Starting your First Scans
Now that you have installed the secureCodeBox, you can start you are close to being able to run your first scans.
Before we can start scans, we need to install their ScanTypes
, these tell the secureCodeBox Operator how to run the scans and how their results can be parsed to create a uniform and consistent finding data model. ScanTypes are namespaced Custom Resource Definitions in Kubernetes, this lets different teams operating in different namespaces use different Types of scanners and enables them to define their own custom ScanTypes.
Installing the Nmap ScanType
In this guide, we'll use the Nmap Port & Network Scanner, as it is fast and relatively easy to use. We can install the Nmap ScanType via Helm (Make sure to add the helm repo first. See Installation):
To verify or to see which ScanTypes are installed in your current Namespace you can run:
This should print an output like this (your version might differ):
Starting a Scan
Now that we have the ScanType nmap installed, we are ready to start our first scan. A scanner, like this Nmap ScanType, is a namespaced CRD. That means you can install them in our own namespace and you're not required to have privileged access to the cluster. Also they are defined via YAML and so you can easily create your own ones.
This example creates a Nmap scan which probes the scanme.nmap.org host. This scan is equivalent to running nmap scanme.nmap.org
locally.
caution
Please note the terms of usage for the http://scanme.nmap.org/ website. Basically, restrict yourself to run portscans and don't run crazy amounts of scans against it.
To run this example save the YAML above to a local file named nmap-scan.yaml
and then start the scan via kubectl:
The scan is now starting up, you can track its progress using kubectl:
This should print an output like this:
Monitoring the Scan Execution
When you apply a scan, the secureCodeBox Operator will create a Kubernetes Job in your namespace. In this namespace, the scanner (in our example the Nmap scanner) will be executed inside a container. Once the scan has completed the container will terminate and no compute resources will be consumed anymore. You can view the status of this job by running:
This should give you an output like this
note
Your job names will be slightly different. Kubernetes generates a random suffix for each job name to make them unique. In our case the suffix fir the scan job is -w66rp
and for the parse job is -h8thd
.
You can also view the logs of the container by running:
If your job is still running you can stream the logs of the scan until it has completed:
This should print an output like this:
Unless you are really quick or your scan took a long time you'll likely also seen that a second job was started:
This should print an output like this:
This second job takes the result of the Nmap Scan and transforms them into a secureCodeBox specific finding format. These findings share the same basic structure for all integrated scanners, which makes it very convenient to analyze them in further steps.
Viewing the Scan Results
Once this second job has completed you can get an overview of the results by taking another look at the scan:
This should print an output like this:
This list shows us the total count of findings identified by the scan. You can get a deeper overview by running:
This should print an output like this:
This gives us an overview of the results of the scan. To view the actual findings produced by the scan you can use the download link to download the findings as JSON from Minio/S3.
Next Steps
Configure more Involved Nmap Scans
Nmap is an extremely powerful tool, which can be used for much more than just scanning for ports. You can find more examples of nmap scans, including example findings for these scans on the documentation page of the Nmap ScanType.
Other ScanTypes
Nmap is just one of the many security testing tools integrated into the secureCodeBox, you can find examples and documentation on how to use each of them on their documentation page in the sidebar.
To get started you can also take a look at our more detailed guides:
Persistence Providers
You can also integrate the secureCodeBox to automatically push the scan results into a external system like Elasticsearch or DefectDojo (Coming soon) to better analyse your findings.