Skip to content
This repository was archived by the owner on Oct 14, 2020. It is now read-only.

Commit 35f77b4

Browse files
rfelberrfelber
committed
Improved the imperative-subsequent-scans hook (if you scan a huge range of services and ports) to prevent duplicate subsequent names if multiple ports per host serves the same service type.
1 parent fcb4a6b commit 35f77b4

File tree

2 files changed

+17
-17
lines changed

2 files changed

+17
-17
lines changed

hooks/imperative-subsequent-scans/hook.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,7 @@ async function startZAPBaselineHttpsScan({ parentScan, hostname, port }) {
192192
);
193193
await startSubsequentSecureCodeBoxScan({
194194
parentScan,
195-
name: `zap-https-${hostname.toLowerCase()}`,
195+
name: `zap-${port}-${hostname.toLowerCase()}`,
196196
scanType: "zap-baseline",
197197
parameters: ["-t", "https://" + hostname + ":" + port],
198198
});
@@ -218,7 +218,7 @@ async function startSSHScan({ parentScan, hostname, port }) {
218218
);
219219
await startSubsequentSecureCodeBoxScan({
220220
parentScan,
221-
name: `ssh-${hostname.toLowerCase()}`,
221+
name: `ssh-${port}-${hostname.toLowerCase()}`,
222222
scanType: "ssh-scan",
223223
parameters: ["-t", hostname, "-p", port.toString()],
224224
});
@@ -245,7 +245,7 @@ async function startNiktoHttpScan({ parentScan, hostname, port }) {
245245
);
246246
await startSubsequentSecureCodeBoxScan({
247247
parentScan,
248-
name: `nikto-http-${hostname.toLowerCase()}`,
248+
name: `nikto-${port}-${hostname.toLowerCase()}`,
249249
scanType: "nikto",
250250
parameters: ["-h", "http://" + hostname, "-p", port.toString(), "-Tuning", "1,2,3,5,7,b"],
251251
});
@@ -272,7 +272,7 @@ async function startSSLyzeScan({ parentScan, hostname, port }) {
272272
);
273273
await startSubsequentSecureCodeBoxScan({
274274
parentScan,
275-
name: `sslyze-${hostname.toLowerCase()}`,
275+
name: `sslyze-${port}-${hostname.toLowerCase()}`,
276276
scanType: "sslyze",
277277
parameters: ["--regular", hostname+":"+port],
278278
});

hooks/imperative-subsequent-scans/hook.test.js

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -58,26 +58,26 @@ test("Should create subsequent scans for open HTTPS ports (NMAP findings)", asyn
5858
expect(startSubsequentSecureCodeBoxScan).toHaveBeenCalledTimes(4);
5959

6060
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(1, {
61-
name: "sslyze-foobar.com",
61+
name: "sslyze-443-foobar.com",
6262
parameters: ["--regular", "foobar.com:443"],
6363
parentScan: { metadata: { labels: { foo: "bar" } } },
6464
scanType: "sslyze",
6565
});
6666
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(2, {
67-
name: "zap-https-foobar.com",
67+
name: "zap-443-foobar.com",
6868
parameters: ["-t", "https://foobar.com:443"],
6969
parentScan: { metadata: { labels: { foo: "bar" } } },
7070
scanType: "zap-baseline",
7171
});
7272
// even if the HTTPS port is not running at port 443 a corresponding Sslyze scan should be created if a HTTP service is found by nmap
7373
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(3, {
74-
name: "sslyze-example.com",
74+
name: "sslyze-8443-example.com",
7575
parameters: ["--regular", "example.com:8443"],
7676
parentScan: { metadata: { labels: { foo: "bar" } } },
7777
scanType: "sslyze",
7878
});
7979
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(4, {
80-
name: "zap-https-example.com",
80+
name: "zap-8443-example.com",
8181
parameters: ["-t", "https://example.com:8443"],
8282
parentScan: { metadata: { labels: { foo: "bar" } } },
8383
scanType: "zap-baseline",
@@ -139,14 +139,14 @@ test("Should create subsequent scans for open HTTP ports (NMAP findings)", async
139139
expect(startSubsequentSecureCodeBoxScan).toHaveBeenCalledTimes(6);
140140

141141
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(5, {
142-
name: "nikto-http-foobar.com",
142+
name: "nikto-80-foobar.com",
143143
parameters: ["-h", "http://foobar.com", "-p", "80", "-Tuning", "1,2,3,5,7,b"],
144144
parentScan: { metadata: { labels: { foo: "bar" } } },
145145
scanType: "nikto",
146146
});
147147
// even if the HTTP port is not running at port 80 a corresponding Nikto scan should be created if a HTTP service is found by nmap
148148
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(6, {
149-
name: "nikto-http-example.com",
149+
name: "nikto-3000-example.com",
150150
parameters: ["-h", "http://example.com", "-p", "3000", "-Tuning", "1,2,3,5,7,b"],
151151
parentScan: { metadata: { labels: { foo: "bar" } } },
152152
scanType: "nikto",
@@ -208,14 +208,14 @@ test("Should create subsequent scans for open SSH ports (NMAP findings)", async
208208
expect(startSubsequentSecureCodeBoxScan).toHaveBeenCalledTimes(8);
209209

210210
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(7, {
211-
name: "ssh-foobar.com",
211+
name: "ssh-22-foobar.com",
212212
parameters: ["-t", "foobar.com", "-p", "22"],
213213
parentScan: { metadata: { labels: { foo: "bar" } } },
214214
scanType: "ssh-scan",
215215
});
216216
// even if the HTTP port is not running at port 80 a corresponding Nikto scan should be created if a HTTP service is found by nmap
217217
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(8, {
218-
name: "ssh-example.com",
218+
name: "ssh-23454-example.com",
219219
parameters: ["-t", "example.com", "-p", "23454"],
220220
parentScan: { metadata: { labels: { foo: "bar" } } },
221221
scanType: "ssh-scan",
@@ -658,31 +658,31 @@ test("Should create subsequent scans for Service which are running in custom por
658658
expect(startSubsequentSecureCodeBoxScan).toHaveBeenCalledTimes(18);
659659

660660
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(13, {
661-
name: "ssh-ssh.example.com",
661+
name: "ssh-22000-ssh.example.com",
662662
parameters: ["-t", "ssh.example.com", "-p", "22000"],
663663
parentScan: { metadata: { labels: { foo: "bar" } } },
664664
scanType: "ssh-scan",
665665
});
666666
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(14, {
667-
name: "nikto-http-http.example.com",
667+
name: "nikto-8000-http.example.com",
668668
parameters: ["-h", "http://http.example.com", "-p", "8000", "-Tuning", "1,2,3,5,7,b"],
669669
parentScan: { metadata: { labels: { foo: "bar" } } },
670670
scanType: "nikto",
671671
});
672672
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(15, {
673-
name: "sslyze-https.example.com",
673+
name: "sslyze-3000-https.example.com",
674674
parameters: ["--regular", "https.example.com:3000"],
675675
parentScan: { metadata: { labels: { foo: "bar" } } },
676676
scanType: "sslyze",
677677
});
678678
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(16, {
679-
name: "zap-https-https.example.com",
679+
name: "zap-3000-https.example.com",
680680
parameters: ["-t", "https://https.example.com:3000"],
681681
parentScan: { metadata: { labels: { foo: "bar" } } },
682682
scanType: "zap-baseline",
683683
});
684684
expect(startSubsequentSecureCodeBoxScan).toHaveBeenNthCalledWith(17, {
685-
name: "sslyze-ssl.example.com",
685+
name: "sslyze-8443-ssl.example.com",
686686
parameters: ["--regular", "ssl.example.com:8443"],
687687
parentScan: { metadata: { labels: { foo: "bar" } } },
688688
scanType: "sslyze",

0 commit comments

Comments
 (0)