Discovery

Overview

Discovery is a feature of VSEC Test designed to discover attack surface(s) via various connected interfaces. Currently supporting the CAN interface, you can run a discovery scan on any bench connected to VSEC. VSEC will display discovered UDS servers, their supported services and some potentially identifying data read from the server. These discovery results can be used to build a test plan to further evaluate a target.

Running Discovery Scanner

1. Sign-in to vsec.blockharbor.io
2. Navigate to Test on the sidebar menu to enter the VSEC Test application and then select the Discovery submenu.
3. Click the Start Discovery button to begin a new discovery.
4. Select the Bench and the interfaces you want the Discovery to run on.
5. Once the discovery is complete, click the view icon ( ) on the corresponding row in the table to view the results.

Running Discovery on a Simulation Bench

Discovery can be run against a Simulation Bench instead of a physical Bench. This lets you discover the UDS and XCP services running on a virtualised CAN interface without any hardware.

1. Navigate to Test on the sidebar menu and select the Discovery submenu.
2. Click the Start Discovery button to begin a new discovery.
3. In the Bench select box, choose the desired Simulation Bench (e.g., UDS and XCP Starter Challenge).
4. Select the interface to run the Discovery on (e.g., vcan0).
5. Click the Start Discovery button to queue the discovery.

6. To view the results, click on the discovery row or the view icon ( ) on the corresponding row in the table.