Created
May 10, 2021 19:41
-
-
Save ravilach/28aa446dd81031de006545b3288ecc9e to your computer and use it in GitHub Desktop.
StackHawk and Harness
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Docker Compose Install | |
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
sudo chmod +x /usr/local/bin/docker-compose | |
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | |
docker-compose --version |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo docker-compose up --build --detach |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Install Docker | |
https://docs.docker.com/engine/install/centos/ | |
sudo yum install -y yum-utils | |
sudo yum-config-manager \ | |
--add-repo \ | |
https://download.docker.com/linux/centos/docker-ce.repo | |
sudo yum install docker-ce docker-ce-cli containerd.io | |
sudo systemctl start docker |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Change Folder | |
cd ~/stackhawk-scans | |
#Parse Results | |
export TotalHighViolations=$(grep -i '\<Risk' scanresults.txt | grep -c -i 'High') | |
echo "Total High Violations: " $TotalHighViolations | |
#Deployment Logic | |
#Exit if High Violations Match | |
if [[ $TotalHighViolations -gt 0 ]] ; then | |
echo "High Violations Preventing Deployment" | |
exit 1 | |
else | |
echo "Moving Forward with Deployment" | |
exit 0 | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Make DIR and CD | |
mkdir -p ~/stackhawk-scans | |
cd ~/stackhawk-scans | |
#Docker Run if Needed | |
sudo docker run --rm --publish 3000:3000 --name nodeexpressvulny rlachhman/demos:stackHawk | |
#Create StackHawk.yaml | |
cat > stackhawk.yml << 'EOF' | |
# stackhawk configuration for Node App | |
app: | |
# An applicationId obtained from the StackHawk platform. | |
applicationId: ${workflow.variables.stackhawkappid} # (required) | |
# The environment for the applicationId defined in the StackHawk platform. | |
env: Production # (required) | |
# The url of your application to scan | |
host: ${workflow.variables.stackhawkhost} # (required) | |
EOF | |
#Run Scan | |
sudo docker run --rm -v $(pwd):/hawk:rw -e API_KEY=${secrets.getValue("stackhawkapikey")} -i stackhawk/hawkscan:latest stackhawk.yml 2>&1 | tee scanresults.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Install SSH Delegate | |
tar xfvz harness*.tar.gz | |
cd harness-delegate | |
./start.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Get Files | |
sudo yum install unzip | |
wget https://github.com/ravilach/vuln_node_express/archive/refs/heads/main.zip | |
unzip main.zip |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment