Add WhatWeb as new scanner for fingerprinting usecases #567
Description
🚓 New Scanner implementation request
Is your feature request related to a problem
As security analyst i would like to the secureCodeBox for testing my own external attack surface. Therefore it would be helpful to add a scanner for fingerprinting HTTP Service in a more detailed way. The WhatWeb Scanners seems to be a good first candidate for that.
Describe the solution you'd like
Integrate WhatWeb as new SCB scanner with cascadingScan rules matching HTTP services (AMASS -> NMAP -> WhatWeb).
Describe alternatives you've considered
Additional context
Steps to implement a new scanner
Hint: A general guide how to implement a new SCB scanner is documented here
- Create a new folder with the name of the scanner here
- Add a
README.gotmpland give a brief overview of the scanner and its configuration options. - Add a HelmChart and document all configuration options.
- Implement a new scanner specific
scan-type.yaml - Implement a new scanner specific
parse-definition.yaml - Add (optional) some
cascading-rules.yamllike documented here - Add (optional) a
Dockerfilefor the scanner if there is no existing one publicly available on dockerHub - Use the parser-SDK to implement a new findings parser (currently based on NodeJS)
- Add unit tests with at minimum 80% test coverage
- Add some example
scan.yamlandfinding.yamlfiles in the example folder - Implement a new integration or E2E test for the hook here