You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a security analyst i would like to use the secureCodeBox to check my external attack surface. Especially CMS systems like Wordpress or Typo3 are common systems that may introduce new vulnerabilites on a regular basis.
Since the secureCodeBox already supports the Wordpress scanner WPScan it would be great to also add at least one Typo3 scanner. There are two candidates (referring to the blog post):
Intergration Tests against local vuln / outdated typo3 docker image
Cascading Rule to trigger when whatweb / nmap with service detection / nikto detects a typo3 instance to automatically start a typo3scan test against the identified instance.
🚓 New Scanner implementation request
Is your feature request related to a problem
As a security analyst i would like to use the secureCodeBox to check my external attack surface. Especially CMS systems like Wordpress or Typo3 are common systems that may introduce new vulnerabilites on a regular basis.
The BlogPost of @JavanXD https://javan.de/securing-typo3-cms-new-security-scanner/ also motivates this topic.
Describe the solution you'd like
Since the secureCodeBox already supports the Wordpress scanner WPScan it would be great to also add at least one Typo3 scanner. There are two candidates (referring to the blog post):
Describe alternatives you've considered
Additional context
Steps to implement a new scanner
Hint: A general guide how to implement a new SCB scanner is documented here
README.gotmpl
and give a brief overview of the scanner and its configuration options.scan-type.yaml
parse-definition.yaml
cascading-rules.yaml
like documented hereDockerfile
for the scanner if there is no existing one publicly available on dockerHubscan.yaml
andfinding.yaml
files in the example folderThe text was updated successfully, but these errors were encountered: