Goby+awvs realize attack surface detection

An expanding range of attacks against , Enterprises need to start from the perspective of attackers , Detect the enterprise's network assets from the outside , Also on Web In depth scanning of the site , Timely identify and deal with high-risk risks , Then it can effectively converge the attack surface .

Automatic detection of attack surface through some tools , To a certain extent, it can improve the work efficiency of safety personnel , This article shares Goby+AWVS Realize attack surface detection , Now let's learn .

Use scenarios ： Enterprise asset detection 、web Vulnerability scanning 、 Teamwork, etc .

01、Goby Server deployment

take Goby Deploy to the server to run , You can achieve unlimited scanning , Any member can share assets only by accessing the server , Conducive to team assistance .

（1） download Goby, decompression

wget https://gobies.org/goby-linux-x64-1.9.325.zip
unzip goby-linux-x64-1.9.325.zip

（2） Background operation , Output to the specified log file

# establish .sh And write the command 
/home/admin/goby-linux/golib/goby-cmd-linux -apiauth user:pass -mode api -bind 0.0.0.0:8361

# Realize screen output recording to log file 
 nohup sh goby.sh  > info.log &

（3） Local Goby client , Server management → increase , Fill in the remote server information .

02、 linkage AWVS Vulnerability scanning

（1）Goby add-in , download AWVS plug-in unit .

（2） stay Goby, Set up → Extended settings , Fill in AWVS Of API Key And address .

AWVS Of API Key Get the location as follows ：

（3） stay Goby Of Web Detection inside , See the scanned assets , You can click AWVS The button , You can start the scanning task .

（4） stay AWVS Console , You can see Goby Scanning tasks issued , And the scanning task has been completed .

（5） go back to Goby client , You can see the vulnerability scanning results , Exportable vulnerability report .