Skip to content
Snippets Groups Projects
Select Git revision
  • main default
1 result

dotfiles

  • Clone with SSH
  • Clone with HTTPS
    • Name Last commit Last update
    ..
    install
    wiser-wcs-reports
    .gitignore
    .gitlab-ci.yml
    Dockerfile
    MANIFEST
    Makefile
    README.md
    basic-config.json
    configure.py
    run-cscan.sh
    README.md

    Generic suite of scanners for VAT using cscan wrapped around ZAP and w3af

    Currently supports only basic (fast) scans without any configuration.

    Usage:

    Build: make build

    Run vat-genscan Docker image and pass configuration in JSON file, mounted as /root/config.json.

    Output files are stored in /root/out and the result of the scan is always output to stdout.

    Example:
    docker run -e "TARGET=http://10.10.43.182" -v /tmp/genscan-out/:/root/out/ vat-genscan
    also make TARGET="http://10.10.43.182" OUTPUT_DIR="/tmp/genscan-out/" start
    or make start (default TARGET=http://10.10.43.182, OUTPUT_DIR none).

    Configuration:

    Supported scanners and their profiles:

    • w3af
      • fast_scan: no parameters
    • zap
      • basic: no parameters
    • nmap
      • basic_discovery: no parameters

    Example JSON config file:

    {
    "target": {
        "url": "https://172.17.0.1/webapp/path/",
        "ip": "172.17.0.1"
    },
    "config": {
        "w3af": {
            "profile": "fast_scan"
        },
        "zap": {
            "profile": "basic"
        },
        "nmap": {
            "profile": "basic_discovery"
        }
    }
}

    TODOs and FIXMEs:

    • include some configuration options (at least authenticated scans for w3af)