Y
Hacker News
new
|
ask
|
show
|
jobs
by
mrlucax
2471 days ago
Is there an open source alternative that could be self-hosted and configured to run automated and periodical checks?
2 comments
smcleod
2471 days ago
While not a web or automated option - if you want to run a quick crawl and scan on your apps you could try OWASP ZAP, it also has quite a few handy plugins -
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Proje...
link
dahfizz
2471 days ago
Metasploit? You don't even need to host it (why are we so obsessed with making everything a website?)
link
Godel_unicode
2471 days ago
Metasploit isn't the best choice for webapps, you probably want nikto or similar. Here's the owasp list:
https://www.owasp.org/index.php/Category:Vulnerability_Scann...
link
kortilla
2471 days ago
The key part is automation, not a website. Make it part of your ci/cd pipeline.
link