You can use Ostorlab CLI to run a scan on the platform with a custom list of checks. The custom list of checks manifests in the form of custom agent settings.
This is useful if you have a private agent or would like to use one of the open-source agents with specific arguments.
An example would be to run the "Nuclei" agent with a predefined list of templates that are not part of the default ones.
Following are the steps needed to run a custom scan:
Ostorlab - Ostorlab Cli
The Ostorlab CLI is responsible for authenticating the user and running the scan on the platform:
- First, install ostorlab;
pip install ostorlab
- Login to your ostorlab account, by filling in your username & password;
ostorlab auth login
Prepare the Agent group definition:
The list of the agents to run and their respective arguments is passed via the
Agent group definition file.
kind: AgentGroup description: This is a custom agent group to run nuclei with custom templates. name: custom_agent_group agents: - key: agent/ostorlab/nuclei args: - name: use_default_templates type: boolean description: use nuclei's default templates to scan. value: false - name: template_urls type: array description: List of template urls to run. These will be fetched by the agent and passed to Nuclei. value: -https://raw.githubusercontent.com/Ostorlab/known_exploited_vulnerbilities_detectors/main/nuclei/CVE-2021-35464.yaml -https://raw.githubusercontent.com/Ostorlab/known_exploited_vulnerbilities_detectors/main/nuclei/CVE-2021-27561.yaml
agent_def.yaml) to a file that we will use to run the scan.
Run the scan:
ostorlab scan --runtime=cloud run -g PATH_AGENT_GROUP_DEFINITION COMMAND [ARGS]
For example to scan the url https://my_domain.com using the agent group defined in /tmp/agent_def.yaml
ostorlab scan --runtime=cloud run -g /tmp/agent_def.yaml link --url https://my_domain.com --method GET