For those working in securing Windows environment, from both configuration and development side, you should already know the Attack Surface Analyzer (https://www.microsoft.com/en-us/download/details.aspx?id=24487).
Well, good news, after quite some waiting (about 7 years since this has been first released), a new version of the Attack Surface Analyzer has been released and is available now on GitHub (https://github.com/Microsoft/AttackSurfaceAnalyzer).
This new version continues to covers Windows configuration settings (file system, user accounts or registry) but can now also being executed on MacOS or Linux.
You can use with both the graphical wizard or a command line as it now runs with .Net Core.
You can get the documentation on how to use it at the wiki page https://github.com/Microsoft/AttackSurfaceAnalyzer/wiki