Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitdbaf036

Browse files
joel-sassJ12934
authored andcommitted
Add new Subdomain scanner for subfinder
Since Amass has been causing issues with the v4 release and Amass has so far only been used as a subdomain scanner, the new subdomain scanner is added.Signed-off-by: Joel Saß <joel.sass@iteratec.com>
1 parent147ee8e commitdbaf036

27 files changed

+838
-1
lines changed

‎CONTRIBUTORS.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,4 +58,5 @@ Committing with `git commit -s` will add the sign-off at the end of the commit m
5858
- Eline Henriksen <mains.moon.0x@icloud.com>
5959
- Michael Kruggel <michael.kruggel@defenseunicorns.com>
6060
- Ochi Daiki<lbfdeatq@gmail.com>
61-
- Kai Schäfer <kai.schaefer@claranet.com>
61+
- Kai Schäfer <kai.schaefer@claranet.com>
62+
- Joel Saß <joel.sass@iteratec.com>

‎scanners/subfinder/.gitignore

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# SPDX-FileCopyrightText: the secureCodeBox authors
2+
#
3+
# SPDX-License-Identifier: Apache-2.0
4+
5+
*.tar

‎scanners/subfinder/.helm-docs.gotmpl

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
{{- /*
2+
SPDX-FileCopyrightText: the secureCodeBox authors
3+
4+
SPDX-License-Identifier: Apache-2.0
5+
*/ -}}
6+
7+
{{- define "extra.docsSection" -}}
8+
---
9+
title: "subfinder"
10+
category: "scanner"
11+
type: "Network"
12+
state: "released"
13+
appVersion: "{{ template "chart.appVersion" . }}"
14+
usecase: "NEW SCANNER USECASE"
15+
---
16+
17+
ADD A [LOGO]() HERE!
18+
19+
{{- end }}
20+
21+
{{- define "extra.dockerDeploymentSection" -}}
22+
## Supported Tags
23+
- `latest` (represents the latest stable release build)
24+
- tagged releases, e.g. `{{ template "chart.appVersion" . }}`
25+
{{- end }}
26+
27+
{{- define "extra.chartAboutSection" -}}
28+
## What is subfinder?
29+
30+
Please write some information about the new scanner.
31+
{{- end }}
32+
33+
{{- define "extra.scannerConfigurationSection" -}}
34+
35+
Please write how to configure the scanner
36+
37+
{{- end }}
38+
39+
{{- define "extra.chartConfigurationSection" -}}
40+
41+
Please include any extra Helm chart configurations that can be useful.
42+
43+
{{- end }}
44+
45+
{{- define "extra.scannerLinksSection" -}}
46+
47+
Please include any links that can be used as a reference for the scanner.
48+
49+
{{- end }}
50+

‎scanners/subfinder/.helmignore

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
# SPDX-FileCopyrightText: the secureCodeBox authors
2+
#
3+
# SPDX-License-Identifier: Apache-2.0
4+
# Patterns to ignore when building packages.
5+
# This supports shell glob matching, relative path matching, and
6+
# negation (prefixed with !). Only one pattern per line.
7+
.DS_Store
8+
# Common VCS dirs
9+
.git/
10+
.gitignore
11+
.bzr/
12+
.bzrignore
13+
.hg/
14+
.hgignore
15+
.svn/
16+
# Common backup files
17+
*.swp
18+
*.bak
19+
*.tmp
20+
*~
21+
# Various IDEs
22+
.project
23+
.idea/
24+
*.tmproj
25+
.vscode/
26+
# Node.js files
27+
node_modules/*
28+
package.json
29+
package-lock.json
30+
src/*
31+
config/*
32+
Dockerfile
33+
.dockerignore
34+
*.tar
35+
parser/*
36+
scanner/*
37+
integration-tests/*
38+
examples/*
39+
docs/*
40+
Makefile

‎scanners/subfinder/Chart.yaml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# SPDX-FileCopyrightText: the secureCodeBox authors
2+
#
3+
# SPDX-License-Identifier: Apache-2.0
4+
5+
apiVersion:v2
6+
name:subfinder
7+
description:A Helm chart for the subfinder security Scanner that integrates with the secureCodeBox.
8+
9+
type:application
10+
# version - gets automatically set to the secureCodeBox release version when the helm charts gets published
11+
version:v3.1.0-alpha1
12+
appVersion:"v2.7.0"
13+
kubeVersion:">=v1.11.0-0"
14+
annotations:
15+
#versionApi: https://api.github.com/repos/REPONAME/REPO/releases/latest
16+
# supported cpu architectures for which docker images for the scanner should be build, e.g. "linux/amd64,linux/arm64"
17+
supported-platforms:linux/amd64
18+
keywords:
19+
-security
20+
-subfinder
21+
-scanner
22+
-secureCodeBox
23+
-subdomain
24+
-discovery
25+
home:https://github.com/projectdiscovery/subfinder
26+
icon:https://www.securecodebox.io/img/integrationIcons/subfinder.svg# TODO: Muss ich hier ein eigenes bild "uploaden"
27+
sources:
28+
-https://github.com/secureCodeBox/secureCodeBox
29+
maintainers:
30+
-name:iteratec GmbH
31+
email:secureCodeBox@iteratec.com

‎scanners/subfinder/Makefile

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
#!/usr/bin/make -f
2+
#
3+
# SPDX-FileCopyrightText: the secureCodeBox authors
4+
#
5+
# SPDX-License-Identifier: Apache-2.0
6+
#
7+
8+
include_guard = set
9+
scanner = subfinder
10+
11+
include ../../scanners.mk

‎scanners/subfinder/README.md

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
---
2+
title:"subfinder"
3+
category:"scanner"
4+
type:"Network"
5+
state:"released"
6+
appVersion:""
7+
usecase:"NEW SCANNER USECASE"
8+
---
9+
10+
ADD A[LOGO]() HERE!
11+
12+
<!--
13+
SPDX-FileCopyrightText: the secureCodeBox authors
14+
15+
SPDX-License-Identifier: Apache-2.0
16+
-->
17+
<!--
18+
.: IMPORTANT! :.
19+
--------------------------
20+
This file is generated automatically with `helm-docs` based on the following template files:
21+
- ./.helm-docs/templates.gotmpl (general template data for all charts)
22+
- ./chart-folder/.helm-docs.gotmpl (chart specific template data)
23+
24+
Please be aware of that and apply your changes only within those template files instead of this file.
25+
Otherwise your changes will be reverted/overwritten automatically due to the build process `./.github/workflows/helm-docs.yaml`
26+
--------------------------
27+
-->
28+
29+
<palign="center">
30+
<ahref="https://opensource.org/licenses/Apache-2.0"><imgalt="License Apache-2.0"src="https://img.shields.io/badge/License-Apache%202.0-blue.svg"/></a>
31+
<ahref="https://github.com/secureCodeBox/secureCodeBox/releases/latest"><imgalt="GitHub release (latest SemVer)"src="https://img.shields.io/github/v/release/secureCodeBox/secureCodeBox?sort=semver"/></a>
32+
<ahref="https://owasp.org/www-project-securecodebox/"><imgalt="OWASP Lab Project"src="https://img.shields.io/badge/OWASP-Lab%20Project-yellow"/></a>
33+
<ahref="https://artifacthub.io/packages/search?repo=securecodebox"><imgalt="Artifact HUB"src="https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/securecodebox"/></a>
34+
<ahref="https://github.com/secureCodeBox/secureCodeBox/"><imgalt="GitHub Repo stars"src="https://img.shields.io/github/stars/secureCodeBox/secureCodeBox?logo=GitHub"/></a>
35+
<ahref="https://infosec.exchange/@secureCodeBox"><imgalt="Mastodon Follower"src="https://img.shields.io/mastodon/follow/111902499714281911?domain=https%3A%2F%2Finfosec.exchange%2F"/></a>
36+
</p>
37+
38+
##What is subfinder?
39+
40+
Please write some information about the new scanner.
41+
42+
##Deployment
43+
The subfinder chart can be deployed via helm:
44+
45+
```bash
46+
# Install HelmChart (use -n to configure another namespace)
47+
helm upgrade --install subfinder oci://ghcr.io/securecodebox/helm/subfinder
48+
```
49+
50+
Please write how to configure the scanner
51+
52+
##Requirements
53+
54+
Kubernetes:`>=v1.11.0-0`
55+
56+
Please include any extra Helm chart configurations that can be useful.
57+
58+
##Values
59+
60+
| Key| Type| Default| Description|
61+
|-----|------|---------|-------------|
62+
| cascadingRules.enabled| bool|`false`| Enables or disables the installation of the default cascading rules for this scanner|
63+
| imagePullSecrets| list|`[]`| Define imagePullSecrets when a private registry is used (see:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)|
64+
| parser.affinity| object|`{}`| Optional affinity settings that control how the parser job is scheduled (see:https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)|
65+
| parser.env| list|`[]`| Optional environment variables mapped into each parseJob (see:https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)|
66+
| parser.image.pullPolicy| string|`"IfNotPresent"`| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if:latest tag is specified, or IfNotPresent otherwise. More info:https://kubernetes.io/docs/concepts/containers/images#updating-images|
67+
| parser.image.repository| string|`"docker.io/securecodebox/parser-subfinder"`| Parser image repository|
68+
| parser.image.tag| string| defaults to the charts version| Parser image tag|
69+
| parser.nodeSelector| object|`{}`||
70+
| parser.resources| object|`{ requests: { cpu: "200m", memory: "100Mi" }, limits: { cpu: "400m", memory: "200Mi" } }`| Optional resources lets you control resource limits and requests for the parser container. Seehttps://kubernetes.io/docs/concepts/configuration/manage-resources-containers/|
71+
| parser.scopeLimiterAliases| object|`{}`| Optional finding aliases to be used in the scopeLimiter.|
72+
| parser.tolerations| list|`[]`| Optional tolerations settings that control how the parser job is scheduled (see:https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)|
73+
| parser.ttlSecondsAfterFinished| string|`nil`| seconds after which the Kubernetes job for the parser will be deleted. Requires the Kubernetes TTLAfterFinished controller:https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/|
74+
| scanner.activeDeadlineSeconds| string|`nil`| There are situations where you want to fail a scan Job after some amount of time. To do so, set activeDeadlineSeconds to define an active deadline (in seconds) when considering a scan Job as failed. (see:https://kubernetes.io/docs/concepts/workloads/controllers/job/#job-termination-and-cleanup)|
75+
| scanner.affinity| object|`{}`| Optional affinity settings that control how the scanner job is scheduled (see:https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/)|
76+
| scanner.backoffLimit| int| 3| There are situations where you want to fail a scan Job after some amount of retries due to a logical error in configuration etc. To do so, set backoffLimit to specify the number of retries before considering a scan Job as failed. (see:https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy)|
77+
| scanner.env| list|`[]`| Optional environment variables mapped into each scanJob (see:https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/)|
78+
| scanner.extraContainers| list|`[]`| Optional additional Containers started with each scanJob (see:https://kubernetes.io/docs/concepts/workloads/pods/init-containers/)|
79+
| scanner.extraVolumeMounts| list|`[]`| Optional VolumeMounts mapped into each scanJob (see:https://kubernetes.io/docs/concepts/storage/volumes/)|
80+
| scanner.extraVolumes| list|`[]`| Optional Volumes mapped into each scanJob (see:https://kubernetes.io/docs/concepts/storage/volumes/)|
81+
| scanner.image.pullPolicy| string|`"IfNotPresent"`| Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if:latest tag is specified, or IfNotPresent otherwise. More info:https://kubernetes.io/docs/concepts/containers/images#updating-images|
82+
| scanner.image.repository| string|`"docker.io/securecodebox/scanner-subfinder"`| Container Image to run the scan|
83+
| scanner.image.tag| string|`nil`| defaults to the charts appVersion|
84+
| scanner.nameAppend| string|`nil`| append a string to the default scantype name.|
85+
| scanner.nodeSelector| object|`{}`| Optional nodeSelector settings that control how the scanner job is scheduled (see:https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/)|
86+
| scanner.podSecurityContext| object|`{}`| Optional securityContext set on scanner pod (see:https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)|
87+
| scanner.resources| object|`{}`| CPU/memory resource requests/limits (see:https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/,https://kubernetes.io/docs/tasks/configure-pod-container/assign-cpu-resource/)|
88+
| scanner.securityContext| object|`{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true}`| Optional securityContext set on scanner container (see:https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)|
89+
| scanner.securityContext.allowPrivilegeEscalation| bool|`false`| Ensure that users privileges cannot be escalated|
90+
| scanner.securityContext.capabilities.drop[0]| string|`"all"`| This drops all linux privileges from the container.|
91+
| scanner.securityContext.privileged| bool|`false`| Ensures that the scanner container is not run in privileged mode|
92+
| scanner.securityContext.readOnlyRootFilesystem| bool|`true`| Prevents write access to the containers file system|
93+
| scanner.securityContext.runAsNonRoot| bool|`true`| Enforces that the scanner image is run as a non root user|
94+
| scanner.suspend| bool|`false`| if set to true the scan job will be suspended after creation. You can then resume the job using`kubectl resume <jobname>` or using a job scheduler like kueue|
95+
| scanner.tolerations| list|`[]`| Optional tolerations settings that control how the scanner job is scheduled (see:https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)|
96+
| scanner.ttlSecondsAfterFinished| string|`nil`| seconds after which the Kubernetes job for the scanner will be deleted. Requires the Kubernetes TTLAfterFinished controller:https://kubernetes.io/docs/concepts/workloads/controllers/ttlafterfinished/|
97+
98+
##License
99+
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
100+
101+
Code of secureCodeBox is licensed under the[Apache License 2.0][scb-license].
102+
103+
[scb-owasp]:https://www.owasp.org/index.php/OWASP_secureCodeBox
104+
[scb-docs]:https://www.securecodebox.io/
105+
[scb-site]:https://www.securecodebox.io/
106+
[scb-github]:https://github.com/secureCodeBox/
107+
[scb-mastodon]:https://infosec.exchange/@secureCodeBox
108+
[scb-slack]:https://owasp.org/slack/invite
109+
[scb-license]:https://github.com/secureCodeBox/secureCodeBox/blob/master/LICENSE
110+
Please include any links that can be used as a reference for the scanner.

‎scanners/subfinder/cascading-rules/.gitkeep

Whitespace-only changes.

‎scanners/subfinder/docs/.gitkeep

Whitespace-only changes.
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
# SPDX-FileCopyrightText: the secureCodeBox authors
2+
#
3+
# SPDX-License-Identifier: Apache-2.0
4+
5+
apiVersion:"execution.securecodebox.io/v1"
6+
kind:Scan
7+
metadata:
8+
name:"subfinder-localhost"
9+
spec:
10+
scanType:"subfinder"
11+
parameters:
12+
# Note: Localhost here isn't "your" localhost, but the scanner container.
13+
# This container doesn't have any ports open...
14+
-localhost

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp