Skip to content
Snippets Groups Projects
Select Git revision
  • 0687e58f2d5e68f8de225632549832d052e8635e
  • master default
  • medina
3 results

vat-genscan

Generic suite of scanners for VAT using cscan wrapped around ZAP and w3af

Currently supports only basic (fast) scans without any configuration.

Usage:

Build: make build

Run vat-genscan Docker image and pass configuration in JSON file, mounted as /root/config.json.

Output files are stored in /root/out and the result of the scan is always output to stdout.

Example:
docker run -e "TARGET=http://10.10.43.182" -v /tmp/genscan-out/:/root/out/ vat-genscan
also make TARGET="http://10.10.43.182" OUTPUT_DIR="/tmp/genscan-out/" start
or make start (default TARGET=http://10.10.43.182, OUTPUT_DIR none).

Configuration:

Supported scanners and their profiles:

  • w3af
    • fast_scan: no parameters
    • auth_scan: provide login parameters so that w3af can scan resources, available only to logged-in users - parameters:
      • username
      • password
      • username_field
      • password_field
      • auth_url
      • check_url
      • check_string
  • zap
    • basic: no parameters
  • nmap
    • basic_discovery: no parameters
    • basic_discovery_ports: provide port parameter (nmap -sV -p xxx)
      • ports
    • custom_parameters: provide all command line parameters (nmap xxxxxx)
      • parameters

See example config files in config-examples folder.