datasheet

Article count:948 Read by:3148873

Featured Content
Hottest Technical Articles
These 39 ports are most frequently attacked by hackers. Let’s see which ones they are?
These are some ridiculously difficult programming languages. If you learn them, I lose.
Embedded software needs to know some assembly language~
HTTP will add a new method type!
10 Advanced cURL Tips You Didn't Know
Linux software management master: learn to install and uninstall in 10 minutes, and say goodbye to the troubles of novices
List of the top 30 Internet companies
Deciphering Network Complexity: Best Practices for Linux Bridge Management
If you want to make your system beautiful, you have to choose Linux!
v8.0 was released in 1997, and v9.0 was released today. What kind of magical language is still alive?
MoreDaily News
Hot WeChat Articles
Fan Wei, Director of Tencent Medical AI Lab: Our exploration and achievements in the past year
Huawei P50: Using Qualcomm chip?
Uncovering the secrets of satellite life cycle testing
Canon CEO talks about the latest nanoimprint lithography machine: it cannot be sold to China and cannot surpass EUV
A minimalist Bootloader based on the full version of RT-Thread
Vicor Seminar in Shenzhen: The last one of 2014, various big prizes are waiting for you!
US SIA urges federal government to implement semiconductor investment
The 100 billion "Big Fund" intends to use financial leasing to provide blood transfusion for integrated circuits
60 GHz Wireless Industrial Applications
Proximity Gesture Applications in the Automotive HMI Field
Popular Articles
Intel promotes AI with multi-dimensional efforts in technology, application, and ecology
ChinaJoy Qualcomm Snapdragon Theme Pavilion takes you to experience the new changes in digital entertainment in the 5G era
Infineon's latest generation IGBT technology platform enables precise control of speed and position
Two test methods for LED lighting life
Don't Let Lightning Induced Surges Scare You
Application of brushless motor controller ML4425/4426
Easy identification of LED power supply quality
World's first integrated photovoltaic solar system completed in Israel
Sliding window mean filter for avr microcontroller AD conversion
What does call mean in the detailed explanation of ABB robot programming instructions?
Other WeChat Articles
Is PLC module development too complicated? With it, it is so easy!
ADI co-founder Ray Stata talks about "Innovation and Entrepreneurship"
Can a complete RTD module with overvoltage protection be designed?
ADI's methodology that goes beyond Moore's Law, combining innovation to build the "iron triangle" of technological innovation
Understanding 4-wire SPI in one article
ADI gives equal emphasis to environmental protection and safety, enabling the perfect integration of automotive electrification and intelligence
More than just keeping mice out, a picture shows how ToF applications can help machines see
Highly recommended! ADI continuous non-invasive blood pressure solution
ToF applications, Huoyan Yanyi...these demos are about to trigger a wave of innovation
How to become a master of advanced "magic electricity"
Devices of possible interest
25BP11-Q-4-12
2200CG6F004B3KB
SON-NS7ALF-02-32R4-F
IRFR3707TRR
CMD042PMDY00H
RP173K231A-TR
601D229F6R3HT7
1N6084D
SF04R1620DTLQ
PR135A45491BWGWS
Hot Download Recommendations
Design of DC speed control controller based on PIC16F87X series microcontroller
Single-axis accelerometer ADXL190 and its application
Matlab Tutorial
QX6001_Touch desk lamp controller with stepless dimming
Plastic surface decoration method.doc
-L6562 Power Factor Corrector Data and Application.pdf
Source code of \"cpld_fpga application technology and engineering practice\"
Design of intelligent information recorder based on AVR microcontroller
An improved fuzzy transform vein image enhancement method
FPGA device implementation of UART
Look around
Account Entry

5 vulnerability scanning tools/practical, powerful, and comprehensive (including open source)

Latest update time:2024-05-13
    Reads:

From: CSDN, author: YF Yunfei  
Link: https://blog.csdn.net/flyTie/article/details/126146332
[Vulnerability scanning] is a kind of security detection behavior, and it is also an important type of network security technology. It can effectively improve the security of the network, and vulnerability scanning is a proactive preventive measure, which can well avoid hacker attacks and achieve Nip problems in the bud. So what are some useful vulnerability scanning tools?
This article is for technical learning only.

5 tools to pack and take away!

The first one: Trivy

Overview

Trivy is an open source vulnerability scanner capable of detecting CVEs in open source software. The tool provides timely explanations of risks, allowing developers to decide whether to use the component in a container or application. Conventional container security protocols use static image scanning to find vulnerabilities, while Trivy seamlessly incorporates vulnerability scanning tools into the integrated development environment.
Project address: https://github.com/aquasecurity/trivy
In addition, because it is backed by a large open source community, many integrations and add-ons support Trivy. For example, Trivy can be installed into a Kubernetes cluster using Helm charts, and vulnerability indicators can be extracted with the help of the Prometheus exporter.

Install

Trivy installation:
It's very simple. If you have a Golang environment, you can clone the source code repository and compile and build it yourself. Or install using the distribution's package installer, such as CentOS:
sudo apt-get install wget apt-transport-https gnupg lsb-release

wget -qO - aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -

echo deb aquasecurity.github.io/trivy -repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list

sudo apt-get update

sudo apt-get install trivy
Ubuntu installation:
sudo apt-get install wget apt-transport-https gnupg lsb-release

wget -qO - aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -

echo deb aquasecurity.github.io/trivy -repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list

sudo apt-get update

sudo apt-get install trivy
Trivy also supports container deployment:
docker pull aquasec/trivy:0.20.2
Then start the container directly:
docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy:0.20.2 [YOUR_IMAGE_NAME]
If you want to scan the image on the host, you may need to mount docker.sock, for example:
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \

-v $HOME /Library/Caches:/root/.cache/ aquasec/trivy:0.20.2 python:3.4 -alpine

Second model: OpenVAS

Overview

OpenVAS is a free, full-featured open source vulnerability scanner and management system. It is licensed under the GNU General Public License and supports different operating systems including multiple Linux distributions. OpenVAS leverages an automatically updated, community-sourced vulnerability database covering more than 50,000 tests of known network vulnerabilities. That is, it can look at the entire system in great detail and test protocols with and without authentication. The vulnerability testing that has been implemented is also quite detailed and will provide an in-depth analysis of the degree of protection of computers and servers.

Install

1. Prerequisites
①. Configure the virtual machine with static IP, bridge mode, and set IPADDR. GATEWAY, NETMASK, and DNS need to be set consistent with right-click Network – Change Adapter – Ethernet Status – Detailed Information
②. Set up the virtual machine proxy and set the proxy for the virtual machine through the graphical interface. You can access the network, but you cannot use the yum source. To install openvas, you need to use the yum source and make the following modifications. Add the following sentences to /etc/yum.conf
proxy=http://10.4.200.228:8080
proxy_username=bmcc60000
proxy_password=pl,12345
③. Add in (or enter in the command line, it is temporary in the terminal) /root/.bashrc(/etc/profile)
export http_proxy="http://username:[email protected]:808"
④. If it is authenticated through IP or network card, all user, password, etc. can be ignored. When you stop using the proxy, you need to restore the environment variables and yum configuration file: unset http_proxy (remove environment variables), enter env to view the environment variables


2. Configuration steps
①. Disable selinux and restart to take effect
( #SELINUX=enforcing,
#SELINUXTYPE=targeted)
yum online installation
[root@localhost ~] #vi /etc/selinux/config
SELINUX=disabled
[root@localhost ~] #reboot
②. Turn off the firewall
systemctl stop firewalld
③.yum update
yum update -y
④. Install dependencies:
yum install -y wget bzip2 texlive net-tools alien gnutls-utils
⑤. Add warehouse
wget -q -O - http://www.atomicorp.com/installer/atomic | sh
⑥. Install openvas
yum install openvas -y

The third style: Clair

Overview

Clair is an API-based vulnerability scanner that can detect any known security vulnerabilities in the open source container layer, making it easier to create services that continuously monitor containers and find security vulnerabilities. Clair regularly collects vulnerability metadata from various sources, indexes container images, and provides an API for retrieving the signatures discovered by the images. Once vulnerability metadata is updated, users will receive an alert so that new vulnerabilities can be discovered in a timely manner from previously scanned images. In addition, Clair also provides an API that can be used to query the vulnerabilities of specific container images.

Install

1. Install the Clair environment in OpenShift
  1. Create project
  2. Create the clairv4-postgres.yaml file with the following content:
  3. Execute the command to create objects based on clairv4-postgres.yaml
  4. Create a config.yaml file with the following content:
  5. Execute the command to create the secret according to the config.yaml file
  6. Create the clair-combo.yaml file with the following content:
  7. Execute the command to create an object based on the clair-combo.yaml file
  8. View deployed resources
The detailed steps are as follows:

$ oc new-project quay-enterprise

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: clairv4-postgres
namespace: quay-enterprise
labels:
quay-component: clairv4-postgres
spec:
replicas: 1
selector:
matchLabels:
quay-component: clairv4-postgres
template:
metadata:
labels:
quay-component: clairv4-postgres
spec:
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: clairv4-postgres
containers:
- name: postgres
image: postgres:11.5
imagePullPolicy: "IfNotPresent"
resources:
limits:
cpu: '2'
memory: 6Gi
requests:
cpu: '1'
memory: 4Gi
ports:
- containerPort: 5432
env:
- name: POSTGRES_USER
value: "postgres"
- name: POSTGRES_DB
value: "clair"
- name: POSTGRES_PASSWORD
value: "postgres "
- name: PGDATA
value: "/etc/postgres/data"
volumeMounts:
- name: postgres-data
mountPath: "/etc/postgres"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: clairv4-postgres
labels:
quay -component: clairv4-postgres
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "10Gi"
volumeName: "clairv4-postgres"

$ oc create -f clairv4-postgres.yaml
$ oc expose deployment/clairv4-postgres

introspection_addr: :8089
http_listen_addr: :8080
log_level: debug
indexer:
connstring: host=clairv4-postgres port=5432 dbname=clair user=postgres password=postgres sslmode= disable
scanlock_retry: 10
layer_scan_concurrency: 5
migrations: true
matcher:
connstring: host= clairv4-postgres port=5432 dbname=clair user=postgres password=postgres sslmode= disable
max_conn_pool: 100
run: ""
migrations: true
indexer_addr: clair-indexer
notifier:
connstring: host=clairv4-postgres port=5432 dbname=clair user= postgres password=postgres sslmode= disable
delivery: 1m
poll_interval: 5m
migrations: true

$ oc create secret generic clairv4-config-secret --from-file=./config.yaml

---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
quay-component: clair-combo
name: clair-combo
spec:
replicas: 1
selector:
matchLabels:
quay-component: clair-combo
template:
metadata:
labels:
quay -component: clair-combo
spec:
containers:
- image: quay.io/projectquay/clair:4.1.0
imagePullPolicy: IfNotPresent
name: clair-combo
env:
- name: CLAIR_CONF
value: /clair/config.yaml
- name: CLAIR_MODE
value: combo
ports:
- containerPort: 8080
name: clair-http
protocol: TCP
- containerPort: 8089
name: clair-intro
protocol: TCP
volumeMounts:
- mountPath: /clair/
name: config
imagePullSecrets:
- name: redhat-pull-secret
restartPolicy: Always
volumes:
- name: config
secret:
secretName: clairv4-config-secret
---
apiVersion: v1
kind: Service
metadata:
name: clairv4
labels:
quay-component: clair-combo
spec:
ports:
- name: clair- http
port: 80
protocol: TCP
targetPort: 8080
- name: clair-introspection
port: 8089
protocol: TCP
targetPort: 8089
selector:
quay-component: clair-combo
type : ClusterIP

$ oc apply -f clair-combo.yaml
$ oc expose svc/clairv4

$ oc get all
NAME READY STATUS RESTARTS AGE
pod/clair-combo-6754dcfd75-wwbt9 1/1 Running 0 34s
pod/clairv4-postgres-b9f679dc6-fhmcs 1/1 Running 0 2m51s

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S ) AGE
service/clairv4 ClusterIP 10.217.4.159 80/TCP,8089/TCP 34s
service/clairv4-postgres ClusterIP 10.217.5.64 5432/TCP 119s

NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/clair-combo 1/1 1 1 34s
deployment.apps/clairv4-postgres 1/1 1 1 2m51s

NAME DESIRED CURRENT READY AGE
replicaset.apps/clair- combo-6754dcfd75 1 1 1 34s
replicaset.apps/clairv4-postgres-b9f679dc6 1 1 1 2m51s

NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD
route.route.openshift.io/clairv4 clairv4-quay-enterprise.crc-dzk9v-master- 0.crc.fa7bdknrdb3y.instruqt.io clairv4 clair-http None
Install Clair client
Download the Clair client from https://github.com/quay/clair/releases.
$ curl -L https://github.com/quay/clair/releases/download/v4.3.5/clairctl-linux-amd64 -o ~/clairctl
$ chmod +x clairctl
$ PATH= $PATH :~/

The fourth style: Anchore

Overview

Anchore is an open source Docker container policy compliance and static analysis tool. After activation, Anchore will automatically perform image scanning, analysis, and evaluation of container contents. The final result will be a strategic evaluation for each image and determine whether it meets business requirements. Anchore mainly discovers hidden vulnerabilities by analyzing the contents of container images. At the same time, it also scans for known vulnerabilities and ensures that the image follows the best security standards and best industry practices. Most importantly, Anchore integrates container registries and CI/CD tools.

Install

https://github.com/anchore/anchore.git [1]
anchor architecture
In the past, setting up Anchore required a dedicated installation of the Anchore Engine, which ran independently of your image build environment. A separate CLI lets you interact with the engine.
This model requires a series of CLI commands to register the image with Anchore, start the scan, and access the results. These steps advance anchoring by extracting images from the registry, generating reports, and making them available for use.
Anchore now also offers inline scanning. These give you a command to scan an image and get the results in the terminal. We will focus on this feature in this article.
Run inline script
Inline scanning is provided by a Bash script hosted on the Anchore server. Download the script to your machine and make it executable:
curl -s https://ci-tools.anchore.io/inline_scan-latest -o anchore.shchmod +x anchore.sh


Now you can start scanning the container image using an inline script:
./anchore.sh -r alpine:latest
The first scan may take a while. This script will pull the Anchore Engine Docker image, start a new Anchore instance, and configure PostgreSQL and a Docker registry instance. It then waits for the anchor engine to start.
Once the engine is running, the target Docker image will be pulled and analyzed. You will then see the security report displayed in the terminal. The script will complete by cleaning the environment and stopping the Anchore Engine Docker container.

Section 5: [Sqlmap]

Overview

Sqlmap is a penetration [testing tool], but it has the function of automatically detecting and evaluating vulnerabilities. This tool goes beyond simply discovering security vulnerabilities and exploits; it also creates detailed reports on the findings. Sqlmap is developed using Python and supports any operating system with a Python interpreter installed. It automatically identifies password hashes and uses six different methods to exploit SQL injection vulnerabilities. In addition, Sqlmap's database is very comprehensive and supports oracle, PostgreSQL, MySQL, SqlServer and access.

Install

1. Environmental requirements
Python2.7 (python3 is not supported)
2. Installation steps
Download the latest version of the sqlmap installation package from the sqlmap official website http://sqlmap.org/ [2] . The currently displayed version is 1.3.2-25, as shown in the figure below:
Unzip the downloaded installation package sqlmapproject-sqlmap-1.3.2-25-gaf890d6.zip to the directory you want to store it in and rename it. Here we take drive D as an example and rename the unzipped file to sqlmap. The directory structure after decompression is as shown below:
To verify whether the sqlmap installation is complete, you can perform the following operations to verify:
  1. Open the cmd window and enter the python installation directory (if the python environment variable is configured here, you do not need to enter this directory):
  1. Execute the following command:
python D:\sqlmap\sqlmap.py --version
  1. If the sqlmap version number is displayed, the installation is successful. As shown below:

References

[1]

https://github.com/anchore/anchore.git: https://github.com/anchore/anchore.git

[2]

htt



Spring recruitment has begun. If you are not fully prepared, it will be difficult to find a good job in spring recruitment.


I’m sending you a big employment gift package, so you can raid the spring recruitment and find a good job!


Latest articles about

Master Docker image skills: create efficient and lightweight containers 
Improving website response speed and reliability: Nginx load balancing best practices 
The Linux version of WeChat has been officially announced - developed based on Qt, starts in seconds, and provides a smooth experience, beating QQ next door? 
HTTP will add a new method type! 
Break the bottleneck! Practical methods to comprehensively improve MySQL performance 
These are some ridiculously difficult programming languages. If you learn them, I lose. 
Explain in detail why the process needs to sleep? 
Arrange files neatly! A very detailed tutorial on how to sort file contents using the Sort command in Linux 
The customer's computer broke down, so he took out the hard drive and connected it to another computer. He never expected that he did not have access permissions to access the folder. What should he do? 
Comprehensively master the Top command: common techniques and methods for system performance monitoring 

 
EEWorld WeChat Subscription

 
EEWorld WeChat Service Number

 
AutoDevelopers

About Us Customer Service Contact Information Datasheet Sitemap LatestNews

Room 1530, Zhongguancun MOOC Times Building,Block B, 18 Zhongguancun Street, Haidian District,Beijing, China Tel:(010)82350740 Postcode:100190

Copyright © 2005-2024 EEWORLD.com.cn, Inc. All rights reserved 京ICP证060456号 京ICP备10001474号-1 电信业务审批[2006]字第258号函 京公网安备 11010802033920号