Examples
A list of common cases that OXO’s platform can be used to run scans. It covers Web scan, Network scan, SBOM file, etc.
Web scan
For the Web scan, we will be using:
- Zap: Application crawling and fuzzing for application-level vulnerabilities.
- Nuclei: Detection of known vulnerabilities.
- Asteroid: Detection of known vulnerabilities.
- Metasploit: Detection of known vulnerabilities.
- Tsunami: Detection of known vulnerabilities.
- Semgrep: Javascript and HTML source code review.
- Trufflehog: Leaked secret detection.
To perform your Web scan, you have two options depending on your target.
Scanning a Host:
To scan a domain, simply run the following command:
oxo scan run --install -g agent_group.yaml domain-name www.example.com
Scanning a URL:
To scan a link, simply run the following command:
oxo scan run --install -g agent_group.yaml link --url https://www.example.com --method GET
Agent group definition
You can copy the Agent Group Definition example:
kind: AgentGroup
description: Agent Group for extensive Web Testing with crawling, fuzzing and known vulnerability discovery.
agents:
- key: agent/ostorlab/zap
args:
- name: scan_profile
type: string
description: "Accepts three values: `baseline` which runs the ZAP spider against
the target for (by default) 1 minute followed by an optional ajax
spider scan before reporting the results of the passive scanning.
`full` which runs the ZAP spider against the target (by default with
no time limit) followed by an optional ajax spider scan and then a
full active scan before reporting the results and `api` Scan which
performs an active scan against APIs defined by OpenAPI, or GraphQL
(post 2.9.0) via either a local file or a URL."
value: full
- key: agent/ostorlab/nuclei
- key: agent/ostorlab/asteroid
- key: agent/ostorlab/metasploit
- key: agent/ostorlab/tsunami
- key: agent/ostorlab/semgrep
- key: agent/ostorlab/trufflehog
Network scan
For the Network scan, we will be using:
- Nmap: Network Port and Service scanning.
- Nuclei: Detection of known vulnerabilities.
- Asteroid: Detection of known vulnerabilities.
- Metasploit: Detection of known vulnerabilities.
- Tsunami: Detection of known vulnerabilities.
- OpenVas: Detection of known vulnerabilities.
To perform your Network scan, you use the ip asset.
oxo scan run --install -g agent_group.yaml ip 8.8.8.8
Agent group definition
You can copy the Agent Group Definition example:
kind: AgentGroup
description: Agent Group for Extensive network scanning.
agents:
- key: agent/ostorlab/nmap
args:
- name: fast_mode
type: boolean
description: Fast mode scans fewer ports than the default mode.
value: true
- name: ports
type: string
description: List of ports to scan.
value: 0-65535
- name: timing_template
type: string
description: Template of timing settings (T0, T1, ... T5).
value: T3
- name: scripts
type: array
description: List of scripts to run using Nmap
value: "['banner']"
- key: agent/ostorlab/asteroid
- key: agent/ostorlab/metasploit
- key: agent/ostorlab/openvas
- key: agent/ostorlab/nuclei
- key: agent/ostorlab/tsunami
port_mapping: []
SBOM file scan
To scan an SBOM file, we will be using the Agent osv.
To perform your SBOM file scan, you use the file asset.
oxo scan run --install -g agent_group.yaml file --file /tmp/my_sbom_file
Agent group definition
You can copy the Agent Group Definition example:
kind: AgentGroup
description: SBOM scan
agents:
- key: agent/ostorlab/osv
args:
- name: nvd_api_key
type: string
description: NVD api key.
value: ""
port_mapping: []
Enumerate domains
To improve the scope of detection, it's possible to enumerate and target subdomains of a given asset by adding Subfinder and/or Dnsx to the agent group definition agent_group.yaml.
Amass, all_tlds, whois_domain are other agents that will aid with subdomain discovery.
WhatWeb and Nmap will handle port, service and tech stack scanning.
Agent group definition
You can copy the Agent Group Definition example:
kind: AgentGroup
description: Enumerate domain scan
agents:
- key: agent/ostorlab/subfinder
- key: agent/ostorlab/dnsx
- key: agent/ostorlab/all_tlds
- key: agent/ostorlab/amass
- key: agent/ostorlab/whois_domain
- key: agent/ostorlab/whatweb
- key: agent/ostorlab/nmap
Check a single bug with a nuclei template
To check a single bug using nuclei template, we will customize the arguments passed to Agent nuclei in the agent group definition.
To perform your Network scan, you use the ip asset.
oxo scan run --install -g agent_group.yaml ip 8.8.8.8
Agent group definition
To customize the list of templates, we set the value of the argument template_urls to the list of templates to run.
kind: AgentGroup
description: Network scan
agents:
- key: agent/ostorlab/nuclei
args:
- name: template_urls
type: array
description: List of template urls to run. These will be fetched by the agent
and passed to Nuclei.
value:
- "URL1_To_TEMPLATE"
- "URL2_To_TEMPLATE"
Override agent in_selectors:
To override the default selectors that an agent listens to, you can use the in_selectors field in the agent group definition.
For example, Agent Zap listens to the v3.asset.domain_name and v3.asset.link selectors.
If you want the agent to target only the v3.asset.link selector, you can specify it in the agent group definition.
kind: AgentGroup
description: Override agent in_selectors example
agents:
- key: agent/ostorlab/zap
in_selectors:
- v3.asset.link
Specify the list of accepted agents:
To specify to an agent which agents to receive messages from, you can use the accepted_agents field in the agent group definition.
kind: AgentGroup
description: Specify to an agent the list of agents to receive messages from
agents:
- key: agent/ostorlab/zap
accepted_agents: ["inject_asset"]