webscan

command module

v0.0.27 Latest Latest Go to latest Published: Oct 16, 2024 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Method-Security/webscan

Links

Open Source Insights

README ¶

webscan

webscan is designed as a simple, easy to use web application scanning tool that security teams can use to automate the collection of data about their web applications. Designed with data-modeling and data-integration needs in mind, webscan can be used on its own as an interactive CLI, orchestrated as part of a broader data pipeline, or leveraged from within the Method Platform.

The types of scans that webscan can conduct are constantly growing. For the most up to date listing, please see the documentation here

To learn more about webscan, please see the Documentation site for the most detailed information.

Quick Start

Get webscan

For the full list of available installation options, please see the Installation page. For convenience, here are some of the most commonly used options:

docker run methodsecurity/webscan
docker run ghcr.io/method-security/webscan
Download the latest binary from the Github Releases page
Installation documentation

Examples

webscan spider --targets https://example.com,https://example.dev

webscan vuln --severity INFO --tags swagger --tags fastapi --tags api --target example.com

Building a Statically Compiled Container for Local Testing

(Reference reusable-build.yaml)

Build ARM64 builder image: docker buildx build . --platform linux/arm64 --load --tag armbuilder -f Dockerfile.builder
Build ARM64 image: docker run -v .:/app/webscan -e GOARCH=arm64 -e GOOS=linux --rm armbuilder goreleaser build --single-target -f .goreleaser/goreleaser-build.yml --snapshot --clean
cp dist/linux_arm64/build-linux_linux_arm64/webscan .
docker buildx build . --platform linux/arm64 --load --tag webscan:local -f Dockerfile
Open shell: docker run -it --rm --entrypoint /bin/sh webscan:testing
OR run command without shell example: docker run webscan:local app enumerate graphql --target https://countries.trevorblades.com/ -o json

Note:

This tool runs on a headless-shell base image to support chrome/chromium browser automation. The dockerfile uses debian-based install tools.

Contributing

Interested in contributing to webscan? Please see our organization wide Contribution page.

Want More?

If you're looking for an easy way to tie webscan into your broader cybersecurity workflows, or want to leverage some autonomy to improve your overall security posture, you'll love the broader Method Platform.

For more information, visit us here

Community

webscan is a Method Security open source project.

Learn more about Method's open source source work by checking out our other projects here or our organization wide documentation here.

Have an idea for a Tool to contribute? Open a Discussion here.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd Package cmd implements the CobraCLI commands for the webscan CLI.	Package cmd implements the CobraCLI commands for the webscan CLI.
generated
go
go/client
go/core
go/option
internal
browserbase
capture
config Package config contains common configuration values that are used by the various commands and subcommands in the CLI.	Package config contains common configuration values that are used by the various commands and subcommands in the CLI.
fingerprint
fuzz Package fuzz holds the data structures and logic necessary to perform web application fuzzing for the `webscan fuzz` command	Package fuzz holds the data structures and logic necessary to perform web application fuzzing for the `webscan fuzz` command
graphql
grpc
requests
routecapture
spider Package spider implements the logic for the `webscan spider` command.	Package spider implements the logic for the `webscan spider` command.
swagger
vuln Package vuln is responsible for wrapping nuclei in order to manage the custom templates that are used within the webscan tool.	Package vuln is responsible for wrapping nuclei in order to manage the custom templates that are used within the webscan tool.
webserver Package webserver contains the logic and data structures necessary for the `webcan probe` command	Package webserver contains the logic and data structures necessary for the `webcan probe` command
webserver/type
webserver/type/apache/enumeration
webserver/type/apache/validation
webserver/type/general/enumeration
webserver/type/nginx/enumeration
webserver/type/nginx/validation

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL