OXO

Examples

A list of common cases that OXO’s platform can be used to run scans. It covers Web scan, Network scan, SBOM file, etc.

Web scan

For the Web scan, we will be using the Agent Zap.

To perform your Web scan, you have two options depending on your target.

Scanning a Host:

To scan a domain, simply run the following command:

oxo scan run --install -g agent_group.yaml domain-name www.example.com
Scanning a URL:

To scan a link, simply run the following command:

oxo scan run --install -g agent_group.yaml link --url https://www.example.com --method GET

Agent group definition

You can copy the Agent Group Definition example:

kind: AgentGroup
description: Scan Web
agents:
  - key: agent/ostorlab/zap
    args:
      - name: scan_profile
        type: string
        description: "Accepts three values: `baseline` which runs the ZAP spider against
          the target for (by default) 1 minute followed by an optional ajax
          spider scan before reporting the results of the passive scanning.
          `full` which runs the ZAP spider against the target (by default with
          no time limit) followed by an optional ajax spider scan and then a
          full active scan before reporting the results and `api` Scan which
          performs an active scan against APIs defined by OpenAPI, or GraphQL
          (post 2.9.0) via either a local file or a URL."
        value: full
    port_mapping: []

Network scan

For the Network scan, we will be using the Agent nmap and Agent nuclei.

Getting Started

To perform your Network scan, you use the ip asset.

oxo scan run --install -g agent_group.yaml ip 8.8.8.8

Agent group definition

You can copy the Agent Group Definition example:

kind: AgentGroup
description: Network scan
agents:
  - key: agent/ostorlab/nuclei
    args:
      - name: use_default_templates
        type: boolean
        description: use nuclei's default templates to scan.
        value: true
    port_mapping: []
  - key: agent/ostorlab/nmap
    args:
      - name: fast_mode
        type: boolean
        description: Fast mode scans fewer ports than the default mode.
        value: true
      - name: ports
        type: string
        description: List of ports to scan.
        value: 0-65535
      - name: timing_template
        type: string
        description: Template of timing settings (T0, T1, ... T5).
        value: T3
      - name: scripts
        type: array
        description: List of scripts to run using Nmap
        value: "['banner']"
    port_mapping: []

SBOM file scan

To scan an SBOM file, we will be using the Agent osv.

To perform your SBOM file scan, you use the file asset.

oxo scan run --install -g agent_group.yaml file --file /tmp/my_sbom_file

Agent group definition

You can copy the Agent Group Definition example:

kind: AgentGroup
description: SBOM scan
agents:
  - key: agent/ostorlab/osv
    args:
      - name: nvd_api_key
        type: string
        description: NVD api key.
        value: ""
    port_mapping: []

Enumerate domains

To improve the scope of detection, it's possible to enumerate and target subdomains of a given asset by adding subfinder and/or dnsx to the agent group definition agent_group.yaml.

Agent group definition

You can copy the Agent Group Definition example:

kind: AgentGroup
description: Enumerate domain scan
agents:
  - key: agent/ostorlab/subfinder
  - key: agent/ostorlab/dnsx

Check a single bug with a nuclei template

To check a single bug using nuclei template, we will customize the arguments passed to Agent nuclei in the agent group definition.

To perform your Network scan, you use the ip asset.

oxo scan run --install -g agent_group.yaml ip 8.8.8.8

Agent group definition

To customize the list of templates, we set the value of the argument template_urls to the list of templates to run.

kind: AgentGroup
description: Network scan
agents:
  - key: agent/ostorlab/nuclei
    args:
      - name: template_urls
        type: array
        description: List of template urls to run. These will be fetched by the agent
          and passed to Nuclei.
        value: 
          - "URL1_To_TEMPLATE"
          - "URL2_To_TEMPLATE"

Override agent in_selectors:

To override the default selectors that an agent listens to, you can use the in_selectors field in the agent group definition.

For example, Agent Zap listens to the v3.asset.domain_name and v3.asset.link selectors.

If you want the agent to target only the v3.asset.link selector, you can specify it in the agent group definition.

kind: AgentGroup
description: Override agent in_selectors example
agents:
  - key: agent/ostorlab/zap
    in_selectors:
      - v3.asset.link

Specify the list of accepted agents:

To specify to an agent which agents to receive messages from, you can use the accepted_agents field in the agent group definition.

kind: AgentGroup
description: Specify to an agent the list of agents to receive messages from
agents:
  - key: agent/ostorlab/zap
    accepted_agents: ["inject_asset"]

Life of a scan

Learn how OXO works under the hood.

Write an agent

Learn how to write an OXO agent.