securecodebox/scanner-typo3scan

Sponsored OSS

By OWASP

Updated about 1 year ago

Image
Security
Integration & delivery
Content management system
0

10K+

securecodebox/scanner-typo3scan repository overview

License Apache-2.0 GitHub release (latest SemVer) OWASP Lab Project Artifact HUB GitHub Repo stars Mastodon Follower

What is OWASP secureCodeBox?

secureCodeBox Logo

OWASP secureCodeBox is an automated and scalable open source solution that can be used to integrate various security vulnerability scanners with a simple and lightweight interface. The secureCodeBox mission is to support DevSecOps Teams to make it easy to automate security vulnerability testing in different scenarios.

With the secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.

The secureCodeBox project is running on Kubernetes. To install it you need Helm, a package manager for Kubernetes. It is also possible to start the different integrated security vulnerability scanners based on a docker infrastructure.

Quickstart with secureCodeBox on Kubernetes

You can find resources to help you get started on our documentation website including instruction on how to install the secureCodeBox project and guides to help you run your first scans with it.

Supported Tags

  • latest (represents the latest stable release build)
  • tagged releases, e.g. v1.2-final

How to use this image

This scanner image is intended to work in combination with the corresponding parser image to parse the scanner findings to generic secureCodeBox results. For more information details please take a look at the project page or [documentation page][https://www.securecodebox.io/docs/scanners/typo3scan].

docker pull securecodebox/scanner-typo3scan

What is Typo3Scan?

:::caution Deprecation Notice The typo3scan ScanType is being deprecated in the secureCodeBox since it will no longer be maintained as described in the GitHub repository. The scanner will be removed in the upcoming v5 release. :::

Typo3Scan is an open source penetration testing tool, that automates the process of detecting the Typo3 CMS version and its installed extensions. It also has a database with known vulnerabilities for core and extensions. The vulnerabilities corresponding to the version detected are presented as findings. To learn more about the Typo3Scan scanner itself, visit the Typo3Scan GitHub repository here.

Scanner Configuration

The Typo3Scan target is specified with the -d parameter. The target should be a url, hostname or an IP address. :::caution Please note that, the target url has to start with http:// or https:// when using a hostname or IP address as a target for the scan to work correctly. For example: http://localhost or https://123.45.67.890:80 :::

Additional Typo3Scan scan features can be configured via the parameter attribute.

Some useful example parameters listed below:

  • --vuln : Check for extensions with known vulnerabilities only.
  • --timeout TIMEOUT : Request Timeout. Default: 10 seconds
  • --auth USER:PASS: Username and Password for HTTP Basic Authorization.
  • --cookie NAME=VALUE: Can be used for authenticiation based on cookies.
  • --agent USER-AGENT: Set custom User-Agent for requests.
  • --threads THREADS: The number of threads to use for enumerating extensions. Default: 5
  • --json: Output results to json file
  • --force: Force enumeration
  • --no-interaction: Do not ask any interactive question

Community

You are welcome, please join us on... 👋

secureCodeBox is an official OWASP project.

License

License

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.

Tag summary

Content type

Image

Digest

sha256:ce33d275b

Size

24.7 MB

Last updated

about 1 year ago

docker pull securecodebox/scanner-typo3scan:sha-287751e

This week's pulls

Pulls:

77

Jun 29 to Jul 5