OXO

asset definition

How to run a new scan with asset definition

This guide provides clear instructions on how to run a new scan with assets yaml definition using the OXO UI platform. From initiating a new scan to submitting the finalized process, follow these precise steps to effortlessly navigate through the scan setup process.

New scan page

To access the new scan page, you can click on the "New Scan" button located at the top right of the navbar.

New scan page

Fill in the scan details

After that, a form will appear where you can provide the necessary details of the scan.

Fill in the scan details

Scanner: Select the scanner to run the scan on.

Fill in the scanner

click "Continue" to proceed to the next step.

Click continue

Title: This field is optional and allows you to give a title or name to the scan. It helps in identifying the scan later when reviewing results or managing multiple scans.

Fill in the title

Asset: This is a required field where you specify the asset that will undergo the scan. It could be an Android or iOS application, a web application, an API, a network or an assets yaml definition, which we will choose in our case.

Fill in the asset

After selecting the asset type, you can provide the assets that the scanner will target during the scan process.

Fill in the assets file

The asset yaml definition can include various types of assets:

description: Target group definition
kind: targetGroup
name: master_scan
assets:
  androidStore:
      - package_name: "test.this.schema"
  androidApkFile:
      - path: /somepath/Downloads/app.apk
  androidAabFile:
      - path: /somepath/Downloads/app.aab
  iosStore:
      - bundle_id: "test.this.schema"
  iosFile:
      - path: /somepath/Downloads/ppk.ipa
      - url: https://somepath.com/storage/ppk.ipa
  link:
      - url: "https://sketchy.com/fake"
        method: "GET"
      - url: "https://nasa.gov.ma/artemis"
        method: "POST"
  domain:
      - name: "seclab.dev"
  ip:
      - host: "10.21.11.11"

Android Store: Specify the package name of an Android application available on the Google Play Store. Android APK File: Provide the file path or url of an Android APK file located on your system. Android AAB File: Provide the file path or url of an Android App Bundle file located on your system. iOS Store: Specify the bundle ID of an iOS application available on the Apple App Store. iOS File: Provide the file path or url of an iOS IPA file located on your system. Link: Provide the URL of a web application or API endpoint. Domain: Specify the domain name of a web application. IP Range: Provide the IP address and subnet mask of a network to be scanned.

Agent Group: After providing the assets for the scan, you have to select an agent group. You can choose an existing one from the dropdown or add a new one using the provided editor.

Fill in the agent group

For more information on what is an agent group and how to create one, please refer to the agent group documentation.

Finally, to run the scan click on "Submit".

In the scan list page you can see that the scan is running.

Scan list page

This guide has provided clear, step-by-step instructions on how to run a new scan using the OXO UI platform with assets defined in yaml format.

ios store

scans list

How to navigate through the scans list page.