Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • medina
2 results

vat-genscan

  • Clone with SSH
  • Clone with HTTPS
    • Name Last commit Last update
    config-examples
    install
    wiser-wcs-reports
    .gitignore
    .gitlab-ci.yml
    Dockerfile
    LICENSE
    MANIFEST
    Makefile
    README.md
    configure.py
    run-cscan.sh
    README.md

    Generic suite of scanners for VAT using cscan wrapped around ZAP and w3af

    Author: XLAB

    Currently supports only basic (fast) scans without any configuration.

    Usage:

    Build: make build

    Run vat-genscan Docker image and pass configuration in JSON file, mounted as /root/config.json.

    Output files are stored in /root/out and the result of the scan is always output to stdout.

    Example:
    docker run -e "TARGET=http://10.10.43.182" -v /tmp/genscan-out/:/root/out/ vat-genscan
    also make TARGET="http://10.10.43.182" OUTPUT_DIR="/tmp/genscan-out/" start
    or make start (default TARGET=http://10.10.43.182, OUTPUT_DIR none).

    Configuration:

    Supported scanners and their profiles:

    • w3af
      • fast_scan: no parameters
      • auth_scan: provide login parameters so that w3af can scan resources, available only to logged-in users - parameters:
        • username
        • password
        • username_field
        • password_field
        • auth_url
        • check_url
        • check_string
    • zap
      • basic: no parameters
    • nmap
      • basic_discovery: no parameters
      • basic_discovery_ports: provide port parameter (nmap -sV -p xxx)
        • ports
      • custom_parameters: provide all command line parameters (nmap xxxxxx)
        • parameters

    See example config files in config-examples folder.