Introduction
Welcome to our section describing our DAST scanner Probes.
Probes is a CLI application that can be configured to analyze URLs and produces detailed reports with the security vulnerabilities found.
End Users are allowed to run Probes as a Free and Open Source vulnerability detection tool.
Integrates configures and runs Probes periodically to find vulnerabilities over the surface of Fluid Attacks customers as part of the Essential plan.
Public Oath
- Probes can be used by End Users as a Free and Open Source vulnerability detection tool.
- The Probes CLI can be found on DockerHub
- It has a low rate of False Positives, meaning that it only reports vulnerabilities that have an impact.
- When the existence of a vulnerability cannot be deterministically decided, Probes will favor a False Negative over a False Positive. In other words, it will prefer failing to report a vulnerability that may have a real impact over reporting a vulnerability that may have no impact.
Architecture
- Probes is a CLI application written in Python.
- Probes CLI is published on DockerHub so anyone can use it.
- Probes CLI performs DAST analysis.
- It sends metrics data to AWS CloudWatch.
- It sends errors to Bugsnag
Contributing
Please read the contributing page first.
Development Environment
Configure your Development Environment.
When prompted for an AWS role, choose dev,
and when prompted for a Development Environment, pick probes.
Local Environment
Run this command within the universe repository:
m . /probesThis will build and run the Probes CLI application, including the changes you’ve made to the source code.
Legal
- License: mpl-2.0
- References:
Probes is made available under the MPL-2.0 License. The full license text is available at the link provided.
Testing
Probes follows the same testing process as Skims, so you can refer to that section of the documentation for help.
Debugging production errors
Probes follows the same architecture as Skims, so you can refer to that section of the documentation for help.