Skip to content

Commit

Permalink
Add rscSync to worker enntrypoint and scanSchema; add associated hand…
Browse files Browse the repository at this point in the history 
…ler and fix questionDictionary.
  • Loading branch information
@Matthew-Grayson
Matthew-Grayson committed Apr 11, 2024
1 parent 13de3b7 commit facac52
Show file tree
Hide file tree
Showing 3 changed files with 239 additions and 193 deletions.
190 changes: 98 additions & 92 deletions backend/src/api/scans.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,10 @@ import {
IsArray
} from 'class-validator';
import {
Scan,
connectToDatabase,
Organization,
ScanTask,
OrganizationTag
OrganizationTag,
Scan
} from '../models';
import { validateBody, wrapHandler, NotFound, Unauthorized } from './helpers';
import { isGlobalWriteAdmin, isGlobalViewAdmin } from './auth';
Expand Down Expand Up @@ -49,47 +48,70 @@ interface ScanSchema {
}

export const SCAN_SCHEMA: ScanSchema = {
vulnSync: {
amass: {
type: 'fargate',
isPassive: false,
global: false,
description:
'Open source tool that integrates passive APIs and active subdomain enumeration in order to discover target subdomains'
},
censys: {
type: 'fargate',
isPassive: true,
global: false,
description: 'Passive discovery of subdomains from public certificates'
},
censysCertificates: {
type: 'fargate',
isPassive: true,
global: true,
description: 'Pull in vulnerability data from PEs Vulnerability database',
cpu: '1024',
memory: '8192'
cpu: '2048',
memory: '6144',
numChunks: 20,
description: 'Fetch TLS certificate data from censys certificates dataset'
},
cveSync: {
censysIpv4: {
type: 'fargate',
isPassive: true,
global: true,
description:
"Matches detected software versions to CVEs from NIST NVD and CISA's Known Exploited Vulnerabilities Catalog.",
cpu: '1024',
memory: '8192'
cpu: '2048',
memory: '6144',
numChunks: 20,
description: 'Fetch passive port and banner data from censys ipv4 dataset'
},
testProxy: {
cve: {
type: 'fargate',
isPassive: false,
isPassive: true,
global: true,
description: 'Not a real scan, used to test proxy'
cpu: '1024',
memory: '8192',
description:
"Matches detected software versions to CVEs from NIST NVD and CISA's Known Exploited Vulnerabilities Catalog."
},
test: {
cveSync: {
type: 'fargate',
isPassive: false,
isPassive: true,
global: true,
description: 'Not a real scan, used to test'
description:
"Matches detected software versions to CVEs from NIST NVD and CISA's Known Exploited Vulnerabilities Catalog.",
cpu: '1024',
memory: '8192'
},
censys: {
dnstwist: {
type: 'fargate',
isPassive: true,
global: false,
description: 'Passive discovery of subdomains from public certificates'
cpu: '2048',
memory: '16384',
description:
'Domain name permutation engine for detecting similar registered domains.'
},
amass: {
dotgov: {
type: 'fargate',
isPassive: false,
global: false,
isPassive: true,
global: true,
description:
'Open source tool that integrates passive APIs and active subdomain enumeration in order to discover target subdomains'
'Create organizations based on root domains from the dotgov registrar dataset. All organizations are created with the "dotgov" tag and have a " (dotgov)" suffix added to their name.'
},
findomain: {
type: 'fargate',
Expand All @@ -98,13 +120,16 @@ export const SCAN_SCHEMA: ScanSchema = {
description:
'Open source tool that integrates passive APIs in order to discover target subdomains'
},
portscanner: {
hibp: {
type: 'fargate',
isPassive: false,
isPassive: true,
global: false,
description: 'Active port scan of common ports'
cpu: '2048',
memory: '16384',
description:
'Finds emails that have appeared in breaches related to a given domain'
},
wappalyzer: {
intrigueIdent: {
type: 'fargate',
isPassive: true,
global: false,
Expand All @@ -113,54 +138,37 @@ export const SCAN_SCHEMA: ScanSchema = {
description:
'Open source tool that fingerprints web technologies based on HTTP responses'
},
shodan: {
lookingGlass: {
type: 'fargate',
isPassive: true,
global: false,
description:
'Fetch passive port, banner, and vulnerability data from shodan',
cpu: '1024',
memory: '8192'
description: 'Finds vulnerabilities and malware from the LookingGlass API'
},
sslyze: {
portscanner: {
type: 'fargate',
isPassive: true,
isPassive: false,
global: false,
description: 'SSL certificate inspection'
},
censysIpv4: {
type: 'fargate',
isPassive: true,
global: true,
cpu: '2048',
memory: '6144',
numChunks: 20,
description: 'Fetch passive port and banner data from censys ipv4 dataset'
description: 'Active port scan of common ports'
},
censysCertificates: {
rootDomainSync: {
type: 'fargate',
isPassive: true,
global: true,
cpu: '2048',
memory: '6144',
numChunks: 20,
description: 'Fetch TLS certificate data from censys certificates dataset'
global: false,
description:
'Creates domains from root domains by doing a single DNS lookup for each root domain.'
},
cve: {
rscSync: {
type: 'fargate',
isPassive: true,
global: true,
cpu: '1024',
memory: '8192',
description:
"Matches detected software versions to CVEs from NIST NVD and CISA's Known Exploited Vulnerabilities Catalog."
'Retrieves and saves assessments from ReadySetCyber mission instance.'
},
dotgov: {
savedSearch: {
type: 'fargate',
isPassive: true,
global: true,
description:
'Create organizations based on root domains from the dotgov registrar dataset. All organizations are created with the "dotgov" tag and have a " (dotgov)" suffix added to their name.'
description: 'Performs saved searches to update their search results'
},
searchSync: {
type: 'fargate',
Expand All @@ -171,67 +179,65 @@ export const SCAN_SCHEMA: ScanSchema = {
description:
'Syncs records with Elasticsearch so that they appear in search results.'
},
intrigueIdent: {
shodan: {
type: 'fargate',
isPassive: true,
global: false,
cpu: '1024',
memory: '4096',
description:
'Open source tool that fingerprints web technologies based on HTTP responses'
},
webscraper: {
type: 'fargate',
isPassive: true,
global: true,
numChunks: 3,
'Fetch passive port, banner, and vulnerability data from shodan',
cpu: '1024',
memory: '4096',
description: 'Scrapes all webpages on a given domain, respecting robots.txt'
memory: '8192'
},
hibp: {
sslyze: {
type: 'fargate',
isPassive: true,
global: false,
cpu: '2048',
memory: '16384',
description:
'Finds emails that have appeared in breaches related to a given domain'
description: 'SSL certificate inspection'
},
lookingGlass: {
test: {
type: 'fargate',
isPassive: true,
global: false,
description: 'Finds vulnerabilities and malware from the LookingGlass API'
isPassive: false,
global: true,
description: 'Not a real scan, used to test'
},
dnstwist: {
testProxy: {
type: 'fargate',
isPassive: true,
global: false,
cpu: '2048',
memory: '16384',
description:
'Domain name permutation engine for detecting similar registered domains.'
isPassive: false,
global: true,
description: 'Not a real scan, used to test proxy'
},
rootDomainSync: {
trustymail: {
type: 'fargate',
isPassive: true,
global: false,
description:
'Creates domains from root domains by doing a single DNS lookup for each root domain.'
'Evaluates SPF/DMARC records and checks MX records for STARTTLS support'
},
savedSearch: {
vulnSync: {
type: 'fargate',
isPassive: true,
global: true,
description: 'Performs saved searches to update their search results'
description: 'Pull in vulnerability data from PEs Vulnerability database',
cpu: '1024',
memory: '8192'
},
trustymail: {
wappalyzer: {
type: 'fargate',
isPassive: true,
global: false,
cpu: '1024',
memory: '4096',
description:
'Evaluates SPF/DMARC records and checks MX records for STARTTLS support'
'Open source tool that fingerprints web technologies based on HTTP responses'
},
webscraper: {
type: 'fargate',
isPassive: true,
global: true,
numChunks: 3,
cpu: '1024',
memory: '4096',
description: 'Scrapes all webpages on a given domain, respecting robots.txt'
}
};

Expand Down
Loading

0 comments on commit facac52

Please sign in to comment.