Zum Inhalt

Intruder Cheat Sheet

generieren

Überblick

Intruder ist ein Cloud-basierter automatisierter Sicherheitsscanner, der eine kontinuierliche Sicherheitsüberwachung für Webanwendungen, Netzwerke und Cloud-Infrastruktur ermöglicht. Es bietet intelligente Scanfähigkeiten mit minimalen falschen Positiven, automatisierter Abhilfeführung und nahtloser Integration in DevOps Workflows für proaktives Sicherheitsmanagement.

ZEIT Note: Kommerzieller Cloud-Service. Kostenloser Tier mit begrenzten Scans verfügbar. Bezahlte Pläne starten bei $99/Monat.

Erste Schritte

Kontoaufbau

```bash

Sign up process:

1. Visit intruder.io

2. Create account with email

3. Verify email address

4. Complete onboarding wizard

5. Add first target for scanning

Initial configuration steps:

- Set up organization profile

- Configure notification preferences

- Add team members and roles

- Set up integrations

- Define scanning schedules

```_

Dashboard Übersicht

```bash

Main dashboard sections:

- Vulnerability overview

- Recent scan results

- Target status monitoring

- Security score trends

- Upcoming scheduled scans

- Team activity feed

- Integration status

- Compliance reporting

```_

Zielmanagement

```bash

Add targets through web interface:

1. Navigate to "Targets" section

2. Click "Add Target"

3. Enter target details:

- Domain/IP address

- Target type (web app, network, cloud)

- Scan configuration

- Authentication details

4. Configure scan settings

5. Set up monitoring schedule

```_

Web Application Scanning

Zielkonfiguration

```bash

Web application target setup:

Target URL: https://example.com

Scan depth: Full site crawl

Authentication: Form-based/HTTP Basic/OAuth

Exclusions: /admin/, /api/internal/

Custom headers: Authorization, X-API-Key

Rate limiting: Respectful (default)

User agent: Custom or default

Advanced configuration options:

- Custom login sequences

- Multi-step authentication

- Session management

- Cookie handling

- JavaScript rendering

- Single Page Application (SPA) support

```_

Scannen von Arten und Moden

```bash

Quick Scan (15-30 minutes)

- Essential vulnerability checks

- OWASP Top 10 coverage

- Basic configuration issues

- Suitable for CI/CD integration

Full Scan (1-4 hours)

- Comprehensive vulnerability assessment

- Deep crawling and discovery

- Advanced attack simulations

- Detailed configuration analysis

Custom Scan

- User-defined test selection

- Specific vulnerability categories

- Targeted testing approach

- Compliance-focused scanning

```_

Authentication Setup

```bash

Form-based authentication configuration:

1. Login URL: https://example.com/login

2. Username field: email or username

3. Password field: password

4. Submit button: Login or Sign In

5. Success indicator: Dashboard or Welcome

6. Logout URL: https://example.com/logout

HTTP Basic Authentication:

Username: api_user

Password: secure_password

Realm: Protected Area (optional)

OAuth 2.0 Configuration:

Authorization URL: https://auth.example.com/oauth/authorize

Token URL: https://auth.example.com/oauth/token

Client ID: your_client_id

Client Secret: your_client_secret

Scope: read write admin

```_

Schwachstelle Kategorien

```bash

OWASP Top 10 Coverage:

- Injection vulnerabilities (SQL, NoSQL, LDAP, OS)

- Broken authentication and session management

- Sensitive data exposure

- XML External Entities (XXE)

- Broken access control

- Security misconfigurations

- Cross-Site Scripting (XSS)

- Insecure deserialization

- Using components with known vulnerabilities

- Insufficient logging and monitoring

Additional vulnerability checks:

- CSRF (Cross-Site Request Forgery)

- Clickjacking

- HTTP security headers

- SSL/TLS configuration

- Directory traversal

- File inclusion vulnerabilities

- Business logic flaws

- API security issues

```_

Netzwerk- und Infrastruktur-Scanning

Netzwerk Ziel Setup

```bash

Network scanning configuration:

Target range: 192.168.1.0/24

Port range: 1-65535 or common ports

Scan intensity: Light, Normal, Aggressive

Service detection: Enabled

OS fingerprinting: Enabled

Vulnerability assessment: Full

Cloud infrastructure scanning:

AWS account integration

Azure subscription scanning

Google Cloud Platform monitoring

Kubernetes cluster assessment

Docker container security

Serverless function analysis

```_

Hafen und Service Discovery

```bash

Common ports scanned:

Web services: 80, 443, 8080, 8443

SSH: 22, 2222

FTP: 21, 990

Telnet: 23

SMTP: 25, 465, 587

DNS: 53

HTTP alternatives: 8000, 8008, 9000

Database: 3306, 5432, 1433, 27017

Remote access: 3389, 5900

Service identification includes:

- Service version detection

- Banner grabbing

- Protocol analysis

- Configuration assessment

- Default credential testing

- Known vulnerability matching

```_

Infrastruktur Schwachstellen

```bash

Network vulnerability categories:

- Unpatched operating systems

- Insecure service configurations

- Default credentials

- Weak encryption protocols

- Open administrative interfaces

- Unnecessary services running

- Firewall misconfigurations

- Network segmentation issues

Cloud-specific vulnerabilities:

- Misconfigured S3 buckets

- Overprivileged IAM roles

- Unencrypted data stores

- Public database instances

- Insecure API gateways

- Container vulnerabilities

- Serverless misconfigurations

```_

Überwachung der Cloud-Sicherheit

AWS Integration

```bash

AWS account setup:

1. Create IAM role for Intruder

2. Attach security audit policies:

- SecurityAudit (AWS managed)

- ReadOnlyAccess (AWS managed)

- Custom policy for specific resources

3. Configure cross-account access

4. Add AWS account to Intruder

5. Verify permissions and connectivity

AWS services monitored:

- EC2 instances and security groups

- S3 buckets and access policies

- RDS databases and encryption

- IAM users, roles, and policies

- VPC configurations and NACLs

- CloudTrail logging setup

- Lambda function security

- API Gateway configurations

```_

Integration von Azteken

```bash

Azure subscription setup:

1. Create service principal

2. Assign Reader role to subscription

3. Grant additional permissions:

- Security Reader

- Key Vault Reader

- Storage Account Contributor (read-only)

4. Configure application registration

5. Add Azure subscription to Intruder

Azure services monitored:

- Virtual machines and NSGs

- Storage accounts and access keys

- SQL databases and firewalls

- Key Vault configurations

- Active Directory settings

- Application Gateway security

- Function App configurations

- Cosmos DB security settings

```_

Google Cloud Platform

```bash

GCP project setup:

1. Create service account

2. Assign predefined roles:

- Security Reviewer

- Compute Viewer

- Storage Object Viewer

- Cloud SQL Viewer

3. Generate and download JSON key

4. Add GCP project to Intruder

5. Verify service account permissions

GCP services monitored:

- Compute Engine instances

- Cloud Storage buckets

- Cloud SQL databases

- IAM policies and bindings

- VPC firewall rules

- Cloud Functions security

- Kubernetes Engine clusters

- API Gateway configurations

```_

kontinuierliche Überwachung und Automatisierung

Geplantes Scannen

```bash

Scan frequency options:

- Daily: High-priority targets

- Weekly: Standard monitoring

- Monthly: Comprehensive assessments

- Custom: User-defined intervals

Scheduling configuration:

Target: example.com

Scan type: Full scan

Frequency: Weekly

Day: Sunday

Time: 02:00 UTC

Timezone: UTC/Local

Notifications: Email, Slack, webhook

Scan optimization:

- Off-peak scheduling

- Resource-aware timing

- Dependency management

- Parallel scan limits

- Rate limiting controls

```_

Alarmkonfiguration

```bash

Alert severity levels:

Critical: Immediate attention required

High: Address within 24 hours

Medium: Address within 1 week

Low: Address during maintenance

Info: Awareness only

Notification channels:

Email: team@example.com

Slack: #security-alerts

Microsoft Teams: Security Team

Webhook: https://api.example.com/security/alerts

PagerDuty: Security incident escalation

Jira: Automatic ticket creation

Alert conditions:

- New vulnerabilities discovered

- Vulnerability severity increase

- Target becomes unreachable

- Scan failures or errors

- Compliance violations

- Security score degradation

```_

Integration mit DevOps Tools

```bash

CI/CD pipeline integration:

Jenkins plugin: Intruder Security Scanner

GitHub Actions: intruder-io/intruder-action

GitLab CI: Custom webhook integration

Azure DevOps: REST API integration

CircleCI: Custom orb available

API integration examples:

Trigger scan: POST /api/v1/scans

Get results: GET /api/v1/scans/{scan_id}

List vulnerabilities: GET /api/v1/vulnerabilities

Update target: PUT /api/v1/targets/{target_id}

Export report: GET /api/v1/reports/{report_id}

```_

API Nutzung und Automatisierung

Authentication

```bash

API key authentication:

1. Generate API key in dashboard

2. Include in request headers:

Authorization: Bearer YOUR_API_KEY

3. Use HTTPS for all requests

4. Rotate keys regularly

5. Monitor API usage and limits

Rate limiting:

- 1000 requests per hour (standard)

- 5000 requests per hour (premium)

- Burst allowance: 100 requests per minute

- Rate limit headers included in responses

```_

Gemeinsame API Operationen

```bash

Start a new scan

curl -X POST "https://api.intruder.io/v1/scans" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "target_id": "12345", "scan_type": "full", "priority": "normal" }'

Get scan status

curl -X GET "https://api.intruder.io/v1/scans/67890" \ -H "Authorization: Bearer YOUR_API_KEY"

List all vulnerabilities

curl -X GET "https://api.intruder.io/v1/vulnerabilities?severity=high" \ -H "Authorization: Bearer YOUR_API_KEY"

Export scan report

curl -X GET "https://api.intruder.io/v1/reports/12345?format=pdf" \ -H "Authorization: Bearer YOUR_API_KEY" \ -o "security_report.pdf" ```_

Webhook Konfiguration

```bash

Webhook setup for real-time notifications:

Endpoint URL: https://your-server.com/intruder-webhook

Secret: webhook_secret_key

Events: scan_completed, vulnerability_found, target_unreachable

Webhook payload example:

{ "event": "vulnerability_found", "timestamp": "2024-01-15T10:30:00Z", "target": { "id": "12345", "name": "example.com", "type": "web_application" }, "vulnerability": { "id": "67890", "title": "SQL Injection", "severity": "high", "cvss_score": 8.1, "description": "SQL injection vulnerability found in login form", "location": "/login.php?id=1", "remediation": "Use parameterized queries" } } ```_

Automatisierungsskripte

```python

Python automation example

import requests import json import time

class IntruderAPI: def init(self, api_key): self.api_key = api_key self.base_url = "https://api.intruder.io/v1" self.headers = { "Authorization": f"Bearer {api_key}", "Content-Type": "application/json" }

def start_scan(self, target_id, scan_type="full"):
    """Start a new security scan"""
    data = {
        "target_id": target_id,
        "scan_type": scan_type,
        "priority": "normal"
    }

    response = requests.post(
        f"{self.base_url}/scans",
        headers=self.headers,
        json=data
    )

    return response.json()

def get_scan_status(self, scan_id):
    """Get the status of a running scan"""
    response = requests.get(
        f"{self.base_url}/scans/{scan_id}",
        headers=self.headers
    )

    return response.json()

def wait_for_scan_completion(self, scan_id, timeout=3600):
    """Wait for scan to complete with timeout"""
    start_time = time.time()

    while time.time() - start_time < timeout:
        status = self.get_scan_status(scan_id)

        if status["status"] == "completed":
            return status
        elif status["status"] == "failed":
            raise Exception(f"Scan failed: {status['error']}")

        time.sleep(30)  # Check every 30 seconds

    raise TimeoutError("Scan did not complete within timeout")

def get_vulnerabilities(self, target_id=None, severity=None):
    """Get list of vulnerabilities"""
    params = {}
    if target_id:
        params["target_id"] = target_id
    if severity:
        params["severity"] = severity

    response = requests.get(
        f"{self.base_url}/vulnerabilities",
        headers=self.headers,
        params=params
    )

    return response.json()

Usage example

api = IntruderAPI("your_api_key_here")

Start scan and wait for completion

scan_result = api.start_scan("12345", "full") scan_id = scan_result["scan_id"]

print(f"Started scan {scan_id}, waiting for completion...") completed_scan = api.wait_for_scan_completion(scan_id)

Get high severity vulnerabilities

high_vulns = api.get_vulnerabilities(severity="high") print(f"Found {len(high_vulns)} high severity vulnerabilities") ```_

Reporting und Compliance

Bericht Generation

```bash

Available report formats:

- PDF: Executive and technical reports

- HTML: Interactive web reports

- CSV: Vulnerability data export

- JSON: API data format

- XML: Structured data export

Report types:

Executive Summary:

- High-level security overview

- Risk assessment summary

- Trend analysis

- Compliance status

- Recommendations

Technical Report:

- Detailed vulnerability listings

- Proof of concept details

- Remediation instructions

- CVSS scoring

- Technical references

Compliance Report:

- PCI DSS compliance

- ISO 27001 alignment

- NIST framework mapping

- SOC 2 requirements

- Custom compliance frameworks

```_

Compliance Frameworks

```bash

PCI DSS Compliance:

Requirement 6.5: Address common vulnerabilities

Requirement 11.2: Run quarterly vulnerability scans

Requirement 11.3: Perform penetration testing

ASV (Approved Scanning Vendor) certified scans

Quarterly external vulnerability scans

Annual penetration testing requirements

ISO 27001 Alignment:

A.12.6.1: Management of technical vulnerabilities

A.14.2.1: Secure development policy

A.14.2.5: Secure system engineering principles

Continuous monitoring requirements

Risk assessment integration

Documentation and evidence collection

NIST Cybersecurity Framework:

Identify: Asset and vulnerability discovery

Protect: Security control implementation

Detect: Continuous monitoring and alerting

Respond: Incident response integration

Recover: Remediation tracking and validation

```_

Berichterstattung

```bash

Report customization options:

- Company branding and logos

- Custom executive summary

- Filtered vulnerability lists

- Risk scoring methodology

- Remediation prioritization

- Trend analysis periods

- Compliance mapping

- Technical appendices

Automated report distribution:

- Scheduled report generation

- Email distribution lists

- Secure file sharing

- API-driven report delivery

- Integration with ticketing systems

- Dashboard embedding

```_

Erweiterte Funktionen

Smart Scaning Technologie

```bash

Intelligent vulnerability detection:

- Machine learning-based false positive reduction

- Context-aware vulnerability assessment

- Business logic flaw detection

- Advanced payload generation

- Evasion technique detection

- Zero-day vulnerability research

Adaptive scanning algorithms:

- Dynamic scan optimization

- Resource-aware scanning

- Application behavior learning

- Custom attack pattern recognition

- Threat intelligence integration

- Emerging vulnerability detection

```_

Threat Intelligence Integration

```bash

External threat intelligence sources:

- CVE database integration

- NIST vulnerability database

- Exploit database correlation

- Dark web monitoring

- Threat actor attribution

- IoC (Indicators of Compromise) matching

Real-time threat updates:

- New vulnerability notifications

- Exploit availability alerts

- Threat landscape changes

- Attack pattern evolution

- Remediation priority updates

- Emergency security bulletins

```_

Funktionen der Zusammenarbeit

```bash

Team collaboration tools:

- Shared vulnerability management

- Assignment and tracking

- Comment and annotation system

- Approval workflows

- Progress tracking

- Knowledge base integration

Role-based access control:

- Administrator: Full system access

- Security Manager: Scan management and reporting

- Security Analyst: Vulnerability analysis and remediation

- Developer: Assigned vulnerability access

- Auditor: Read-only compliance access

- Guest: Limited dashboard access

```_

Integrationsbeispiele

Slack Integration

```bash

Slack webhook configuration:

1. Create Slack app in workspace

2. Add incoming webhook

3. Configure webhook URL in Intruder

4. Set notification preferences

5. Test integration

Slack notification format:

Channel: #security-alerts

Message: "🚨 High severity vulnerability found on example.com"

Details: "SQL Injection in /login.php (CVSS: 8.1)"

| # Actions: "View Details | Assign | Mark as False Positive" | ```_

Jira Integration

```bash

Jira integration setup:

1. Create Jira API token

2. Configure Jira connection in Intruder

3. Map vulnerability fields to Jira fields

4. Set up automatic ticket creation rules

5. Configure status synchronization

Automatic ticket creation:

Project: SECURITY

Issue Type: Bug

Priority: Based on vulnerability severity

Assignee: Security team or developer

Labels: vulnerability, security, intruder

Description: Detailed vulnerability information

```_

SIEM Integration

```bash

SIEM integration via API:

- Real-time vulnerability feed

- Security event correlation

- Threat intelligence enrichment

- Incident response automation

- Compliance reporting

- Risk scoring integration

Splunk integration example:

Data input: HTTP Event Collector

Index: security_vulnerabilities

Source type: intruder_vulnerability

Fields: severity, target, vulnerability_type, cvss_score

Dashboards: Security posture overview

Alerts: High severity vulnerability detection

```_

CI/CD Pipeline Integration

```bash

Jenkins pipeline example:

pipeline { agent any

stages {
    stage('Security Scan') {
        steps {
            script {
                // Trigger Intruder scan
                def scanResult = sh(
                    script: """
                        curl -X POST "https://api.intruder.io/v1/scans" \
                            -H "Authorization: Bearer ${INTRUDER_API_KEY}" \
                            -H "Content-Type: application/json" \
                            -d '{"target_id": "${TARGET_ID}", "scan_type": "quick"}'
                    """,
                    returnStdout: true
                )

                def scanId = readJSON(text: scanResult).scan_id

                // Wait for scan completion
                timeout(time: 30, unit: 'MINUTES') {
                    waitUntil {
                        script {
                            def status = sh(
                                script: """
                                    curl -X GET "https://api.intruder.io/v1/scans/${scanId}" \
                                        -H "Authorization: Bearer ${INTRUDER_API_KEY}"
                                """,
                                returnStdout: true
                            )

                            def statusJson = readJSON(text: status)
                            return statusJson.status == 'completed'
                        }
                    }
                }

                // Check for high severity vulnerabilities
                def vulns = sh(
                    script: """
                        curl -X GET "https://api.intruder.io/v1/vulnerabilities?severity=high&target;_id=${TARGET_ID}" \
                            -H "Authorization: Bearer ${INTRUDER_API_KEY}"
                    """,
                    returnStdout: true
                )

                def vulnCount = readJSON(text: vulns).size()

                if (vulnCount > 0) {
                    error("High severity vulnerabilities found: ${vulnCount}")
                }
            }
        }
    }
}

} ```_

Fehlerbehebung und Best Practices

Gemeinsame Themen und Lösungen

```bash

Scan failures and timeouts:

Issue: Target unreachable during scan

Solution: Verify network connectivity and firewall rules

Check: DNS resolution, port accessibility, rate limiting

Authentication problems:

Issue: Login sequence fails during scan

Solution: Update authentication credentials

Check: Session timeout, CSRF tokens, multi-factor authentication

False positives:

Issue: Legitimate functionality flagged as vulnerability

Solution: Mark as false positive and add to exclusions

Check: Business logic understanding, custom applications

Performance impact:

Issue: Scans affecting application performance

Solution: Adjust scan intensity and timing

Check: Rate limiting, resource usage, peak hours

```_

Optimierungsstrategien

```bash

Scan performance optimization:

- Schedule scans during off-peak hours

- Use appropriate scan intensity levels

- Configure rate limiting for sensitive applications

- Implement scan result caching

- Optimize target scope and exclusions

- Monitor resource usage during scans

False positive reduction:

- Maintain accurate asset inventory

- Configure proper authentication

- Use application-specific scan profiles

- Regularly review and tune scan settings

- Implement feedback loops for accuracy

- Train team on vulnerability validation

```_

Sicherheit Best Practices

```bash

API security:

- Use strong API keys with limited scope

- Implement API key rotation policy

- Monitor API usage and access logs

- Use HTTPS for all API communications

- Implement rate limiting and throttling

- Validate webhook signatures

Data protection:

- Encrypt sensitive scan data

- Implement access controls and RBAC

- Regular security audits of Intruder usage

- Secure storage of authentication credentials

- Data retention and deletion policies

- Compliance with data protection regulations

```_

Überwachung und Wartung

```bash

Regular maintenance tasks:

- Review and update target configurations

- Validate authentication credentials

- Update scan schedules and frequencies

- Review and tune alert thresholds

- Analyze scan performance metrics

- Update integration configurations

- Review user access and permissions

- Validate compliance reporting accuracy

Performance monitoring:

- Track scan completion rates

- Monitor false positive trends

- Analyze vulnerability discovery rates

- Review remediation timelines

- Assess security posture improvements

- Monitor integration health

- Track API usage and limits

```_

Ressourcen

Dokumentation

Unterstützung und Gemeinschaft

  • [Intruder Support Portal](LINK_9 -%20Wissensbasis
  • [Gemeinschaftsforum](LINK_9

%20Schulung%20und%20Zertifizierung

-%20Intruder%20Academy - [Webinar-Serie](_LINK_9__ -%20(LINK9)