From d61e6600793a8a610cb0f544337b85a27ff5a301 Mon Sep 17 00:00:00 2001 From: Jeremy Choi Date: Mon, 9 Dec 2024 09:45:25 +1000 Subject: [PATCH 1/4] updated README for Nessus --- README.md | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f212106a..2014c22b 100644 --- a/README.md +++ b/README.md @@ -6,13 +6,15 @@ RapiDAST (Rapid DAST) is an open-source security testing tool that automates DAS RapiDAST provides: -- Simplified HTTP/API security scanning using [ZAP] +- Automated HTTP/API security scanning using ZAP +- Kubernetes opearator scanning using OOBTKUBE +- Automated vulnerability scanning using Nessus (requires a Nessus license and instance) - Command-line execution with yaml configuration, suitable for integration in CI/CD pipelines - Ability to run automated DAST scanning with pre-built or custom container images - HTML, JSON and XML report generation -- Integration with reporting solutions such as [OWASP DefectDojo](https://owasp.org/www-project-defectdojo/) +- Integration with Google Cloud Storage and [OWASP DefectDojo](https://owasp.org/www-project-defectdojo/) -RapiDAST is used for testing applications, and should not be used on production systems. +RapiDAST is to be used for testing purpose, and should not be used on production systems. ## Quickstart @@ -488,6 +490,26 @@ scanners: - formhandler.fields.field(0).value=default ``` +#### Nessus + +Nessus is a vulnerability scanner developed by Tenable, Inc. It helps organizations identify and address security vulnerabilities across various systems, devices, and applications. + +The following is an example to launch a scan: +```yaml +scanners: + nessus: + server: + url: https://nessus-example.com/ # URL of Nessus instance + username: foo # OR username_from_var: NESSUS_USER + password: bar # OR password_from_var: NESSUS_PASSWORD + scan: + name: test-scan # name of new scan to create + folder: test-folder # name of folder in to contain scan + policy: "py-test" # policy used for scan + # timeout: 600 # timeout in seconds to complete scan + targets: + - 127.0.0.1 +``` #### Generic scanner From 85751a6eab328c8ad946cf205d4c961fa53191bc Mon Sep 17 00:00:00 2001 From: Jeremy Bonghwan Choi Date: Mon, 9 Dec 2024 10:40:43 +1000 Subject: [PATCH 2/4] Update README.md Co-authored-by: sfowl --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2014c22b..e01b7aa8 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ RapiDAST provides: - Automated HTTP/API security scanning using ZAP - Kubernetes opearator scanning using OOBTKUBE -- Automated vulnerability scanning using Nessus (requires a Nessus license and instance) +- Automated vulnerability scanning using Nessus (requires a Nessus instance) - Command-line execution with yaml configuration, suitable for integration in CI/CD pipelines - Ability to run automated DAST scanning with pre-built or custom container images - HTML, JSON and XML report generation From 53f3592df61475c9e5627f29b72245f3e0b35e29 Mon Sep 17 00:00:00 2001 From: Jeremy Bonghwan Choi Date: Mon, 9 Dec 2024 10:40:50 +1000 Subject: [PATCH 3/4] Update README.md Co-authored-by: sfowl --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e01b7aa8..df8da7d1 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ RapiDAST provides: - HTML, JSON and XML report generation - Integration with Google Cloud Storage and [OWASP DefectDojo](https://owasp.org/www-project-defectdojo/) -RapiDAST is to be used for testing purpose, and should not be used on production systems. +RapiDAST is for testing purposes, and should not be used on production systems. ## Quickstart From c39fb3ad249875f48cc59e1721614c21c50a83e6 Mon Sep 17 00:00:00 2001 From: Jeremy Bonghwan Choi Date: Mon, 9 Dec 2024 10:42:01 +1000 Subject: [PATCH 4/4] Update README.md Co-authored-by: sfowl --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index df8da7d1..3c369f6c 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ RapiDAST (Rapid DAST) is an open-source security testing tool that automates DAS RapiDAST provides: - Automated HTTP/API security scanning using ZAP -- Kubernetes opearator scanning using OOBTKUBE +- Kubernetes operator scanning using OOBTKUBE - Automated vulnerability scanning using Nessus (requires a Nessus instance) - Command-line execution with yaml configuration, suitable for integration in CI/CD pipelines - Ability to run automated DAST scanning with pre-built or custom container images