securityscanner

module

v0.0.0-...-5bc0ea5 Latest Latest Go to latest Published: Sep 21, 2017 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/greywizard/securityscanner

Links

Open Source Insights

README ¶

Security Scanner by Grey Wizard

Security Scanner checks the website for XSS, SQL Injection, blacklisting status, configuration and out-of-date software. Following the guidelines contained in the report will significantly increase the security of your site and protect against DDoS attacks. Scanner is a free & usually safe for tested webpage.

With plugin based structure can be easy upgraded with other rules and checks.

Configuration
Plugin dependencies
Run as JSON RPC Server
Running simple plugin
Plugins
Building in docker

Configuration

Scanner is requiring the config file in config/config.json path.

Config file can be overriden with -config=/full/path/to/config.json flag

Check the README file for example config

To check if all required fields dependent by plugins are set in configuration:

make check-configuration

Plugin dependencies

To check if all required dependencies (like geoip databases, docker images) are installed run:

make check-dependencies

Run as JSON RPC Server:

Run:

go run cmd/scannerServer.go

example of request:

http -p=Hh -jv localhost:1234/ method=ScannerService.All params:='[{"Domain": "example.com", "Lang": "en"}]' id=$RANDOM jsonrpc=2.0

or

curl --data-binary '{"jsonrpc":"2.0","id":"curltext","method":"ScannerService.All","params":[{"Domain": "example.com", "Lang": "en", "Nocache": true}]}' -H 'Content-Type:application/json;' http://127.0.0.1:1234

Running simple plugin:

Check cmd/scanner.go source code

Running tests:

make test run all unit tests

make test-xml run tests with xUnit output

make test-coverage calculate tests coverage

Plugins

Go to README for more info

Build

To build using go installed in OS run:

make build

Output goes to bin/ directory

Building in docker

To build program using docker image (based on https://hub.docker.com/_/golang/) use:

cd docker
docker build -t golang:1.8.1-securityscanner .
cd ..
docker run --rm -v "$PWD":/usr/local/go/src/github.com/greywizard/securityscanner -w /usr/local/go/src/github.com/greywizard/securityscanner golang:1.8.1-securityscanner go build -v cmd/scannerServer.go

Directories ¶

Path	Synopsis
cmd
securityscanner Package securityscanner checks the website for XSS, SQL Injection, blacklisting status, configuration and out-of-date software.	Package securityscanner checks the website for XSS, SQL Injection, blacklisting status, configuration and out-of-date software.
logger Package logger override logrus and set configuration paths	Package logger override logrus and set configuration paths
plugins
plugins/blacklist
plugins/files
plugins/headers
plugins/https
plugins/ip
plugins/pagespeed
plugins/ports
plugins/waf
plugins/wappalyzer
translate

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL