Comments (5)
I get same even when I provide valid scanid (marked as successfull) using the swagger-ui.html
from securecodebox.
I found the issue, but before applying the fix, why does cli submit HOST without protocol?
from securecodebox.
Hi @wheelq
thanks for your hint and question. We have tried to implement the CLI in a more generic way, so that's easy to use and start some securityTests.
For example (short version)
./run_scanner.sh zap https://some.system/somepath
./run_scanner.sh nmap some.system
The CLI script the tries to identify if the "target parameter" contains a protocol, a port or just an IP and uses this informations separately to configure the different security scanner. ZAP for example needs an URL as target parameter, Nikto needs an hostname and port...
In which case is the protocol missing, can you explain your usecase or CLI call a bit?
from securecodebox.
Thanks @rseedorff
zap.template.json looks like this:
After issuing scan (like in the first post), run_scanner.sh does the following:
HOST_PORT=
echo ${TARGET} | sed 's!^https?://!!g' | sed 's!/.$!!g' # hostname including user-provided port
HOST=
echo ${HOST_PORT} | sed 's!:.$!!g' # hostname only
So HOST becomes just the hostname, without the http(s)://
And this, when passed to the scanner, fails with error 500. After I modified the run_scanner.sh and swapped HOST with TARGET, scans are running fine.
from securecodebox.
Closed due to inactivity
from securecodebox.
Related Issues (20)
- Nikto: occasionally failing scanner results in invalid json file HOT 9
- π Recurring documentation issue HOT 2
- Prefix Environment Variables to Prevent Name Clashes
- Why only /documentation configured for npm in Dependabot? HOT 4
- Migrate to new Nikto JSON Format HOT 2
- Allow warnings in the ZAP Automation Framework HOT 3
- Do we need the Dependabot config at all? HOT 1
- Add a Page Which List Links to Publications About SCB
- Remove Twitter
- Long scans fail on ExpiredToken when using AWS-IRSA HOT 2
- How to Pass Annotations to Pods HOT 4
- Expose liveness & readiness probe parameters in the helm chart HOT 2
- API Reference site Not Found HOT 1
- "Failed to attach findings to engagement" error when sending trivy k8s scan results to DefectDojo HOT 4
- "NullPointerException" error when sending kubeaudit scan results to DefectDojo HOT 3
- securecodebox-operator-minio keeps crashing on ARM64 kubernetes cluster HOT 2
- Support Google Cloud Storage as an object storage HOT 2
- "product with this name already exists." error when sending trivy image scan results to DefectDojo HOT 3
- Automatically "TrΓΆt" on Mastodon for new Releases
- Admonition in Hooks How-To Broken
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securecodebox.