Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

updated README for Nessus #271

Merged
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 25 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,15 @@ RapiDAST (Rapid DAST) is an open-source security testing tool that automates DAS

RapiDAST provides:

- Simplified HTTP/API security scanning using [ZAP]
- Automated HTTP/API security scanning using ZAP
- Kubernetes opearator scanning using OOBTKUBE
jeremychoi marked this conversation as resolved.
Show resolved Hide resolved
- Automated vulnerability scanning using Nessus (requires a Nessus license and instance)
jeremychoi marked this conversation as resolved.
Show resolved Hide resolved
- Command-line execution with yaml configuration, suitable for integration in CI/CD pipelines
- Ability to run automated DAST scanning with pre-built or custom container images
- HTML, JSON and XML report generation
- Integration with reporting solutions such as [OWASP DefectDojo](https://owasp.org/www-project-defectdojo/)
- Integration with Google Cloud Storage and [OWASP DefectDojo](https://owasp.org/www-project-defectdojo/)

RapiDAST is used for testing applications, and should not be used on production systems.
RapiDAST is to be used for testing purpose, and should not be used on production systems.
jeremychoi marked this conversation as resolved.
Show resolved Hide resolved

## Quickstart

Expand Down Expand Up @@ -488,6 +490,26 @@ scanners:
- formhandler.fields.field(0).value=default
```

#### Nessus

Nessus is a vulnerability scanner developed by Tenable, Inc. It helps organizations identify and address security vulnerabilities across various systems, devices, and applications.

The following is an example to launch a scan:
```yaml
scanners:
nessus:
server:
url: https://nessus-example.com/ # URL of Nessus instance
username: foo # OR username_from_var: NESSUS_USER
password: bar # OR password_from_var: NESSUS_PASSWORD
scan:
name: test-scan # name of new scan to create
folder: test-folder # name of folder in to contain scan
policy: "py-test" # policy used for scan
# timeout: 600 # timeout in seconds to complete scan
targets:
- 127.0.0.1
```

#### Generic scanner

Expand Down
Loading