Running infrastructure tests
Last updated
Last updated
Important: Before running any scan ensure you have created a new product, where the scan results will be stored.
Specify the scan targets, frequency and set up a schedule if required.
Choose if hosts have to be pinged before scan the ports options. Ping is more actual for internal scans as it saves time when scanning large subnets.
ScanSuite supports several infrastructure scan types:
Vulnerability Scan includes scanners to be run against the set of IPs or hostnames to identify open ports, listening services and their vulnerabilities. The next scanners are currently supported for this scan type:
OpenVAS - an open source infrastructure vulnerability scanner. Should be installed separately, as described in Administration section.
Nuclei - another popular vulnerability scanner.
Nuclei (My Rules) - runs the rules maintained via "My Rules" menu.
Nessus Pro - connection setup is similar to OpenVAS and is described in Administration section of this manual.
Network Discovery is essentially the Nmap scan in hosts/ports discovery mode.
Local Linux Patching Checks - performs the local patch checks over SSH (TCP 22) using OVAL/CVE definitions from various vendors. Accepts hostnames, IPs, subnets and ranges.
The next OS are supported for patching checks:
Ubuntu 16.04 - 24.04
Red Hat 7 - 9
Debian 9 -12
Currently implemented via OpenVAS, which supports authentication with both username/password or username/SSH key pairs, and Vuls vulnerability scanner, which supports only username/SSH key pair.
Important: Ensure you have the respective credentials provided via Settings menu.
OpenVAS patching scan results are uploaded to Defect Dojo automatically.
Results of Vuls scanner patching checks are not uploaded to Defect Dojo, but saved in individual XLSX files for each host, available to download via the Report button.
Subdomain Enumeration discovers subdomains and active hosts for given domain names. The list of discovered subdomains will be accessible via the Report button once the scan is finished.
Expects the comma or new line separated list of domains to perform the enumeration against.
Once the enumeration is finished, discovered subdomains will be checked against Shodan knowledge base. Check the respective XLSX file via the Report button.
Important: Ensure you have the Shodan API key provided via Settings menu.
Docker Image Scan identifies local packages vulnerabilities in docker images.
Provide the full path server_name/path/image_name:tag to the image in docker registry (for example - public.ecr.aws/portswigger/dastardly:latest), it will be downloaded and checked by the scanner.
Docker Registry authentication is currently not supported meaning only public images could be checked remotely.
