Scan Discovery Overview

Scan Discovery is a key feature of HawkScan, essential for finding vulnerabilities in your web application. It navigates and tests various paths within your application to uncover security issues. This page outlines the different methods HawkScan uses for discovery, providing clear configuration examples and links to detailed guides. Our aim is to help you understand and utilize these methods to thoroughly secure your web application.

Available Scan Discovery Methods

Base Spider

HawkScan’s spider is designed to discover your application’s routes by analyzing HTML content and following URLs. It is particularly suited for scanning server-side rendered and MVC-shaped web applications.

• Guide: HawkScan Spider Configuration

Example Configuration:

hawk:
  spider:
    base: true # basic spider utility that looks at html source files and follows urls it finds. Enabled by default.

OpenAPI

For REST APIs, using the OpenAPI specification enables comprehensive and structured scanning.

• Guide: OpenAPI Configuration
• Config Reference: OpenAPI Config Reference

Example Configuration:

app:
  openApiConf:
    path: "/openapi.yaml"
hawk:
  spider:
    base: false

GraphQL

HawkScan supports GraphQL APIs, offering a targeted scanning approach for this popular query language.

• Guide: GraphQL Configuration Guide.

Example Configuration:

app:
  graphqlConf:
    enabled: true
    schemaPath: /graphql # relative path to the introspection endpoint
    operation: QUERY
    requestMethod: POST
hawk:
  spider:
    base: false

GraphQL scanning in HawkScan enables in-depth testing of GraphQL APIs. By configuring the introspection endpoint (or schema), operation types, and request methods, HawkScan can effectively scan and analyze GraphQL-based services for vulnerabilities, ensuring thorough coverage and efficient scanning.

gRPC

HawkScan supports gRPC for scanning APIs designed with this framework.

• Guide: gRPC Configuration

Example Configuration:

app:
  grpcConf:
    path: 'localhost:9001'
hawk:
  spider:
    base: false

SOAP

For SOAP-based web services, HawkScan provides specialized scanning capabilities.

• Guide: SOAP Configuration

Example Configuration:

app:
  soapConf:
    path: /ws/features.wsdl # OR... 
    filePath: features.xsd
hawk:
  spider:
    base: false

Custom Scan Discovery

Utilize existing application testing tools to generate web traffic and proxy this into HawkScan for vulnerability analysis.

• Guide: Custom Scan Discovery

Supported Custom Scan Discovery methods:

• cURL
• Postman
• Cypress
• Playwright
• Selenium

Example Configuration:

hawk:
  spider:
    base: false
    custom:
      command:  "newman run postman_collection.json"

HAR File Discovery

HawkScan can record and read HTTP Archive (HAR) files and follow any included routes that match your app.host. You can optionally replace the host found in all of your HAR file’s routes to match your HawkScan app.host setting.

• Guide: HAR Spider Configuration

Example Configuration:

hawk:
  spider:
    base: false
    har:
      file:
        paths:
          - web-session.har