diff --git a/README.md b/README.md index 6d97001d..883043a3 100644 --- a/README.md +++ b/README.md @@ -76,15 +76,15 @@ helm -n securecodebox-system install securecodebox-operator ./operator/ Optionally deploy SCB scanner Charts for each security scanner you want to use: ```bash -helm upgrade --install amass ./scanner/amass/ -helm upgrade --install kube-hunter ./scanner/kube-hunter/ -helm upgrade --install nikto ./scanner/nikto -helm upgrade --install nmap ./scanner/nmap/ -helm upgrade --install ssh-scan ./scanner/ssh_scan/ -helm upgrade --install sslyze ./scanner/sslyze/ -helm upgrade --install trivy ./scanner/trivy/ -helm upgrade --install zap ./scanner/zap/ -helm upgrade --install wpscan ./scanner/wpscan/ +helm upgrade --install amass ./scanners/amass/ +helm upgrade --install kube-hunter ./scanners/kube-hunter/ +helm upgrade --install nikto ./scanners/nikto +helm upgrade --install nmap ./scanners/nmap/ +helm upgrade --install ssh-scan ./scanners/ssh_scan/ +helm upgrade --install sslyze ./scanners/sslyze/ +helm upgrade --install trivy ./scanners/trivy/ +helm upgrade --install zap ./scanners/zap/ +helm upgrade --install wpscan ./scanners/wpscan/ ``` Optional deploy some demo apps for scanning: @@ -109,20 +109,20 @@ helm upgrade --install elkh ./hooks/persistence-elastic/ ### Examples -Now everything is installed. You can try deploying scans from the `scanner/*/examples` directories. +Now everything is installed. You can try deploying scans from the `scanners/*/examples` directories. #### Local Scan Examples E.g. localhost nmap scan: ```bash -kubectl apply -f scanner/nmap/examples/localhost/scan.yaml +kubectl apply -f scanners/nmap/examples/localhost/scan.yaml ``` #### Public Scan Examples ```bash -kubectl apply -f scanner/nmap/examples/scan.nmap.org/scan.yaml +kubectl apply -f scanners/nmap/examples/scan.nmap.org/scan.yaml ``` #### Then get the current State of the Scan by running: @@ -169,42 +169,11 @@ Contributions are welcome and extremely helpful 🙌 ## Author Information -Sponsored by [iteratec GmbH](https://www.iteratec.de/) - -[secureCodeBox.io](https://www.securecodebox.io/) - -[nginx]: https://nginx.org/en/ -[camunda]: https://camunda.com/de/ -[exteralservicetask]: https://docs.camunda.org/manual/latest/user-guide/process-engine/external-tasks/ -[bpmn]: https://en.wikipedia.org/wiki/Business_Process_Model_and_Notation -[docker]: https://www.docker.com/ -[consul]: https://www.consul.io/ -[microservices]: https://martinfowler.com/articles/microservices.html -[beta-testers]: https://www.securecodebox.io/ +Sponsored by [iteratec GmbH](https://www.iteratec.de/) - [secureCodeBox.io](https://www.securecodebox.io/) + [owasp]: https://www.owasp.org/index.php/OWASP_secureCodeBox [objspec]: https://www.sigs-datacom.de/fachzeitschriften/objektspektrum.html [secdevops-objspec]: http://www.sigs.de/public/ots/2017/OTS_DevOps_2017/Seedorff_Pfaender_OTS_%20DevOps_2017.pdf -[jenkins]: https://jenkins.io/ -[nmap]: https://nmap.org/ -[nikto]: https://cirt.net/Nikto2 -[arcachni]: http://www.arachni-scanner.com/ -[sslyze]: https://github.com/nabla-c0d3/sslyze -[sqlmap]: http://sqlmap.org/ -[sshscan]: https://github.com/mozilla/ssh_scan_api -[burp]: https://portswigger.net/burp -[arachni]: http://www.arachni-scanner.com/ -[wpscan]: https://wpscan.org/ -[amass]: https://github.com/owasp/amass -[wordpress]: https://wordpress.com/ -[consul]: https://www.consul.io/ -[resty]: https://openresty.org/en/ -[keycloak]: http://www.keycloak.org/ -[openid]: https://de.wikipedia.org/wiki/OpenID -[elasticsearch]: https://www.elastic.co/products/elasticsearch -[kibana]: https://www.elastic.co/de/products/kibana -[logstash]: https://www.elastic.co/products/logstash -[dvwa]: http://www.dvwa.co.uk/ -[bodgeit]: https://github.com/psiinon/bodgeit -[juiceshop]: https://www.owasp.org/index.php/OWASP_Juice_Shop_Project [scb-github]: https://github.com/secureCodeBox/ [scb-engine]: https://github.com/secureCodeBox/engine [scb-twitter]: https://twitter.com/secureCodeBox diff --git a/scanners/amass/Chart.yaml b/scanners/amass/Chart.yaml index cf8662cc..1e42a7ca 100644 --- a/scanners/amass/Chart.yaml +++ b/scanners/amass/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: amass -description: A Helm chart for the Amass security Scanner that integrates with the secureCodeBox. +description: A Helm chart for the Amass security scanner that integrates with the secureCodeBox. type: application version: 0.1.0 @@ -11,8 +11,8 @@ keywords: - amass - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/Amass -icon: https://www.securecodebox.io/integrationIcons/Amass.svg +home: https://www.securecodebox.io/scanners/amass +icon: https://www.securecodebox.io/scannerIcons/Amass.svg sources: - https://github.com/secureCodeBox/secureCodeBox maintainers: diff --git a/scanners/amass/README.md b/scanners/amass/README.md index 5a0cdbf2..67e2f528 100644 --- a/scanners/amass/README.md +++ b/scanners/amass/README.md @@ -1,6 +1,6 @@ --- title: "Amass" -path: "scanner/Amass" +path: "scanners/amass" category: "scanner" usecase: "Subdomain Enumeration Scanner" --- @@ -13,35 +13,37 @@ The OWASP Amass Project has developed a tool to help information security profes ## Deployment -The AMASS scanType can be deployed via helm. +The AMASS scanType can be deployed via helm: ```bash -helm upgrade --install amass ./scanner/amass/ +helm upgrade --install amass ./scanners/amass/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *secureCodeBox.io* [scan](./examples/secureCodeBox.io/scan.yaml) and [findings](./examples/secureCodeBox.io/findings.yaml) * Example *example.com* [scan](./examples/secureCodeBox.io/scan.yaml) and [findings](./examples/secureCodeBox.io/findings.yaml) ## Configuration -The follwing security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the [Amass User Guide], please take a look at the original documentation for more configuration examples. * The most basic use of the tool for subdomain enumeration: `amass enum -d example.com` * Typical parameters for DNS enumeration: `amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com` - + Special command line options: + * Disable generation of altered names `amass enum -noalts -d example.com` * Turn off recursive brute forcing `amass enum -brute -norecursive -d example.com` * Disable saving data into a local database `amass enum -nolocaldb -d example.com` * Domain names separated by commas (can be used multiple times) `amass enum -d example.com` - ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -51,8 +53,8 @@ Special command line options: 1. Install the dependencies `npm install` 2. Update the parser function here: `./parser/parser.js` 3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` +4. Run the test suite: `npm test` [OWASP_Amass_Project]: https://owasp.org/www-project-amass/ [Amass GitHub]: https://github.com/OWASP/Amass -[Amass User Guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md \ No newline at end of file +[Amass User Guide]: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md diff --git a/scanners/kube-hunter/Chart.yaml b/scanners/kube-hunter/Chart.yaml index fe41bef8..78d55e6e 100644 --- a/scanners/kube-hunter/Chart.yaml +++ b/scanners/kube-hunter/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: kube-hunter -description: A Helm chart for the kube-hunter security Scanner that integrates with the secureCodeBox. +description: A Helm chart for the kube-hunter security scanner that integrates with the secureCodeBox. type: application version: 0.1.0 @@ -11,8 +11,8 @@ keywords: - kube-hunter - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/kube-hunter -icon: https://www.securecodebox.io/integrationIcons/kube-hunter.svg +home: https://www.securecodebox.io/scanners/kube-hunter +icon: https://www.securecodebox.io/scannerIcons/kube-hunter.svg sources: - https://github.com/secureCodeBox/secureCodeBox maintainers: diff --git a/scanners/kube-hunter/README.md b/scanners/kube-hunter/README.md index 69ce4b44..70500477 100644 --- a/scanners/kube-hunter/README.md +++ b/scanners/kube-hunter/README.md @@ -1,6 +1,6 @@ --- title: "kube-hunter" -path: "scanner/kube-hunter" +path: "scanners/kube-hunter" category: "scanner" usecase: "Kubernetes Vulnerability Scanner" --- @@ -13,20 +13,21 @@ To learn more about the kube-hunter scanner itself visit [kube-hunter GitHub] or ## Deployment -The kube-hunter ScanType can be deployed via helm. +The kube-hunter ScanType can be deployed via helm: ```bash -helm upgrade --install kube-hunter ./scanner/kube-hunter/ +helm upgrade --install kube-hunter ./scanners/kube-hunter/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *in-cluster* [scan](./examples/in-cluster/scan.yaml) and [findings](./examples/in-cluster/findings.yaml) ## Configuration -The follwing security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the [kube-hunter Documentation], please take a look at the original documentation for more configuration examples. * To specify remote machines for hunting, select option 1 or use the --remote option. Example: `kube-hunter --remote some.node.com` * To specify interface scanning, you can use the --interface option (this will scan all of the machine's network interfaces). Example: `kube-hunter --interface` @@ -35,6 +36,7 @@ The follwing security scan configuration example are based on the [kube-hunter D ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -44,8 +46,8 @@ The follwing security scan configuration example are based on the [kube-hunter D 1. Install the dependencies `npm install` 2. Update the parser function here: `./parser/parser.js` 3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` +4. Run the test suite: `npm test` [kube-hunter Website]: https://kube-hunter.aquasec.com/ [kube-hunter GitHub]: https://github.com/aquasecurity/kube-hunter -[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options \ No newline at end of file +[kube-hunter Documentation]: https://github.com/aquasecurity/kube-hunter#scanning-options diff --git a/scanners/nikto/Chart.yaml b/scanners/nikto/Chart.yaml index 80a2b865..89079341 100644 --- a/scanners/nikto/Chart.yaml +++ b/scanners/nikto/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nikto -description: A Helm chart for the Nikto security Scanner that integrates with the secureCodeBox. +description: A Helm chart for the Nikto security scanner that integrates with the secureCodeBox. type: application version: 0.1.0 @@ -11,8 +11,8 @@ keywords: - nikto - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/Nikto -icon: https://www.securecodebox.io/integrationIcons/Nikto.svg +home: https://www.securecodebox.io/scanners/nikto +icon: https://www.securecodebox.io/scannerIcons/Nikto.svg sources: - https://github.com/secureCodeBox/secureCodeBox maintainers: diff --git a/scanners/nikto/README.md b/scanners/nikto/README.md index 97f3152f..d0fc8434 100644 --- a/scanners/nikto/README.md +++ b/scanners/nikto/README.md @@ -1,6 +1,6 @@ --- title: "Nikto" -path: "scanner/Nikto" +path: "scanners/nikto" category: "scanner" usecase: "Webserver Vulnerability Scanner" --- @@ -13,20 +13,21 @@ Nikto is a free software command-line vulnerability scanner that scans webserver ## Deployment -The Nikto ScanType can be deployed via helm. +The Nikto ScanType can be deployed via helm: ```bash -helm upgrade --install nikto ./scanner/nikto/ +helm upgrade --install nikto ./scanners/nikto/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *secureCodeBox.io* [scan](./examples/secureCodeBox.io/scan.yaml) and [findings](./examples/secureCodeBox.io/findings.yaml) ## Configuration -The follwing security scan configuration example are based on the [Nikto Documentation](https://cirt.net/nikto2-docs/usage.html#id2780332), please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the [Nikto Documentation](https://cirt.net/nikto2-docs/usage.html#id2780332), please take a look at the original documentation for more configuration examples. * The most basic Nikto scan requires simply a host to target, since port 80 is assumed if none is specified. The host can either be an IP or a hostname of a machine, and is specified using the -h (-host) option. This will scan the IP 192.168.0.1 on TCP port 80: `-h 192.168.0.1` * To check on a different port, specify the port number with the -p (-port) option. This will scan the IP 192.168.0.1 on TCP port 443: `-h 192.168.0.1 -p 443` @@ -49,11 +50,12 @@ Nikto also has a comprehensive list of [command line options documented](https:/ * a - Authentication Bypass. Allows client to access a resource it should not be allowed to access. * b - Software Identification. Installed software or program could be positively identified. * c - Remote source inclusion. Software allows remote inclusion of source code. - * x - Reverse Tuning Options. Perform exclusion of the specified tuning type instead of inclusion of the specified tuning type + * x - Reverse Tuning Options. Perform exclusion of the specified tuning type instead of inclusion of the specified tuning type ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -63,7 +65,7 @@ Nikto also has a comprehensive list of [command line options documented](https:/ 1. Install the dependencies `npm install` 2. Update the parser function here: `./parser/parser.js` 3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` +4. Run the test suite: `npm test` [cirt.net]: https://cirt.net/ -[nikto github]: https://github.com/sullo/nikto \ No newline at end of file +[nikto github]: https://github.com/sullo/nikto diff --git a/scanners/nmap/Chart.yaml b/scanners/nmap/Chart.yaml index 253ac64f..f9ce58a5 100644 --- a/scanners/nmap/Chart.yaml +++ b/scanners/nmap/Chart.yaml @@ -11,8 +11,8 @@ keywords: - nmap - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/Nmap -icon: https://www.securecodebox.io/integrationIcons/Nmap.svg +home: https://www.securecodebox.io/scanners/nmap +icon: https://www.securecodebox.io/scannerIcons/Nmap.svg sources: - https://github.com/secureCodeBox/secureCodeBox maintainers: diff --git a/scanners/nmap/README.md b/scanners/nmap/README.md index 18444c29..b30385fa 100644 --- a/scanners/nmap/README.md +++ b/scanners/nmap/README.md @@ -1,6 +1,6 @@ --- title: "Nmap" -path: "scanner/Nmap" +path: "scanners/nmap" category: "scanner" usecase: "Network Scanner" --- @@ -15,15 +15,16 @@ To learn more about the Nmap scanner itself visit [nmap.org]. ## Deployment -The Nmap ScanType can be deployed via helm. +The Nmap ScanType can be deployed via helm: ```bash -helm install nmap ./scanner/nmap/ +helm install nmap ./scanners/nmap/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *local-network* [scan](./examples/local-network/scan.yaml) and [findings](./examples/local-network/findings.yaml) * Example *localhost* [scan](./examples/local-network/scan.yaml) and [findings](./examples/local-network/findings.yaml) * Example *scan.nmap.org* [scan](./examples/local-network/scan.yaml) and [findings](./examples/local-network/findings.yaml) @@ -49,6 +50,7 @@ Some useful example parameters listed below: ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -58,7 +60,8 @@ Some useful example parameters listed below: 1. Install the dependencies `npm install` 2. Update the parser function here: `./parser/parser.js` 3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` +4. Run the test suite: `npm test` #### Basic scanner tests -If you want to test sslyze localy you can use brew (only on macOS) to install it: `brew install nmap` \ No newline at end of file + +If you want to test sslyze localy you can use brew (only on macOS) to install it: `brew install nmap` diff --git a/scanners/ssh_scan/Chart.yaml b/scanners/ssh_scan/Chart.yaml index 15f083bb..3bda96c0 100644 --- a/scanners/ssh_scan/Chart.yaml +++ b/scanners/ssh_scan/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: ssh-scan -description: A Helm chart for the SSH_Scan security Scanner that integrates with the secureCodeBox. +description: A Helm chart for the SSH_Scan security scanner that integrates with the secureCodeBox. type: application version: 0.1.0 @@ -11,8 +11,8 @@ keywords: - ssh - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/SSH -icon: https://www.securecodebox.io/integrationIcons/SSH.svg +home: https://www.securecodebox.io/scanners/ssh +icon: https://www.securecodebox.io/scannerIcons/SSH.svg sources: - https://github.com/secureCodeBox/secureCodeBox maintainers: diff --git a/scanners/ssh_scan/README.md b/scanners/ssh_scan/README.md index a5dd22a0..fb324aea 100644 --- a/scanners/ssh_scan/README.md +++ b/scanners/ssh_scan/README.md @@ -1,6 +1,6 @@ --- title: "SSH" -path: "scanner/SSH" +path: "scanners/ssh" category: "scanner" usecase: "SSH Configuration and Policy Scanner" release: "https://img.shields.io/github/release/secureCodeBox/scanner-infrastructure-ssh.svg" @@ -17,18 +17,19 @@ To learn more about the ssh_scan scanner itself visit [ssh_scan GitHub]. The SSH_scan ScanType can be deployed via helm. ```bash -helm upgrade --install ssh ./scanner/ssh_scan/ +helm upgrade --install ssh ./scanners/ssh_scan/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *example.com* [scan](./examples/example.com/scan.yaml) and [findings](./examples/example.com/findings.yaml) * Example *localhost* [scan](./examples/localhost/scan.yaml) and [findings](./examples/localhost/findings.yaml) ## Configuration -The follwing security scan configuration example are based on the [ssh_scan Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the [ssh_scan Documentation], please take a look at the original documentation for more configuration examples. ```bash ssh_scan v0.0.21 (https://github.com/mozilla/ssh_scan) @@ -69,6 +70,7 @@ Examples: ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -78,7 +80,7 @@ Examples: 1. Install the dependencies `npm install` 2. Update the parser function here: `./parser/parser.js` 3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` +4. Run the test suite: `npm test` [ssh_scan GitHub]: https://github.com/mozilla/ssh_scan -[ssh_scan Documentation]: https://github.com/mozilla/ssh_scan#example-command-line-usage \ No newline at end of file +[ssh_scan Documentation]: https://github.com/mozilla/ssh_scan#example-command-line-usage diff --git a/scanners/sslyze/Chart.yaml b/scanners/sslyze/Chart.yaml index 80fac407..db5f4f39 100644 --- a/scanners/sslyze/Chart.yaml +++ b/scanners/sslyze/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: sslyze -description: A Helm chart for the SSLyze security Scanner that integrates with the secureCodeBox. +description: A Helm chart for the SSLyze security scanner that integrates with the secureCodeBox. type: application version: 0.1.0 @@ -11,8 +11,8 @@ keywords: - ssl - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/SSLyze -icon: https://www.securecodebox.io/integrationIcons/SSLyze.svg +home: https://www.securecodebox.io/scanners/sslyze +icon: https://www.securecodebox.io/scannerIcons/SSLyze.svg sources: - https://github.com/secureCodeBox/secureCodeBox maintainers: diff --git a/scanners/sslyze/README.md b/scanners/sslyze/README.md index 5f26c0b8..68f7092e 100644 --- a/scanners/sslyze/README.md +++ b/scanners/sslyze/README.md @@ -1,6 +1,6 @@ --- title: "SSLyze" -path: "scanner/SSLyze" +path: "scanners/sslyze" category: "scanner" usecase: "SSL/TLS Configuration Scanner" --- @@ -11,21 +11,22 @@ SSLyze is a Python library and a CLI tool that can analyze the SSL configuration ## Deployment -The SSLyze scanType can be deployed via helm. +The SSLyze scanType can be deployed via helm: ```bash -helm upgrade --install sslyze ./scanner/sslyze/ +helm upgrade --install sslyze ./scanners/sslyze/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *secureCodeBox.io* [scan](./examples/secureCodeBox.io/scan.yaml) and [findings](./examples/secureCodeBox.io/findings.yaml) * Example *example.com* [scan](./examples/example.com/scan.yaml) and [findings](./examples/example.com/findings.yaml) ## Configuration -The follwing security scan configuration example are based on the [SSLyze Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the [SSLyze Documentation], please take a look at the original documentation for more configuration examples. The command line interface can be used to easily run server scans: `sslyze --regular www.example.com` @@ -135,6 +136,7 @@ Options: ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -144,10 +146,11 @@ Options: 1. Install the dependencies `npm install` 2. Update the parser function here: `./parser/parser.js` 3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` +4. Run the test suite: `npm test` #### Basic scanner tests + If you want to test sslyze localy you can use brew (only on macOS) to install it: `brew install sslyze` [SSLyze GitHub]: https://github.com/nabla-c0d3/sslyze -[SSLyze Documentation]: https://nabla-c0d3.github.io/sslyze/documentation/ \ No newline at end of file +[SSLyze Documentation]: https://nabla-c0d3.github.io/sslyze/documentation/ diff --git a/scanners/trivy/Chart.yaml b/scanners/trivy/Chart.yaml index 17be3f1c..83c5b8e4 100644 --- a/scanners/trivy/Chart.yaml +++ b/scanners/trivy/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: trivy -description: A Helm chart for the trivy security Scanner that integrates with the secureCodeBox. +description: A Helm chart for the trivy security scanner that integrates with the secureCodeBox. type: application version: 0.1.0 @@ -12,7 +12,7 @@ keywords: - image-scanning - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/trivy +home: https://www.securecodebox.io/scanners/trivy icon: https://github.com/aquasecurity/trivy/blob/master/imgs/logo.png sources: - https://github.com/secureCodeBox/secureCodeBox diff --git a/scanners/trivy/README.md b/scanners/trivy/README.md index f49a162d..c0bb49a2 100644 --- a/scanners/trivy/README.md +++ b/scanners/trivy/README.md @@ -1,6 +1,6 @@ --- title: "Trivy" -path: "scanner/Trivy" +path: "scanners/trivy" category: "scanner" usecase: "Containers Vulnerability Scanner" --- @@ -16,21 +16,22 @@ To learn more about the Trivy scanner itself visit or [Trivy GitHub]. ## Deployment -The Trivy scanType can be deployed via helm. +The Trivy scanType can be deployed via helm: ```bash -helm upgrade --install trivy ./scanner/trivy/ +helm upgrade --install trivy ./scanners/trivy/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *juice-shop* [scan](./examples/juice-shop/scan.yaml) and [findings](./examples/juice-shop/findings.yaml) * Example *mediawiki* [scan](./examples/mediawikip/scan.yaml) and [findings](./examples/mediawiki/findings.yaml) ## Configuration -The follwing security scan configuration example are based on the [Trivy Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the [Trivy Documentation], please take a look at the original documentation for more configuration examples. * Filter the vulnerabilities by severities `trivy image --severity HIGH,CRITICAL ruby:2.4.0` * Filter the vulnerabilities by type (`os` or `library`) `trivy image --vuln-type os ruby:2.4.0` @@ -40,6 +41,7 @@ The follwing security scan configuration example are based on the [Trivy Documen ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -49,7 +51,7 @@ The follwing security scan configuration example are based on the [Trivy Documen 1. Install the dependencies `npm install` 2. Update the parser function here: `./parser/parser.js` 3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` +4. Run the test suite: `npm test` [Trivy GitHub]: https://github.com/aquasecurity/trivy -[Trivy Documentation]: https://github.com/aquasecurity/trivy#examples \ No newline at end of file +[Trivy Documentation]: https://github.com/aquasecurity/trivy#examples diff --git a/scanners/wpscan/Chart.yaml b/scanners/wpscan/Chart.yaml index ce785e7b..7f780597 100644 --- a/scanners/wpscan/Chart.yaml +++ b/scanners/wpscan/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: wpscan -description: A Helm chart for the WordPress security Scanner that integrates with the secureCodeBox. +description: A Helm chart for the WordPress security scanner that integrates with the secureCodeBox. type: application version: 0.1.0 @@ -12,8 +12,8 @@ keywords: - wordpress - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/WPScan -icon: https://www.securecodebox.io/integrationIcons/WPScan.svg +home: https://www.securecodebox.io/scanners/wpscan +icon: https://www.securecodebox.io/scannerIcons/WPScan.svg sources: - https://github.com/secureCodeBox/scanner-infrastructure-wpscan maintainers: diff --git a/scanners/wpscan/README.md b/scanners/wpscan/README.md index 95771a2c..419d4903 100644 --- a/scanners/wpscan/README.md +++ b/scanners/wpscan/README.md @@ -1,6 +1,6 @@ --- title: 'WPScan' -path: 'scanner/WPScan' +path: 'scanners/wpscan' category: 'scanner' usecase: 'Wordpress Vulnerability Scanner' --- @@ -17,20 +17,21 @@ To learn more about the WPScan scanner itself visit [wpscan.org] or [wpscan.io]. ## Deployment -The WPScan scanType can be deployed via helm. +The WPScan scanType can be deployed via helm: ```bash -helm upgrade --install wpscan ./scanner/wpscan/ +helm upgrade --install wpscan ./scanners/wpscan/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *example.com* [scan](./examples/secureCodeBox.io/scan.yaml) and [findings](./examples/secureCodeBox.io/findings.yaml) ## Configuration -The follwing security scan configuration example are based on the [WPScan Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the [WPScan Documentation], please take a look at the original documentation for more configuration examples. * Scan all plugins with known vulnerabilities: `wpscan --url example.com -e vp --plugins-detection mixed --api-token WPVULNDB_API_TOKEN` * Scan all plugins in our database (could take a very long time): `wpscan --url example.com -e ap --plugins-detection mixed --api-token WPVULNDB_API_TOKEN` @@ -41,7 +42,8 @@ The follwing security scan configuration example are based on the [WPScan Docume * aggressive * mixed If you want the most results use the "mixed" mode. However, if you are worried that the server may not be able to handle a large number of requests, use the "passive" mode. The default mode is "mixed", with the exception of plugin enumeration, which is "passive". You will need to manually override the plugin detection mode, if you want to use anything other than the default, with the `--plugins-detection` option. -* WPScan can enumerate various things from a remote WordPress applcation, such as plugins, themes, usernames, backed up files wp-config.php files, Timthumb files, database exports and more. To use WPScan's enumeration capabilities supply the `-e `option. +* WPScan can enumerate various things from a remote WordPress application, such as plugins, themes, usernames, backed up files wp-config.php files, Timthumb files, database exports and more. To use WPScan's enumeration capabilities supply the `-e `option. + ```bash Available Choices: vp | Vulnerable plugins @@ -72,6 +74,7 @@ Incompatible choices (only one of each group/s can be used): ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -85,4 +88,4 @@ Incompatible choices (only one of each group/s can be used): [wpscan.io]: https://wpscan.io/ [wpscan.org]: https://wpscan.org/ -[WPScan Documentation]: https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation \ No newline at end of file +[WPScan Documentation]: https://github.com/wpscanteam/wpscan/wiki/WPScan-User-Documentation diff --git a/scanners/zap/Chart.yaml b/scanners/zap/Chart.yaml index dca67980..a7b43f75 100644 --- a/scanners/zap/Chart.yaml +++ b/scanners/zap/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: zap -description: A Helm chart for the OWASP ZAP security Scanner that integrates with the secureCodeBox. +description: A Helm chart for the OWASP ZAP security scanner that integrates with the secureCodeBox. type: application version: 0.1.0 @@ -12,8 +12,8 @@ keywords: - OWASP - scanner - secureCodeBox -home: https://www.securecodebox.io/scanner/Zap -icon: https://www.securecodebox.io/integrationIcons/ZAP.svg +home: https://www.securecodebox.io/scanners/zap +icon: https://www.securecodebox.io/scannerIcons/ZAP.svg sources: - https://github.com/secureCodeBox/secureCodeBox maintainers: diff --git a/scanners/zap/README.md b/scanners/zap/README.md index 398c68dc..8dd16a40 100644 --- a/scanners/zap/README.md +++ b/scanners/zap/README.md @@ -1,6 +1,6 @@ --- title: "ZAP" -path: "scanner/Zap" +path: "scanners/zap" category: "scanner" usecase: "Webapplication Vulnerability Scanner" --- @@ -15,21 +15,22 @@ To learn more about the ZAP scanner itself visit [OWASP_Zap_Project] or [zaproxy ## Deployment -The ZAP scanType can be deployed via helm. +The ZAP scanType can be deployed via helm: ```bash -helm upgrade --install zap ./scanner/zap/ +helm upgrade --install zap ./scanners/zap/ ``` ## Examples A set of examples can be found in the [examples](./examples) folder. + * Example *secureCodeBox.io* [scan](./examples/secureCodeBox.io/scan.yaml) and [findings](./examples/secureCodeBox.io/findings.yaml) * Example *example.com* [scan](./examples/example.com/scan.yaml) and [findings](./examples/example.com/findings.yaml) ## Configuration -The follwing security scan configuration example are based on the [ZAP Documentation], please take a look at the original documentation for more configuration examples. +The following security scan configuration example are based on the [ZAP Documentation], please take a look at the original documentation for more configuration examples. The command line interface can be used to easily run server scans: `-t www.example.com` @@ -49,7 +50,7 @@ Options: -a include the alpha passive scan rules as well -d show debug messages -P specify listen port - -D delay in seconds to wait for passive scanning + -D delay in seconds to wait for passive scanning -i default rules not in the config file to INFO -I do not return failure on warning -j use the Ajax spider in addition to the traditional one @@ -65,6 +66,7 @@ Options: ## Development ### Local setup + 1. Clone the repository `git clone git@github.com:secureCodeBox/secureCodeBox-v2-alpha.git` 2. Ensure you have node.js installed * On MacOs with brew package manager: `brew install node` @@ -74,7 +76,7 @@ Options: 1. Install the dependencies `npm install` 2. Update the parser function here: `./parser/parser.js` 3. Update the parser tests here: `./parser/parser.test.js` -4. Run the testsuite: `npm test` +4. Run the test suite: `npm test` [SSLyze GitHub]: https://github.com/nabla-c0d3/sslyze [SSLyze Documentation]: https://nabla-c0d3.github.io/sslyze/documentation/