securecodebox/scanner-amass

Sponsored OSS

By OWASP

Updated about 1 year ago

Image
Networking
Security
Integration & delivery
0

7.1K

securecodebox/scanner-amass repository overview

License Apache-2.0 GitHub release (latest SemVer) OWASP Lab Project Artifact HUB GitHub Repo stars Mastodon Follower

What is OWASP secureCodeBox?

secureCodeBox Logo

OWASP secureCodeBox is an automated and scalable open source solution that can be used to integrate various security vulnerability scanners with a simple and lightweight interface. The secureCodeBox mission is to support DevSecOps Teams to make it easy to automate security vulnerability testing in different scenarios.

With the secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.

The secureCodeBox project is running on Kubernetes. To install it you need Helm, a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.

Quickstart with secureCodeBox on Kubernetes

You can find resources to help you get started on our documentation website including instruction on how to install the secureCodeBox project and guides to help you run your first scans with it.

Notice

This image is a workaround for the official Amass docker image, older amass versions are regularly removed from the official docker registry, this is often breaks our builds. To prevent this we create a new image based on the official one and push it to our docker registry. Copyright 2017 Jeff Foley. All rights reserved.

Supported Tags

  • latest (represents the latest stable release build)
  • tagged releases, e.g. 3.0.0, 2.9.0, 2.8.0, 2.7.0

How to use this image

This scanner image is intended to work in combination with the corresponding parser image to parse the scanner findings to generic secureCodeBox results. For more information details please take a look at the project page or [documentation page][https://www.securecodebox.io/docs/scanners/Amass].

docker pull securecodebox/scanner-amass

What is OWASP Amass?

:::caution Amass currently has a known issue where the enumeration sometimes does not exit correctly and keeps running indefinitely. This is why we recommend using the option -timeout MINUTES mitigate the issue. The scan will then exit after the specified amount of minutes, and the findings should be correctly parsed.
:::

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. To learn more about the Amass scanner itself visit OWASP Amass Project or Amass GitHub.

Scanner Configuration

The following security scan configuration example are based on the Amass User Guide, please take a look at the original documentation for more configuration examples.

  • The most basic use of the tool for subdomain enumeration: amass enum -d example.com
  • Typical parameters for DNS enumeration: amass enum -v -brute -min-for-recursive 2 -d example.com

Special command line options:

  • Enable generation of altered names amass enum -alts -d example.com
  • Turn off recursive brute forcing amass enum -brute -norecursive -d example.com
  • Domain names separated by commas (can be used multiple times) amass enum -d example.com

Community

You are welcome, please join us on... 👋

secureCodeBox is an official OWASP project.

License

License

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

Tag summary

Content type

Image

Digest

sha256:555632b26

Size

30.2 MB

Last updated

about 1 year ago

docker pull securecodebox/scanner-amass:sha-287751e

This week's pulls

Pulls:

114

Jun 29 to Jul 5