Revok-scanner/revok
Fork: 13 Star: 17 (更新于 1970-01-01 00:00:00)
license: AGPL-3.0
Language: Ruby .
Revok is an online self-service web application security scanner, finding common web security issues with minimal cost.
最后发布版本: v0.8.1 ( 2015-02-11 10:14:05)
Revok
Introduction
Revok is an online self-service web app security scanner, finding common web security issues with minimal cost. If you are unsure of the security of your application, enter its URL into the Revok scanner and a diagnosis of the sites security will follow. Copyright © 2014 Revok Team, released under the GNU AGPLv3.
Download
The binary version which has self-contained operating environment can be downloaded from Revok homepage. The source code can be cloned from Revok git repo.
Architecture overview
Components
Revok consists of the following components. They can be deployed in both centralized (single node) and distributed (multiple nodes) environment.
-
Web console
Revok web console provides the user interface for submitting scan tasks. -
REST API
Revok REST APIs are defined to receive and handle requests from the web console. -
Messaging server
Messaging server stores scan requests and distributes them to Caroline nodes. When requests were received, new messages would be produced and kept in a queue until Caroline nodes consume messages from the queue. -
Caroline nodes
Revok Caroline nodes (working nodes) run scans with a group of testing modules and generate final scan reports. -
Database
Details for all scan tasks are recorded in the database. It can be used for data query or statistic.
Communication among components
The messaging flow among Revok components is as below.
Quick start guide (all in one)
Step 1: download and decompress the binary package
$ wget http://example.com
$ tar xJvf revok-0.8.1_x86_64.tar.xz
Step 2: initialize Revok
$ cd revok-0.8.1_x86_64
$ ./revokd init
Step 3: run Revok
$ ./revokd start
Other commands for revokd:
$ ./revokd
Usage: ./revokd {init|start|stop|status|restart}
Step 4: access the web console to submit a scan at http://localhost:3030
Use Revok to scan a target
Step 1: input a target URL to be scanned
Step 2: provide authentication information
Step 3: confirm and submit
Step 4: monitor scan progress from log file (var/log/carolined.log) and check report (report/report_$time.html) when scan is finished
Deploy Revok with source code
You can deploy web console, REST API server, messaging server, Caroline nodes (working nodes) and database server on the same host or separated hosts. In addition, you can add more than one working nodes to support parallel scans. Please refer to the installation guide for detailed steps to deploy Revok with source code.
Documents
Find more documents in docs directory.
Issues tracker
Issues for Revok is listed at issues page.
Contact us
-
Mailing lists
revok-scanner-users@googlegroups.com (for users) revok-scanner-devel@googlegroups.com (for developers) revok-scanner-announce@googlegroups.com (for release announcement) -
IRC discussion
#revok-scanner
(irc.freenode.net/6665)
最近版本更新:(数据更新于 1970-01-01 00:00:00)
2015-02-11 10:14:05 v0.8.1
2014-12-16 16:04:10 v0.8.0
2014-11-10 12:56:56 v0.7.6
Revok-scanner/revok同语言 Ruby最近更新仓库
2024-10-25 21:50:52 maybe-finance/maybe
2024-10-15 12:03:41 capistrano/sshkit
2024-10-07 22:52:44 sous-chefs/postgresql
2024-10-06 00:01:30 rails/solid_queue
2024-09-26 23:26:21 dependabot/dependabot-core
2024-09-25 05:46:55 sparklemotion/sqlite3-ruby