To start all siwecos scanners on your local machine, install Docker and docker-compose,
clone this repo and run docker-compose up inside the repo's directory.
This repo is still under heavy development and at the moment not ready for use in production environments.
Start the SIWECOS base components via
docker-compose up
This command will start the SIWECOS Core-API, all scanners and a callback server. All components get a port mapping to the host system so one can either start a complete scan by sending a scan start request to the Core-API or a single scan by sending this request to one of the scanners.
The following components are included at the moment:
| Name | Port-Mapping |
|---|---|
| Callback Server | 3000 |
| SIWECOS Core-API | 8000 |
| INI-S Scanner | 8090 |
| HSHS-DOMXSS Scanner | 8091 |
| INFOLEAK Scanner | 8093 |
| PORT Scanner | 8094 |
| TLS Scanner | 8095 |
| VERSION Scanner | 8096 |
You can do a quick-scan for a bunch of domains with the running as follows:
- Fill the
domainList.txtwith one domain per line - Run the
scan-domains.shscript
The scan-domain.sh script allows different start parameters.
You can either run ALL tests by using the [SIWECOS Core-API] or run a specific scanner by its name: DOMXSS, HEADER, INFOLEAK, PORT, TLS, IMAP_TLS, IMAPS_TLS, POP3_TLS, POP3S_TLS, SMTP_TLS, SMTPS_TLS or VERSION
The Results will be saved in the data/scans.json file.
You can either open this file directly or check http://localhost:3000/scans.