Skip to content

Custom scans

You can use Ostorlab CLI to run a scan on the platform with a custom list of checks. The custom list of checks manifests in the form of custom agent settings.

This is useful if you have a private agent or would like to use one of the open-source agents with specific arguments.

An example would be to run the "Nuclei" agent with a predefined list of templates that are not part of the default ones.

Following are the steps needed to run a custom scan:

Ostorlab - Ostorlab Cli

The Ostorlab CLI is responsible for authenticating the user and running the scan on the platform: 

pip install ostorlab
  • Login to your ostorlab account, by filling in your username & password; 
ostorlab auth login

Prepare the Agent group definition:

The list of the agents to run and their respective arguments is passed via the Agent group definition file.

An example:

kind: AgentGroup
description: This is a custom agent group to run nuclei with custom templates.
name: custom_agent_group
agents:
  - key: agent/ostorlab/nuclei
    args:
      - name: use_default_templates
        type: boolean
        description: use nuclei's default templates to scan.
        value: false
      - name: template_urls
        type: array
        description: List of template urls to run. These will be fetched by the agent and passed to Nuclei.
        value: 
            -https://raw.githubusercontent.com/Ostorlab/known_exploited_vulnerbilities_detectors/main/nuclei/CVE-2021-35464.yaml
            -https://raw.githubusercontent.com/Ostorlab/known_exploited_vulnerbilities_detectors/main/nuclei/CVE-2021-27561.yaml
Save your custom agent group definition (agent_def.yaml) to a file that we will use to run the scan.

Run the scan:

oxo scan --runtime=cloud run -g PATH_AGENT_GROUP_DEFINITION COMMAND [ARGS]

For example to scan the url https://my_domain.com using the agent group defined in /tmp/agent_def.yaml

oxo scan --runtime=cloud run -g /tmp/agent_def.yaml link --url https://my_domain.com --method GET