-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding snallygaster to scans #8
Comments
@security-companion first of all, thanks for the suggestion, sounds like an interesting addition! I quickly looked at the code and have a number of concerns, mainly from our previous experience with siwecos:
What do you think? |
Hi SniperSister,
|
Ah sorry, overlooked that one :) forget my remark.
That's my preferred solution, especially as I actually see a value for the upstream script too.
The current architecture wait's for all scan results before marking a scan as "complete" and adjusting this is non-trivial, as a scanner result is passed through various services until it reaches the end user. |
Related to the wait time I opened an issue on the snallygaster repo, see issue #69 I tested one of my sites that are on a hosted webspace and the scan took around 37 seconds. One scan consists of around 108 tests. All tests together make around 720 requests to the webserver. In default mode Snallygaster does all requests twice (one for http and one for https) so if only https-tests are done only 360 requests would be made. Edit: Per default the www version and the not-www version is checked, limiting the scan to one of them would additionally decrease request size (but increase risk of not seeing an issue by only scanning one of the 2). Example: |
If you input domain.tld as your scan target in SIWECOS, we'll try to scan https://domain.tld and fall back to http://domain.tld if https is not available. That would mean that indeed only one of the 4 domains that you mentioned in your example would be scanned, reducing the number of requests to approx. 180, right? |
If you only test https://domain.tld and not https://www.domain.tld then you only have 180 requests. |
Ok, 180 requests with 100ms throttle time and 200ms response time boils down to a minute of scanning time. Not great, but also not terrible. So, that should work |
I agree on that. What would be the next steps to integrate snallygaster (regarding implementation)? I saw that you have one repo for each sub-scan (eg. one for port scans). |
Yes, they run in parallel
The slowest scan is the CMS version scanner, that takes about 90s to complete
We need the throtteling opion in snallygaster, once that is added, we need piece of software implementing the SIWECOS Scanner API, that connects SIWECOS with snallygaster. |
Okay, thank you very much for the explanation. |
Hi, |
Hi,
I don't know if you have heard of snallygaster. It's a tool that allows detecting hidden but sensitive files.
see https://github.com/hannob/snallygaster
Might it be an option to add it to siwecos?
If you agree I could help with a pull request.
Greetings
The text was updated successfully, but these errors were encountered: