The types of scans that webscan can conduct are constantly growing. For the most up to date listing, please see the documentation here
To learn more about webscan, please see the Documentation site for the most detailed information.
For the full list of available installation options, please see the Installation page. For convenience, here are some of the most commonly used options:
docker run methodsecurity/webscandocker run ghcr.io/method-security/webscan- Download the latest binary from the Github Releases page
- Installation documentation
# Probe targets for web applications using headless browser
webscan discover probe --targets method.security --request-method HEADLESS -o json --headless-path /headless-shell/run.sh# Capture and analyze a web page
webscan discover page --target https://method.security# Perform application fingerprinting
webscan discover application --targets https://method.security --resource-type ALL# Discover directories and files
webscan discover directory --targets https://method.security --wordlist-type directories --wordlist-size small# Enumerate WordPress plugins
webscan enumerate cms wordpress plugins --targets https://method.security# Scan for CVEs
webscan pentest application scan cve --targets https://method.security# Detect WAFs
webscan pentest waf detect --targets https://method.security --http-methods GET,POST(Reference reusable-build.yaml)
-
Build ARM64 builder image:
docker buildx build . --platform linux/arm64 --load --tag armbuilder -f Dockerfile.builder -
Build ARM64 image:
docker run -v .:/app/webscan -e GOARCH=arm64 -e GOOS=linux --rm armbuilder goreleaser build --single-target -f .goreleaser/goreleaser-build.yml --snapshot --clean -
cp dist/linux_arm64/build-linux_linux_arm64/webscan . -
docker buildx build . --platform linux/arm64 --load --tag webscan:local -f Dockerfile -
Open shell:
docker run -it --rm --entrypoint /bin/bash webscan:local -
OR run command without shell example:
docker run webscan:local discover probe --targets method.security --request-method HEADLESS -o json --headless-path /headless-shell/run.sh
If updating the fern yaml configuration you need to install Fern CLI. After installation you can execute fern generate to generate the updates.
This tool runs on a headless-shell base image to support chrome/chromium browser automation. The dockerfile uses debian-based install tools.
Interested in contributing to webscan? Please see our organization wide Contribution page.
If you're looking for an easy way to tie webscan into your broader cybersecurity workflows, or want to leverage some autonomy to improve your overall security posture, you'll love the broader Method Platform.
For more information, visit us here
webscan is a Method Security open source project.
Learn more about Method's open source source work by checking out our other projects here or our organization wide documentation here.
Have an idea for a Tool to contribute? Open a Discussion here.