HawkScan is currently in alpha. We would love to hear your feedback, and are here to help should you encounter any problems. Please drop us a line at firstname.lastname@example.org.
To scan your application effectively, it is important that HawkScan find all the paths being served by your application. By default, HawkScan will first run a web crawler or “spider” to discover all the paths of your application before running active scans. For example you will see output on the terminal that will look something like this:
[INFO] shawk 2019-10-10 17:44:20,868 Spider complete [INFO] shawk 2019-10-10 17:44:20,875 24 URLs after spiders http://localhost:3000 http://localhost:3000/about http://localhost:3000/assets http://localhost:3000/assets/account_activation.self-877aef30ae1b040ab8a3aba4e3e309a11d7f2612f44dde450b5c157aa5f95c05.js?body=1 http://localhost:3000/assets/account_activations.self-e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.css?body=1 http://localhost:3000/assets/action_cable.self-69fddfcddf4fdef9828648f9330d6ce108b93b82b0b8d3affffc59a114853451.js?body=1 http://localhost:3000/contact http://localhost:3000/help http://localhost:3000/microposts http://localhost:3000/microposts/2 http://localhost:3000/microposts/56 http://localhost:3000/microposts/8 http://localhost:3000/robots.txt http://localhost:3000/search http://localhost:3000/searchresults http://localhost:3000/sitemap.xml http://localhost:3000/users http://localhost:3000/users/1 http://localhost:3000/users/1/followers http://localhost:3000/users/1/following http://localhost:3000/users/2 http://localhost:3000/users/2/edit http://localhost:3000/users/2/followers http://localhost:3000/users/2/following Scan status Stock-Default-Policy (http://host.docker.internal:3000) [4%]
If you do not see URLs and paths that you expect your application to serve, you may need to modify your
stackhawk.yml to include form authentication or an api specification. See the
app.api configuration options for more detail.
Shoot us a note at email@example.com. We’d love to help you out.