Public | Automated Build

Last pushed: 4 months ago
Short Description
Provide an Image exposing some web app scan in order to use the image as command line tools.
Full Description

Objective

Docker build file providing an image exposing some web app scan in order to use the image as command line tools.

Motivation

Final goal is to use the docker image in order to integrate security web application security scanners into a Continuous Integration Platform.

Note

ZAP has been removed because the project already propose a really good Docker image with CI/CD integration.

Image

Location

A automated build has been defined on Docker forge in order to build and push image in Docker Hub repository

The docker image name is righettod/docker-webappsecscanbox.

Run command example

Call syntax:

docker run -v /tmp/scan_result:/tmp/scan_result:rw righettod/webappsecscanbox [SCANNER_ID] [SCANNER_ARGS]

Note:
-v argument is used to map folder between host and container in order to obtains a location in which results will be wrote by the used scanner.

Command to display help:

docker run -v /tmp/scan_result:/tmp/scan_result:rw righettod/webappsecscanbox

Command to scan using Arachni:

docker run -v /tmp/scan_result:/tmp/scan_result:rw righettod/webappsecscanbox ARS http://webgoat:80 --report-save-path=/tmp/scan_result/scan_result.afr --check=xss
docker run -v /tmp/scan_result:/tmp/scan_result:rw righettod/webappsecscanbox ARR /tmp/scan_result/scan_result.afr --report=html:outfile=/tmp/scan_result.zip

Command to scan using Nikto:

docker run -v /tmp/scan_result:/tmp/scan_result:rw righettod/webappsecscanbox NIK -host http://webgoat:80 -F htm -output /tmp/scan_result/nikto-scan.html

Command to perform a TLS scan using TestSSL:

docker run -v /tmp/scan_result:/tmp/scan_result:rw righettod/webappsecscanbox TLS https://www.mysite.com

Command to perform command execution through Bash and directly, for example to change access rights on generated reports:

docker run -v /tmp/scan_result:/tmp/scan_result:rw righettod/webappsecscanbox BSH test.sh
docker run -v /tmp/scan_result:/tmp/scan_result:rw righettod/webappsecscanbox EXC chmod 755 /tmp/scan_result/nikto-scan.html
Docker Pull Command
Owner
righettod

Comments (0)