Git Product home page Git Product logo

go-vaddy's Introduction

go-vaddy: VAddy API Command-Line Tool

VAddy API Command-Line Tool using golang
https://vaddy.net

Go-vaddy can start scan and check the result.

日本語ドキュメントはこちらです。 https://github.com/vaddy/go-vaddy/blob/master/README_ja.md

OS type

You can use exe files on go-vaddy/bin directory. If you use linux(64bit), use vaddy-linux-64bit.

For example, ./vaddy-linux-64bit api_key userID FQDN

OS file
Linux(64bit) vaddy-linux-64bit
MacOS(64bit Intel) vaddy-macosx-64bit
Windows(64bit) vaddy-win-64bit.exe
FreeBSD(64bit) vaddy-freebsd-64bit

Usage (start scan and get the result)

Exit status

Go-vaddy returns 0 (no errors, no vulnerabilities) or 1 (errors, 1 or more vulnerabilities).

ENV

You can check V1/V2 project on the dashboard screen after login.

for V1 Project

export VADDY_TOKEN="123455667789"  
export VADDY_USER="ichikaway"  
export VADDY_HOST="www.examplevaddy.com"  
#export VADDY_CRAWL="30"
#export VADDY_SCAN_TYPE="SQLI,XSS,..."

for V2 Project

export VADDY_TOKEN="123455667789"
export VADDY_USER="ichikaway"
export VADDY_PROJECT_ID="your project id"
#export VADDY_CRAWL="30"
#export VADDY_SCAN_TYPE="SQLI,XSS"

  • VADDY_USER is VAddy login ID.

  • VADDY_CRAWL is optional. If you don't specify it, VAddy uses the latest crawl data.
    You can specify crawl label keyword on VADDY_CRAWL like this

    export VADDY_CRAWL="search result pages"

  • VADDY_SCAN_TYPE is optional to specify a specific scan type. Scan type list document Without this option, all scan will be performed. If you specify an item that does not exist or an item that does not exist in your plan, the error Invalid scan type selected will be returned.

Command Execution

cd bin
./vaddy-linux-64bit

Slack Integration

Setting these OS environment variables, Post message to the slack when VAddy found vulnerabilities.

export SLACK_WEBHOOK_URL="webhook url"
export SLACK_USERNAME="your user (optional)"
export SLACK_CHANNEL="your channel (optional)"
export SLACK_ICON_EMOJI=":smile: (optional)"
export SLACK_ICON_URL="icon url (optional)"

go-vaddy's People

Contributors

ichikaway avatar setomits avatar shin1x1 avatar unionsep avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

bpienterprise yut148 unionsep shin1x1 setomits kurotaky

go-vaddy's Issues

WARNING on `vaddy_privatenet.sh connect`

vaddy_privatenet.sh connect を実行すると WARNING が発生します。
クロール、スキャンは正常に実行されます。
とりあえず、報告です。

% ./vaddy_privatenet.sh connect                                                                                                                                                                      master

################################################################
# VAddy Private Net Tools (Version: 1.0.3)
# This software is released under the MIT License,
#
# This tool needs Mac or Linux, Java, ssh command
#
################################################################

---------------- setting information -----------------
  FQDN: example.local
  User: hoge
  Local IP: 192.168.31.62
  Local Port: 80
  Agent Options: -u hoge -h example.local -w 192.168.31.62:80
------------------------------------------------------




=== Connect ===

Log file setup : vaddy/2019_05_08_20_31_23.txt
ssh and ssh-keygen OK.
DNS OK.
HTTPS connectivity OK.
Connection to web server OK.
SSH files exist OK.
..................................
ssh -i vaddy/ssh/id_rsa -N -R 0.0.0.0:2181:192.168.31.62:80 [email protected]
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by vaddy.pip.Vaddy (file:/Users/hoge/Downloads/go-vaddy-master/privatenet/bin/vaddy_agent.jar) to field java.lang.ProcessImpl.pid
WARNING: Please consider reporting this to the maintainers of vaddy.pip.Vaddy
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
pid:69383
Checking E2E connectivity...
E2E connectivity OK.
Connect Status: 0

以下、環境です

% sw_vers  
ProductName:    Mac OS X
ProductVersion: 10.13.6
BuildVersion:   17G6030

% java -version 
java version "11" 2018-09-25
Java(TM) SE Runtime Environment 18.9 (build 11+28)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11+28, mixed mode)

about 1.0.5

I thought that 1.0.3 which is the latest release supports VAddy v2, but it doesn't.
It would be great if you add 1.0.5 in release.

Thanks.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.