🚓 Integrate directory busting tool gobuster #363
Description
🚓 Integrate Directory/File, DNS and VHost busting tool gobuster
Is your feature request related to a problem
As a secureCodeBox user I would like to use gobuster to find directories, subdomains, vhosts and open S3 buckets for consecutive scans.
Describe the solution you'd like
gobuster is integrated into secureCodeBox.
Describe alternatives you've considered
- dirbuster seems to be unmaintained, less performant and detects less categories of places.
- dotdotpwn is only specialized on traversing directory trees than finding new hosts and websites.
Additional context
gobuster operates either for DNS, directories, S3 buckets or vhosts and requires a wordlist in the most cases.
Steps to implement a new scanner
Hint: A general guide how to implement a new SCB scanner is documented here
- Create a new folder with the name of the scanner here
- Add a
README.gotmpland give a brief overview of the scanner and its configuration options. - Add a HelmChart and document all configuration options.
- Implement a new scanner specific
scan-type.yaml - Implement a new scanner specific
parse-definition.yaml - Add (optional) some
cascading-rules.yamllike documented here - Add (optional) a
Dockerfilefor the scanner if there is no existing one publicly available on dockerHub - Use the parser-SDK to implement a new findings parser (currently based on NodeJS)
- Add unit tests with at minimum 80% test coverage
- Add some example
scan.yamlandfinding.yamlfiles in the example folder - Implement a new integration or E2E test for the hook here