ScanSuite
  • Introduction
  • Architecture
  • Installation
    • Technical Requirements
    • Install ScanSuite server
    • Set up DefectDojo
    • Troubleshooting
    • SSL/TLS Setup
  • Administration
    • Setup parameters and services
    • Configuring API keys for external systems
    • User administration
    • Security logs
  • Usage
    • Products
    • Performing a static code analysis
      • Git repository authentication
      • Schedule and incremental checks
      • (Optional) Compiling the code
      • Executing the OpenAI scan
    • Managing scan execution
    • Working with scan results
      • Checking for exploitable vulnerabilities
      • Export to Securitm
      • (Optional) Parsing CSV exports
    • Performing dynamic web scanning
      • Authenticated scans
      • API scans
    • Running infrastructure tests
    • Scheduling the scan
    • Creating own scanning rules
  • Versions History
    • v 1.0
    • v 1.1
Powered by GitBook
On this page
  1. Usage

Running infrastructure tests

PreviousAPI scansNextScheduling the scan

Last updated 1 month ago

Important: Before running any scan ensure you have created a new product, where the scan results will be stored.

ScanSuite supports several infrastructure scan types:

Vulnerability Scan includes scanners to be run against the set of IPs or hostnames to identify open ports, listening services and their vulnerabilities. The next scanners are currently supported for this scan type:

  • OpenVAS - an open source infrastructure vulnerability scanner. Should be installed separately, as described in Administration section.

  • Nuclei - another popular vulnerability scanner.

  • Nuclei (My Rules) - runs the rules maintained via "My Rules" menu.

  • Nessus Pro - connection setup is similar to OpenVAS and is described in Administration section of this manual.

To set up the scan, specify the scan targets, frequency and set up a schedule if required.

Choose if hosts have to be pinged before scan the ports options. Ping is more actual for internal scans as it saves time when scanning large subnets.

Network Discovery is essentially the Nmap scan in hosts/ports discovery mode.

Local Linux Patching Checks - performs the local patch checks over SSH (TCP 22) using OVAL/CVE definitions from various vendors. Accepts hostnames, IPs, subnets and ranges.

The next OS are supported for patching checks:

  • Ubuntu 16.04 - 24.04

  • Red Hat 7 - 9

  • Debian 9 -12

Currently implemented via OpenVAS, which supports authentication with both username/password or username/SSH key pairs, and Vuls vulnerability scanner, which supports only username/SSH key pair.

Important: Ensure you have the respective credentials provided via Settings menu.

OpenVAS patching scan results are uploaded to Defect Dojo automatically.

Results of Vuls scanner patching checks are not uploaded to Defect Dojo, but saved in individual XLSX files for each host, available to download via the Report button.

Domains OSINT discovers subdomains and active hosts for given domain names. Also checks for leaked mail addresses (requires hunter.io API key), credentials (requires dehashed.com API key), information about hosts' services and known vulnerabilities (requires shodan.io API key) for the given domains.

Expects the comma or new line separated list of domains (example.com, another.org) to perform the enumeration against.

Once the enumeration is finished, discovered subdomains with respective information will be available via the Report button. Discovered mailboxes and credentials will be in the Credentials tab.

Important: Ensure you have the Shodan, Hunter.io and Dehashed API keys provided via Settings menu.

Docker Image Scan identifies local packages vulnerabilities in docker images.

Provide the full path server_name/path/image_name:tag to the image in docker registry (for example - public.ecr.aws/portswigger/dastardly:latest), it will be downloaded and checked by the scanner.

Docker Registry authentication is currently not supported meaning only public images could be checked remotely.