Readme Improvements

README.md

@@ -35,6 +35,7 @@
       - [Local Scan Examples](#local-scan-examples)
       - [Public Scan Examples](#public-scan-examples)
       - [Then get the current State of the Scan by running:](#then-get-the-current-state-of-the-scan-by-running)
+      - [To delete a scan, use ```kubectl delete```, e.g. for localhost nmap scan:](#to-delete-a-scan-use-kubectl-delete-eg-for-localhost-nmap-scan)
     - [Access Services](#access-services)
   - [How does it work?](#how-does-it-work)
   - [Architecture](#architecture)
@@ -109,9 +110,10 @@ helm upgrade --install swagger-petstore ./demo-apps/swagger-petstore/
 Deploy secureCodeBox Hooks:
 
 ```bash
-helm upgrade --install aah ./hooks/update-field/
+helm upgrade --install ufh ./hooks/update-field/
 helm upgrade --install gwh ./hooks/generic-webhook/
 helm upgrade --install issh ./hooks/imperative-subsequent-scans/
+helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
 ```
 
 Persistence provider Elasticsearch:

hooks/declarative-subsequent-scans/README.md

@@ -0,0 +1,116 @@
+---
+title: "Cascading Scans"
+path: "hooks/declarative-subsequent-scans"
+category: "hook"
+type: "processing"
+state: "released"
+usecase: "Enables cascading Scans based declarative _CascadingRules_."
+---
+
+<!-- end -->
+
+## Deployment
+
+Installing the Cascading Scans hook will add a ReadOnly Hook to your namespace which looks for matching _CascadingRules_ in the namespace and start the according scans. 
+
+```bash
+helm upgrade --install dssh ./hooks/declarative-subsequent-scans/
+```
+
+### Verification
+```bash
+kubectl get ScanCompletionHooks
+NAME   TYPE       IMAGE
+dssh   ReadOnly   docker.io/scbexperimental/hook-declarative-subsequent-scans:latest
+```
+
+## CascadingScan Rules
+The CascadingRules are included directly in each helm chart of the individual scanners. 
+
+```bash
+# Check your CascadingRules
+kubectl get CascadingRules
+NAME             STARTS         INVASIVENESS   INTENSIVENESS
+https-tls-scan   sslyze         non-invasive   light
+imaps-tls-scan   sslyze         non-invasive   light
+nikto-http       nikto          non-invasive   medium
+nmap-smb         nmap           non-invasive   light
+pop3s-tls-scan   sslyze         non-invasive   light
+smtps-tls-scan   sslyze         non-invasive   light
+ssh-scan         ssh-scan       non-invasive   light
+zap-http         zap-baseline   non-invasive   medium
+```
+
+## Starting a cascading Scan
+When you start a normal Scan, no CascadingRule will be applied. To use a _CascadingRule_ the scan must be marked to allow cascading rules.
+This is implemented using kubernetes label selectors, meaning that scans mark the classes of scans which are allowed to be cascaded by the current one.
+
+### Example
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "example.com"
+spec:
+  scanType: nmap
+  parameters:
+    - -p22,80,443
+    - example.com
+  cascades:
+    matchLabels:
+      securecodebox.io/intensive: light
+EOF
+```
+
+This Scan will used all CascadingRules which are labeled with a "light" intensity.
+You can lookup which CascadingRules this selects by running:
+
+```bash
+kubectl get CascadingRules -l "securecodebox.io/intensive=light"
+NAME             STARTS     INVASIVENESS   INTENSIVENESS
+https-tls-scan   sslyze     non-invasive   light
+imaps-tls-scan   sslyze     non-invasive   light
+nmap-smb         nmap       non-invasive   light
+pop3s-tls-scan   sslyze     non-invasive   light
+smtps-tls-scan   sslyze     non-invasive   light
+ssh-scan         ssh-scan   non-invasive   light
+```
+
+The label selectors also allow the more powerful matchExpression selectors:
+
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: "execution.experimental.securecodebox.io/v1"
+kind: Scan
+metadata:
+  name: "example.com"
+spec:
+  scanType: nmap
+  parameters:
+    - -p22,80,443
+    - example.com
+  cascades:
+    # Using matchExpression instead of matchLabels
+    matchExpression:
+      key: "securecodebox.io/intensive"
+      operator: In
+      # This select both light and medium intensity rules
+      values: [light, medium]
+EOF
+```
+
+This selection can be replicated in kubectl using:
+
+```bash
+kubectl get CascadingRules -l "securecodebox.io/intensive in (light,medium)"
+NAME             STARTS         INVASIVENESS   INTENSIVENESS
+https-tls-scan   sslyze         non-invasive   light
+imaps-tls-scan   sslyze         non-invasive   light
+nikto-http       nikto          non-invasive   medium
+nmap-smb         nmap           non-invasive   light
+pop3s-tls-scan   sslyze         non-invasive   light
+smtps-tls-scan   sslyze         non-invasive   light
+ssh-scan         ssh-scan       non-invasive   light
+zap-http         zap-baseline   non-invasive   medium
+```

hooks/generic-webhook/README.md

@@ -0,0 +1,18 @@
+---
+title: "Generic WebHook"
+path: "hooks/generic-webhook"
+category: "hook"
+type: "integration"
+state: "released"
+usecase: "Publishes Scan Findings as WebHook."
+---
+
+<!-- end -->
+
+## Deployment
+
+Installing the Generic WebHook hook will add a ReadOnly Hook to your namespace. 
+
+```bash
+helm upgrade --install gwh ./hooks/generic-webhook/ --set webhookUrl="http://example.com/my/webhook/target"
+```

hooks/imperative-subsequent-scans/values.yaml

@@ -6,15 +6,15 @@ cascade:
   # Cascade nmap scans for each subdomain found by amass
   amassNmap: true
   # Cascade nmap SMB scans for each SMB Port found by nmap
-  nmapSmb: true
+  nmapSmb: false
   # Cascade SSH scans for each SSH Port found by nmap
   nmapSsh: true
   # Cascade SSL scans for each HTTP Port found by nmap
   nmapSsl: true
   # Cascade Nikto scans for each HTTP Port found by nmap
-  nmapNikto: true
+  nmapNikto: false
   # Cascade ZAP scans for each HTTP Port found by nmap
-  nmapZapBaseline: true
+  nmapZapBaseline: false
 
 image:
   registry: docker.io

hooks/persistence-elastic/README.md

@@ -0,0 +1,55 @@
+---
+title: "Elasticsearch"
+path: "hooks/persistence-elastic"
+category: "hook"
+type: "persistenceProvider"
+state: "released"
+usecase: "Publishes all Scan Findings to elasticsearch (ECK)."
+---
+
+<!-- end -->
+
+## About
+The ElasticSearch persistenceProvider hook saves all findings and reports into the configured ElasticSearch index. This allows for some easy searching and visualization of the findings. To learn more about Elasticsearch visit elastic.io.
+
+## Deployment
+
+Installing the Elasticsearch persistenceProvider hook will add a _ReadOnly Hook_ to your namespace. 
+
+```bash
+helm upgrade --install elkh ./hooks/persistence-elastic/
+```
+
+## Configuration
+see values.yaml
+
+```yaml
+# Define a specific index prefix
+indexPrefix: "scbv2"
+
+# Enable this when you already have an Elastic Stack running to which you want to send your results
+externalElasticStack:
+  enabled: false
+  elasticsearchAddress: "https://elasticsearch.example.com"
+  kibanaAddress: "https://kibana.example.com"
+
+# Configure authentication schema and credentials the persistence provider should use to connect to elasticsearch
+# user and apikey are mutually exclusive, only set one!
+authentication:
+  # Link a pre-existing generic secret with `username` and `password` key / value pairs
+  userSecret: null
+  # Link a pre-existing generic secret with `id` and `key` key / value pairs
+  apiKeySecret: null
+
+# Configures included Elasticsearch subchart
+elasticsearch:
+  enabled: true
+  replicas: 1
+  minimumMasterNodes: 1
+  # image: docker.elastic.co/elasticsearch/elasticsearch-oss
+
+# Configures included Elasticsearch subchart
+kibana:
+  enabled: true
+  # image: docker.elastic.co/kibana/kibana-oss
+```

hooks/persistence-elastic/values.yaml

@@ -8,6 +8,7 @@ image:
   tag: latest
   digest: null
 
+# Define a specific index prefix
 indexPrefix: "scbv2"
 
 # Enable this when you already have an Elastic Stack running to which you want to send your results

hooks/update-field/README.md

@@ -0,0 +1,18 @@
+---
+title: "Generic WebHook"
+path: "hooks/udapte-field"
+category: "hook"
+type: "dataProcessing"
+state: "released"
+usecase: "Updates fields in finding results."
+---
+
+<!-- end -->
+
+## Deployment
+
+Installing the _Update Field_ hook will add a ReadOnly Hook to your namespace. 
+
+```bash
+helm upgrade --install ufh ./hooks/update-field/ --set attribute.name="category" --set attribute.value="my-own-category"
+```

scanners/amass/README.md

@@ -2,6 +2,9 @@
 title: "Amass"
 path: "scanners/amass"
 category: "scanner"
+type: "Network"
+state: "released"
+appVersion: 3.7.2
 usecase: "Subdomain Enumeration Scanner"
 ---
 

scanners/kube-hunter/README.md

@@ -2,6 +2,9 @@
 title: "kube-hunter"
 path: "scanners/kube-hunter"
 category: "scanner"
+type: "Kubernetes"
+state: "released"
+appVersion: 0.3.1
 usecase: "Kubernetes Vulnerability Scanner"
 ---
 

scanners/nikto/README.md

@@ -2,6 +2,9 @@
 title: "Nikto"
 path: "scanners/nikto"
 category: "scanner"
+type: "Webserver"
+state: "released"
+appVersion: 2.1.6
 usecase: "Webserver Vulnerability Scanner"
 ---
 

scanners/nmap/README.md

@@ -2,6 +2,9 @@
 title: "Nmap"
 path: "scanners/nmap"
 category: "scanner"
+type: "Network"
+state: "released"
+appVersion: 7.80
 usecase: "Network Scanner"
 ---
 

scanners/ssh_scan/README.md

@@ -2,10 +2,12 @@
 title: "SSH"
 path: "scanners/ssh"
 category: "scanner"
+type: "SSH"
+state: "released"
+appVersion: 0.0.43
 usecase: "SSH Configuration and Policy Scanner"
-release: "https://img.shields.io/github/release/secureCodeBox/scanner-infrastructure-ssh.svg"
-
 ---
+
 SSH_scan is an easy-to-use prototype SSH configuration and policy scanner, inspired by Mozilla OpenSSH Security Guide, which provides a reasonable baseline policy recommendation for SSH configuration parameters such as Ciphers, MACs, and KexAlgos and much more.
 
 To learn more about the ssh_scan scanner itself visit [ssh_scan GitHub].

scanners/sslyze/README.md

@@ -2,6 +2,9 @@
 title: "SSLyze"
 path: "scanners/sslyze"
 category: "scanner"
+type: "SSL"
+state: "released"
+appVersion: 3.0.8
 usecase: "SSL/TLS Configuration Scanner"
 ---
 

scanners/trivy/README.md

@@ -2,7 +2,10 @@
 title: "Trivy"
 path: "scanners/trivy"
 category: "scanner"
-usecase: "Containers Vulnerability Scanner"
+type: "Container"
+state: "released"
+appVersion: 0.10.1
+usecase: "Container Vulnerability Scanner"
 ---
 
 `Trivy` (`tri` pronounced like **tri**gger, `vy` pronounced like en**vy**) is a simple and comprehensive vulnerability scanner for containers and other artifacts.

scanners/wpscan/README.md

@@ -2,6 +2,9 @@
 title: 'WPScan'
 path: 'scanners/wpscan'
 category: 'scanner'
+type: "CMS"
+state: "released"
+appVersion: 3.8.5
 usecase: 'Wordpress Vulnerability Scanner'
 ---
 

scanners/zap/README.md

@@ -2,6 +2,9 @@
 title: "ZAP"
 path: "scanners/zap"
 category: "scanner"
+type: "WebApplication"
+state: "released"
+appVersion: 2.9.0
 usecase: "Webapplication Vulnerability Scanner"
 ---