Open caggle opened 5 years ago
I think for work acceptance ("here's a new host to scan") this is fine, but you may need a long-lived worker to pull from the queue for long jobs.
I've been working on this, albeit slowly. Lots of little issues with the serverless framework, albeit there is good documentation/blog posts available.
I think this is feasible, with the exception of long running tasks (e.g. directory brute-forcing).
My current plan is:
This way, we are "outsourcing" running 4 VA tasks to serverless/AWS. The rest of the tasks, such as dir brute force, ZAP scan, port scan etc. can still be handled by the vautomator client once dockerized.
With https://github.com/caggle/vautomator/commit/795aa96197c79d5fdc33f624ea0f8867ca9c2df9, currently there is validation of host, port and scheme on a given target. If all is valid, the lambda function runs a TLS Observatory scan and return its output.
Instead of returning results from the API, I should probably explore to store them in an S3 bucket for later retrieval or long term storage.
@caggle I agree with storage proposal. I also think you can avoid the cron events, and just have the lambda function post to the S3 bucket when completed.
In theory this tool is a pretty good idea to run as a serverless architecture. Investigate if this is feasible.
One caveat I can think of now would be that if AWS Lambda is used - which will be for at least demo purposes - the "function" will only run for 5 mins max. A VA is scan is likely to run much longer than that.