Custom scans
You can use Ostorlab CLI to run a scan on the platform with a custom list of checks. The custom list of checks manifests in the form of custom agent settings.
This is useful if you have a private agent or would like to use one of the open-source agents with specific arguments.
An example would be to run the "Nuclei" agent with a predefined list of templates that are not part of the default ones.
Following are the steps needed to run a custom scan:
Ostorlab - Ostorlab Cli
The Ostorlab CLI is responsible for authenticating the user and running the scan on the platform:
- First, install ostorlab;
pip install ostorlab
- Login to your ostorlab account, by filling in your username & password;
ostorlab auth login
Prepare the Agent group definition:
The list of the agents to run and their respective arguments is passed via the Agent group definition file.
An example:
kind: AgentGroup
description: This is a custom agent group to run nuclei with custom templates.
name: custom_agent_group
agents:
- key: agent/ostorlab/nuclei
args:
- name: use_default_templates
type: boolean
description: use nuclei's default templates to scan.
value: false
- name: template_urls
type: array
description: List of template urls to run. These will be fetched by the agent and passed to Nuclei.
value:
-https://raw.githubusercontent.com/Ostorlab/known_exploited_vulnerbilities_detectors/main/nuclei/CVE-2021-35464.yaml
-https://raw.githubusercontent.com/Ostorlab/known_exploited_vulnerbilities_detectors/main/nuclei/CVE-2021-27561.yaml
agent_def.yaml) to a file that we will use to run the scan.
Run the scan:
oxo scan --runtime=cloud run -g PATH_AGENT_GROUP_DEFINITION COMMAND [ARGS]
For example to scan the url https://my_domain.com using the agent group defined in /tmp/agent_def.yaml
oxo scan --runtime=cloud run -g /tmp/agent_def.yaml link --url https://my_domain.com --method GET