You can use the Integrated Vulnerability Scanner to offer PTaaS, DAST, & attack surface management. The integrated vulnerability scanner is reNgine.
Activation
This is an Add-on, please contact us to activate.
Once activated, you can enable it in the continuous project. read more about continuous projects.
Starting a Scan
To start a new scan, you press the "Start Scan" button in the Runs tab.
This will trigger the scanner to start a on-demand scan for the Assets in scope.
The scanner will target the hostname field of your assets.
The scanner is running from the following IP: 104.26.4.11
You may need to allow this IP in the targets firewall for better results.
Schedule and On-demand Scans
You can activate the Schedule Scan for weekly automated scans:
Report Generation
You can trigger a report generation per scan, by activating the following setting:
reNgine Scanner
reNgine has advanced reconnaissance capabilities, harnessing a range of open-source tools to deliver a comprehensive web application reconnaissance experience. More information
Configuration
The following tools are included in the Standard reNgine configuration:
- Nuclei Scan
- Dalfox XSS Scan
- CRLFuzz
- Port scan
The following tools are not activated:
- OSINT
- Subdomain discovery
Self hosted reNgine
If you have your own reNgine instance, you can select what scan engines and project is exposed to Cyver while configuring the integration.
To know what is the slug of your project, navigate to /projects and check the information on the table:
To know what is the Id of the Scan Engine, navigate to your reNgine portal and go to the Scan Engines list. Click on the arrow icon (edit) and you'll have the Id on the URL.
E.g.: .../scanEngine/{project slug}/update/1
The scan engine can be selected on the Project Template or Project settings.