René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Add WhatWeb as new scanner for fingerprinting usecases","articleBody":"## 🚓  New Scanner implementation request\r\n\u003c!--\r\nThank you for contributing to our project 🙌\r\n\r\nBefore opening a new issue, please make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead. Also, please, have a look at our FAQs and existing questions before opening a new question.\r\n--\u003e\r\n\r\n### Is your feature request related to a problem\r\n\u003c!-- Please describe a clear and concise description of what the problem is. \r\n     Use commmon user story patterns like https://en.wikipedia.org/wiki/User_story:\r\n      - As a \u003crole\u003e I can \u003ccapability\u003e, so that \u003creceive benefit\u003e\r\n      - In order to \u003creceive benefit\u003e as a \u003crole\u003e, I can \u003cgoal/desire\u003e\r\n      - As \u003cwho\u003e \u003cwhen\u003e \u003cwhere\u003e, I \u003cwant\u003e because \u003cwhy\u003e\r\n     For example... As a secureCodeBox user i'm always frustrated when [...] --\u003e\r\n\r\nAs security analyst i would like to the secureCodeBox for testing my own external attack surface. Therefore it would be helpful to add a scanner for fingerprinting HTTP Service in a more detailed way. The WhatWeb Scanners seems to be a good first candidate for that.\r\n\r\n### Describe the solution you'd like\r\n\u003c!-- A clear and concise description of what you want to happen. --\u003e\r\nIntegrate WhatWeb as new SCB scanner with cascadingScan rules matching HTTP services (AMASS -\u003e NMAP -\u003e WhatWeb). \r\n\r\n### Describe alternatives you've considered\r\n\u003c!-- A clear and concise description of any alternative solutions or features you've considered. --\u003e\r\n\r\n### Additional context\r\n\u003c!-- Add any other context or screenshots about the feature request here. --\u003e\r\n* https://www.whatweb.net/\r\n* https://github.com/urbanadventurer/WhatWeb\r\n\r\n## Steps to implement a new scanner\r\nHint: A general guide how to implement a new SCB scanner is documented [here](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner)\r\n\r\n- [x] Create a new folder with the name of the [scanner here](https://github.com/secureCodeBox/secureCodeBox/tree/master/scanners)\r\n- [x] Add a `README.gotmpl` and give a [brief overview](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/readme) of the scanner and its configuration options.\r\n- [x] Add a HelmChart and document all configuration options.\r\n- [x] Implement a new scanner specific `scan-type.yaml`\r\n- [x] Implement a new scanner specific `parse-definition.yaml`\r\n- [x] Add (optional) some `cascading-rules.yaml` like documented [here](https://docs.securecodebox.io/docs/api/crds/cascading-rule)\r\n- [x] Add (optional) a `Dockerfile` for the scanner if there is no existing one publicly available on dockerHub\r\n- [x] Use the [parser-SDK](https://github.com/secureCodeBox/secureCodeBox/tree/master/parser-sdk) to implement a new findings parser (currently based on NodeJS)\r\n- [x] Add unit tests with at minimum 80% test coverage\r\n- [x] Add some example `scan.yaml` and `finding.yaml` files in the [example folder](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/examples-dir)\r\n- [x] Implement a [new integration or E2E test](https://docs.securecodebox.io/docs/contributing/integrating-a-scanner/integration-tests) for the hook [here](https://github.com/secureCodeBox/secureCodeBox/tree/master/tests/integration)\r\n","author":{"url":"https://github.com/rfelber","@type":"Person","name":"rfelber"},"datePublished":"2021-07-30T10:45:04.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/567/secureCodeBox/issues/567"}