WebCheckr

Initial check for web pentests.

Installation

1 - First install docker
Refer to docker documentation for the installation.

2 - Pull required images:

docker pull wpscanteam/wpscan
docker pull wappalyzer/cli
docker pull kodisha/gobuster
docker pull pgrund/joomscan
docker pull selenium/standalone-chrome
docker pull ttimasdf/cve-search:withdb -- takes a lot of time...

3 - Initiate docker image and network

docker network create webcheckr
docker create --net=webcheckr --name cvesearch_docker ttimasdf/cve-search:withdb

OR

run startup.sh, sudo is required during install

./startup.sh

Run

docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock -v ${PWD}:/webcheckr/shared --user $(id -u):$(id -g) --group-add $(stat -c '%g' /var/run/docker.sock) --net webcheckr webcheckr [OPTIONS]

OR if setup was used

webcheckr [OPTIONS]

It is advised to make an alias of this

TODO

• Add common.txt discovery and launch tests on found URLs
• Change user agent for all the requests
  
• Add header (cookies, server version) checks
  
• Add SSL checks
  
• Add Magescan or Magento
  
• Handling of vhosts (or multiple technologies on one website such as multiple CMS). Currently, the scan doesn't launch
  
• Database storage
  
• Update cve-search docker automatically
  
• Class for each modules (cve, foundings by wappalyzer) with to_string and to_html to make it more generic
  
• Make an independent worker to give background actions to do (cms scanners)
  

  Functionality to add

• Default password checking (https://nmap.org/nsedoc/scripts/http-default-accounts.html)
  (https://github.com/NorthernSec/CVE-Scan) (CredsCheckr :))