securecodebox/scanner-nmap

Sponsored OSS

By OWASP

Updated 8 days ago

Image
Networking
Security
Integration & delivery
0

50K+

securecodebox/scanner-nmap repository overview

License Apache-2.0 GitHub release (latest SemVer) OWASP Lab Project Artifact HUB GitHub Repo stars Mastodon Follower

What is OWASP secureCodeBox?

secureCodeBox Logo

OWASP secureCodeBox is an automated and scalable open source solution that can be used to integrate various security vulnerability scanners with a simple and lightweight interface. The secureCodeBox mission is to support DevSecOps Teams to make it easy to automate security vulnerability testing in different scenarios.

With the secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.

The secureCodeBox project is running on Kubernetes. To install it you need Helm, a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.

Quickstart with secureCodeBox on Kubernetes

You can find resources to help you get started on our documentation website including instruction on how to install the secureCodeBox project and guides to help you run your first scans with it.

Supported Tags

  • latest (represents the latest stable release build)
  • tagged releases, e.g. 7.99-r0

How to use this image

This scanner image is intended to work in combination with the corresponding parser image to parse the scanner findings to generic secureCodeBox results. For more information details please take a look at the project page or [documentation page][https://www.securecodebox.io/docs/scanners/Nmap].

docker pull securecodebox/scanner-nmap

What is NMAP?

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

To learn more about the Nmap scanner itself visit nmap.org.

NSE scripts

Currently, the secureCodeBox Nmap parser supports the smb-protocols, ftp-anon, and ftp-banner script with compatibility for hostrules and portrules. If you want custom scripts to be parsed by secureCodeBox, you may contribute your script parser in parser/parser.js under const scriptParser

const scriptParser = {
  "ftp-anon": parseFtpAnon,
  "banner": parseBanner,
  "smb-protocols": parseSmbProtocols,
  [...] // Contributed custom parsers
}

Scripts without an existing parser will only generate an open port finding. Scripts with parsers will add a script output finding.

Scanner Configuration

The Nmap scan targets are specified as the last parameter. The target should be a hostname, an IP address or an IP range. See Nmap Docs for details.

Additional Nmap scan features can be configured via the parameter attribute. For a detailed explanation to which parameters are available refer to the Nmap Reference Guide. All parameters are supported, but be careful with parameters that require root level rights, as these require additional configuration on the ScanType to be supported.

Some useful example parameters listed below:

  • -p xx: Scan ports of the target. Replace xx with a single port number or a range of ports.
  • -PS, -PA, -PU xx: Replace xx with the ports to scan. TCP SYN/ACK or UDP discovery.
  • -sV: Determine service and version info.
  • -O: Determine OS info. Note: This requires that Nmap is run as root, or that the user has the system capabilities to be extended to allow Nmap to send raw sockets. See more information on how to deploy the secureCodeBox nmap container to allow this and the nmap docs about privileged scans
  • -A: Determine service/version and OS info.
  • -script xx: Replace xx with the script name. Start the scan with the given script.
  • --script xx: Replace xx with a coma-separated list of scripts. Start the scan with the given scripts.

Community

You are welcome, please join us on... 👋

secureCodeBox is an official OWASP project.

License

License

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

Tag summary

Content type

Image

Digest

sha256:00a851c7c

Size

11.2 MB

Last updated

8 days ago

docker pull securecodebox/scanner-nmap:sha-5f6bcc8

This week's pulls

Pulls:

1,463

Jun 29 to Jul 5