, files are NOT written to disk if they match one of these filters.
-R, --raw-extensions Comma-separated list of file extensions to treat as raw files (don't recurse into).
-n, --no-recursion Disable recursive extraction.
-s, --single-thread Disable parallelized extraction.
--verbose Set logging to 'verbose'.
--debug Set logging to 'debug'.
--printnames Output the names of all files extracted.
--help Display this help screen.
--version Display version information.
gfs
commented
2 years ago Interesting. Is it still the case that attack surface analyzer still won't install?
dfirsec
commented
1 year ago While installing the tool:
$ dotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLI/var/folders/8t/92jz7nqs3_q30ltwc2w7w2pm0000gn/T/2tsgukgi.pd1/restore.csproj : error NU1301: Unable to load the service index for source https://api.nuget.org/v3/index.json. The tool package could not be restored. Tool 'microsoft.cst.attacksurfaceanalyzer.cli' failed to install. This failure may have been caused by:
- You are attempting to install a preview release and did not use the --version option to specify the version.
- A package by this name was found, but it was not a .NET tool.
- The required NuGet feed cannot be accessed, perhaps because of an Internet connection problem.
- You mistyped the name of the tool.
For more reasons, including package naming enforcement, visit https://aka.ms/failure-installing-tool
Not sure if this will resolve your issue, but I had a similar problem with the install, and this worked for me:
Add nuget.org as a source, then proceed with install...
dotnet nuget add source https://api.nuget.org/v3/index.json -n nuget.orgdotnet tool install Microsoft.CST.AttackSurfaceAnalyzer.CLI --tool-path $ToolsDir
i am using MacOSX: monterey 12.5
I have downloaded .NET SDK (6.0.104) which i've confirmed by running dotnet --version command, then i ran "dotnet tool install -g Microsoft.CST.AttackSurfaceAnalyzer.CLI" and then, i ran "asa" it did'nt respond but on running "asa --help" it says asa: --help: No such file or directory. also, i have set the environment variable to $HOME/.dotnet/tools in rc file.