Examples
A list of common cases that OXO’s platform can be used to run scans. It covers Web scan, Network scan, SBOM file, etc.
Web scan
For the Web scan, we will be using the Agent Zap.
To perform your Web scan, you have two options depending on your target.
Scanning a Host:
To scan a domain, simply run the following command:
oxo scan run --install -g agent_group.yaml domain-name www.example.com
Scanning a URL:
To scan a link, simply run the following command:
oxo scan run --install -g agent_group.yaml link --url https://www.example.com --method GET
Agent group definition
You can copy the Agent Group Definition
example:
kind: AgentGroup
description: Scan Web
agents:
- key: agent/ostorlab/zap
args:
- name: scan_profile
type: string
description: "Accepts three values: `baseline` which runs the ZAP spider against
the target for (by default) 1 minute followed by an optional ajax
spider scan before reporting the results of the passive scanning.
`full` which runs the ZAP spider against the target (by default with
no time limit) followed by an optional ajax spider scan and then a
full active scan before reporting the results and `api` Scan which
performs an active scan against APIs defined by OpenAPI, or GraphQL
(post 2.9.0) via either a local file or a URL."
value: full
port_mapping: []
Network scan
For the Network scan, we will be using the Agent nmap and Agent nuclei.
Getting Started
To perform your Network scan, you use the ip asset.
oxo scan run --install -g agent_group.yaml ip 8.8.8.8
Agent group definition
You can copy the Agent Group Definition
example:
kind: AgentGroup
description: Network scan
agents:
- key: agent/ostorlab/nuclei
args:
- name: use_default_templates
type: boolean
description: use nuclei's default templates to scan.
value: true
port_mapping: []
- key: agent/ostorlab/nmap
args:
- name: fast_mode
type: boolean
description: Fast mode scans fewer ports than the default mode.
value: true
- name: ports
type: string
description: List of ports to scan.
value: 0-65535
- name: timing_template
type: string
description: Template of timing settings (T0, T1, ... T5).
value: T3
- name: scripts
type: array
description: List of scripts to run using Nmap
value: "['banner']"
port_mapping: []
SBOM file scan
To scan an SBOM file, we will be using the Agent osv.
To perform your SBOM file scan, you use the file asset.
oxo scan run --install -g agent_group.yaml file --file /tmp/my_sbom_file
Agent group definition
You can copy the Agent Group Definition
example:
kind: AgentGroup
description: SBOM scan
agents:
- key: agent/ostorlab/osv
args:
- name: nvd_api_key
type: string
description: NVD api key.
value: ""
port_mapping: []
Enumerate domains
To improve the scope of detection, it's possible to enumerate and target subdomains of a given asset by adding subfinder
and/or dnsx
to the agent group definition agent_group.yaml
.
Agent group definition
You can copy the Agent Group Definition
example:
kind: AgentGroup
description: Enumerate domain scan
agents:
- key: agent/ostorlab/subfinder
- key: agent/ostorlab/dnsx
Check a single bug with a nuclei template
To check a single bug using nuclei template, we will customize the arguments passed to Agent nuclei in the agent group definition.
To perform your Network scan, you use the ip asset.
oxo scan run --install -g agent_group.yaml ip 8.8.8.8
Agent group definition
To customize the list of templates, we set the value of the argument template_urls
to the list of templates to run.
kind: AgentGroup
description: Network scan
agents:
- key: agent/ostorlab/nuclei
args:
- name: template_urls
type: array
description: List of template urls to run. These will be fetched by the agent
and passed to Nuclei.
value:
- "URL1_To_TEMPLATE"
- "URL2_To_TEMPLATE"
Override agent in_selectors:
To override the default selectors that an agent listens to, you can use the in_selectors
field in the agent group definition.
For example, Agent Zap listens to the v3.asset.domain_name
and v3.asset.link
selectors.
If you want the agent to target only the v3.asset.link
selector, you can specify it in the agent group definition.
kind: AgentGroup
description: Override agent in_selectors example
agents:
- key: agent/ostorlab/zap
in_selectors:
- v3.asset.link
Specify the list of accepted agents:
To specify to an agent which agents to receive messages from, you can use the accepted_agents
field in the agent group definition.
kind: AgentGroup
description: Specify to an agent the list of agents to receive messages from
agents:
- key: agent/ostorlab/zap
accepted_agents: ["inject_asset"]