Feuille de chaleur de l'intrus
Aperçu général
Intrus est un scanner de vulnérabilité automatisé basé sur le cloud qui fournit une surveillance de sécurité continue pour les applications Web, les réseaux et l'infrastructure cloud. Il offre des capacités de numérisation intelligentes avec un minimum de faux positifs, des conseils automatisés d'assainissement et une intégration transparente dans les workflows de DevOps pour une gestion proactive de la sécurité.
C'est pas vrai. Note: Service de cloud commercial. Niveau gratuit disponible avec des scans limités. Les régimes payés commencent à $99/mois.
Commencer
Configuration du compte
# Sign up process:
# 1. Visit intruder.io
# 2. Create account with email
# 3. Verify email address
# 4. Complete onboarding wizard
# 5. Add first target for scanning
# Initial configuration steps:
# - Set up organization profile
# - Configure notification preferences
# - Add team members and roles
# - Set up integrations
# - Define scanning schedules
Tableau de bord
# Main dashboard sections:
# - Vulnerability overview
# - Recent scan results
# - Target status monitoring
# - Security score trends
# - Upcoming scheduled scans
# - Team activity feed
# - Integration status
# - Compliance reporting
```_
### Gestion des objectifs
```bash
# Add targets through web interface:
# 1. Navigate to "Targets" section
# 2. Click "Add Target"
# 3. Enter target details:
# - Domain/IP address
# - Target type (web app, network, cloud)
# - Scan configuration
# - Authentication details
# 4. Configure scan settings
# 5. Set up monitoring schedule
```_
## Analyse des applications Web
### Configuration de la cible
```bash
# Web application target setup:
# Target URL: https://example.com
# Scan depth: Full site crawl
# Authentication: Form-based/HTTP Basic/OAuth
# Exclusions: /admin/*, /api/internal/*
# Custom headers: Authorization, X-API-Key
# Rate limiting: Respectful (default)
# User agent: Custom or default
# Advanced configuration options:
# - Custom login sequences
# - Multi-step authentication
# - Session management
# - Cookie handling
# - JavaScript rendering
# - Single Page Application (SPA) support
Types et modes d'analyse
# Quick Scan (15-30 minutes)
# - Essential vulnerability checks
# - OWASP Top 10 coverage
# - Basic configuration issues
# - Suitable for CI/CD integration
# Full Scan (1-4 hours)
# - Comprehensive vulnerability assessment
# - Deep crawling and discovery
# - Advanced attack simulations
# - Detailed configuration analysis
# Custom Scan
# - User-defined test selection
# - Specific vulnerability categories
# - Targeted testing approach
# - Compliance-focused scanning
Configuration de l'authentification
# Form-based authentication configuration:
# 1. Login URL: https://example.com/login
# 2. Username field: email or username
# 3. Password field: password
# 4. Submit button: Login or Sign In
# 5. Success indicator: Dashboard or Welcome
# 6. Logout URL: https://example.com/logout
# HTTP Basic Authentication:
# Username: api_user
# Password: secure_password
# Realm: Protected Area (optional)
# OAuth 2.0 Configuration:
# Authorization URL: https://auth.example.com/oauth/authorize
# Token URL: https://auth.example.com/oauth/token
# Client ID: your_client_id
# Client Secret: your_client_secret
# Scope: read write admin
Catégories de vulnérabilité
# OWASP Top 10 Coverage:
# - Injection vulnerabilities (SQL, NoSQL, LDAP, OS)
# - Broken authentication and session management
# - Sensitive data exposure
# - XML External Entities (XXE)
# - Broken access control
# - Security misconfigurations
# - Cross-Site Scripting (XSS)
# - Insecure deserialization
# - Using components with known vulnerabilities
# - Insufficient logging and monitoring
# Additional vulnerability checks:
# - CSRF (Cross-Site Request Forgery)
# - Clickjacking
# - HTTP security headers
# - SSL/TLS configuration
# - Directory traversal
# - File inclusion vulnerabilities
# - Business logic flaws
# - API security issues
Analyse des réseaux et des infrastructures
Configuration des cibles réseau
# Network scanning configuration:
# Target range: 192.168.1.0/24
# Port range: 1-65535 or common ports
# Scan intensity: Light, Normal, Aggressive
# Service detection: Enabled
# OS fingerprinting: Enabled
# Vulnerability assessment: Full
# Cloud infrastructure scanning:
# AWS account integration
# Azure subscription scanning
# Google Cloud Platform monitoring
# Kubernetes cluster assessment
# Docker container security
# Serverless function analysis
Découverte du port et du service
# Common ports scanned:
# Web services: 80, 443, 8080, 8443
# SSH: 22, 2222
# FTP: 21, 990
# Telnet: 23
# SMTP: 25, 465, 587
# DNS: 53
# HTTP alternatives: 8000, 8008, 9000
# Database: 3306, 5432, 1433, 27017
# Remote access: 3389, 5900
# Service identification includes:
# - Service version detection
# - Banner grabbing
# - Protocol analysis
# - Configuration assessment
# - Default credential testing
# - Known vulnerability matching
Vulnérabilité des infrastructures
# Network vulnerability categories:
# - Unpatched operating systems
# - Insecure service configurations
# - Default credentials
# - Weak encryption protocols
# - Open administrative interfaces
# - Unnecessary services running
# - Firewall misconfigurations
# - Network segmentation issues
# Cloud-specific vulnerabilities:
# - Misconfigured S3 buckets
# - Overprivileged IAM roles
# - Unencrypted data stores
# - Public database instances
# - Insecure API gateways
# - Container vulnerabilities
# - Serverless misconfigurations
Surveillance de la sécurité en nuage
Intégration AWS
# AWS account setup:
# 1. Create IAM role for Intruder
# 2. Attach security audit policies:
# - SecurityAudit (AWS managed)
# - ReadOnlyAccess (AWS managed)
# - Custom policy for specific resources
# 3. Configure cross-account access
# 4. Add AWS account to Intruder
# 5. Verify permissions and connectivity
# AWS services monitored:
# - EC2 instances and security groups
# - S3 buckets and access policies
# - RDS databases and encryption
# - IAM users, roles, and policies
# - VPC configurations and NACLs
# - CloudTrail logging setup
# - Lambda function security
# - API Gateway configurations
Intégration Azure
# Azure subscription setup:
# 1. Create service principal
# 2. Assign Reader role to subscription
# 3. Grant additional permissions:
# - Security Reader
# - Key Vault Reader
# - Storage Account Contributor (read-only)
# 4. Configure application registration
# 5. Add Azure subscription to Intruder
# Azure services monitored:
# - Virtual machines and NSGs
# - Storage accounts and access keys
# - SQL databases and firewalls
# - Key Vault configurations
# - Active Directory settings
# - Application Gateway security
# - Function App configurations
# - Cosmos DB security settings
Plateforme Google Cloud
# GCP project setup:
# 1. Create service account
# 2. Assign predefined roles:
# - Security Reviewer
# - Compute Viewer
# - Storage Object Viewer
# - Cloud SQL Viewer
# 3. Generate and download JSON key
# 4. Add GCP project to Intruder
# 5. Verify service account permissions
# GCP services monitored:
# - Compute Engine instances
# - Cloud Storage buckets
# - Cloud SQL databases
# - IAM policies and bindings
# - VPC firewall rules
# - Cloud Functions security
# - Kubernetes Engine clusters
# - API Gateway configurations
Surveillance continue et automatisation
Balayage programmé
# Scan frequency options:
# - Daily: High-priority targets
# - Weekly: Standard monitoring
# - Monthly: Comprehensive assessments
# - Custom: User-defined intervals
# Scheduling configuration:
# Target: example.com
# Scan type: Full scan
# Frequency: Weekly
# Day: Sunday
# Time: 02:00 UTC
# Timezone: UTC/Local
# Notifications: Email, Slack, webhook
# Scan optimization:
# - Off-peak scheduling
# - Resource-aware timing
# - Dependency management
# - Parallel scan limits
# - Rate limiting controls
Configuration de l'alerte
# Alert severity levels:
# Critical: Immediate attention required
# High: Address within 24 hours
# Medium: Address within 1 week
# Low: Address during maintenance
# Info: Awareness only
# Notification channels:
# Email: team@example.com
# Slack: #security-alerts
# Microsoft Teams: Security Team
# Webhook: https://api.example.com/security/alerts
# PagerDuty: Security incident escalation
# Jira: Automatic ticket creation
# Alert conditions:
# - New vulnerabilities discovered
# - Vulnerability severity increase
# - Target becomes unreachable
# - Scan failures or errors
# - Compliance violations
# - Security score degradation
Intégration avec les outils DevOps
# CI/CD pipeline integration:
# Jenkins plugin: Intruder Security Scanner
# GitHub Actions: intruder-io/intruder-action
# GitLab CI: Custom webhook integration
# Azure DevOps: REST API integration
# CircleCI: Custom orb available
# API integration examples:
# Trigger scan: POST /api/v1/scans
# Get results: GET /api/v1/scans/{scan_id}
# List vulnerabilities: GET /api/v1/vulnerabilities
# Update target: PUT /api/v1/targets/{target_id}
# Export report: GET /api/v1/reports/{report_id}
Utilisation et automatisation de l'API
Authentification
# API key authentication:
# 1. Generate API key in dashboard
# 2. Include in request headers:
# Authorization: Bearer YOUR_API_KEY
# 3. Use HTTPS for all requests
# 4. Rotate keys regularly
# 5. Monitor API usage and limits
# Rate limiting:
# - 1000 requests per hour (standard)
# - 5000 requests per hour (premium)
# - Burst allowance: 100 requests per minute
# - Rate limit headers included in responses
API courante Opérations
# Start a new scan
curl -X POST "https://api.intruder.io/v1/scans" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"target_id": "12345",
"scan_type": "full",
"priority": "normal"
}'
# Get scan status
curl -X GET "https://api.intruder.io/v1/scans/67890" \
-H "Authorization: Bearer YOUR_API_KEY"
# List all vulnerabilities
curl -X GET "https://api.intruder.io/v1/vulnerabilities?severity=high" \
-H "Authorization: Bearer YOUR_API_KEY"
# Export scan report
curl -X GET "https://api.intruder.io/v1/reports/12345?format=pdf" \
-H "Authorization: Bearer YOUR_API_KEY" \
-o "security_report.pdf"
Configuration de Webhook
# Webhook setup for real-time notifications:
# Endpoint URL: https://your-server.com/intruder-webhook
# Secret: webhook_secret_key
# Events: scan_completed, vulnerability_found, target_unreachable
# Webhook payload example:
{
"event": "vulnerability_found",
"timestamp": "2024-01-15T10:30:00Z",
"target": {
"id": "12345",
"name": "example.com",
"type": "web_application"
},
"vulnerability": {
"id": "67890",
"title": "SQL Injection",
"severity": "high",
"cvss_score": 8.1,
"description": "SQL injection vulnerability found in login form",
"location": "/login.php?id=1",
"remediation": "Use parameterized queries"
}
}
Scripts d'automatisation
# Python automation example
import requests
import json
import time
class IntruderAPI:
def __init__(self, api_key):
self.api_key = api_key
self.base_url = "https://api.intruder.io/v1"
self.headers = {
"Authorization": f"Bearer {api_key}",
"Content-Type": "application/json"
}
def start_scan(self, target_id, scan_type="full"):
"""Start a new security scan"""
data = {
"target_id": target_id,
"scan_type": scan_type,
"priority": "normal"
}
response = requests.post(
f"{self.base_url}/scans",
headers=self.headers,
json=data
)
return response.json()
def get_scan_status(self, scan_id):
"""Get the status of a running scan"""
response = requests.get(
f"{self.base_url}/scans/{scan_id}",
headers=self.headers
)
return response.json()
def wait_for_scan_completion(self, scan_id, timeout=3600):
"""Wait for scan to complete with timeout"""
start_time = time.time()
while time.time() - start_time < timeout:
status = self.get_scan_status(scan_id)
if status["status"] == "completed":
return status
elif status["status"] == "failed":
raise Exception(f"Scan failed: {status['error']}")
time.sleep(30) # Check every 30 seconds
raise TimeoutError("Scan did not complete within timeout")
def get_vulnerabilities(self, target_id=None, severity=None):
"""Get list of vulnerabilities"""
params = {}
if target_id:
params["target_id"] = target_id
if severity:
params["severity"] = severity
response = requests.get(
f"{self.base_url}/vulnerabilities",
headers=self.headers,
params=params
)
return response.json()
# Usage example
api = IntruderAPI("your_api_key_here")
# Start scan and wait for completion
scan_result = api.start_scan("12345", "full")
scan_id = scan_result["scan_id"]
print(f"Started scan {scan_id}, waiting for completion...")
completed_scan = api.wait_for_scan_completion(scan_id)
# Get high severity vulnerabilities
high_vulns = api.get_vulnerabilities(severity="high")
print(f"Found {len(high_vulns)} high severity vulnerabilities")
Rapports et conformité
Production de rapports
# Available report formats:
# - PDF: Executive and technical reports
# - HTML: Interactive web reports
# - CSV: Vulnerability data export
# - JSON: API data format
# - XML: Structured data export
# Report types:
# Executive Summary:
# - High-level security overview
# - Risk assessment summary
# - Trend analysis
# - Compliance status
# - Recommendations
# Technical Report:
# - Detailed vulnerability listings
# - Proof of concept details
# - Remediation instructions
# - CVSS scoring
# - Technical references
# Compliance Report:
# - PCI DSS compliance
# - ISO 27001 alignment
# - NIST framework mapping
# - SOC 2 requirements
# - Custom compliance frameworks
Cadres de conformité
# PCI DSS Compliance:
# Requirement 6.5: Address common vulnerabilities
# Requirement 11.2: Run quarterly vulnerability scans
# Requirement 11.3: Perform penetration testing
# ASV (Approved Scanning Vendor) certified scans
# Quarterly external vulnerability scans
# Annual penetration testing requirements
# ISO 27001 Alignment:
# A.12.6.1: Management of technical vulnerabilities
# A.14.2.1: Secure development policy
# A.14.2.5: Secure system engineering principles
# Continuous monitoring requirements
# Risk assessment integration
# Documentation and evidence collection
# NIST Cybersecurity Framework:
# Identify: Asset and vulnerability discovery
# Protect: Security control implementation
# Detect: Continuous monitoring and alerting
# Respond: Incident response integration
# Recover: Remediation tracking and validation
Rapports personnalisés
# Report customization options:
# - Company branding and logos
# - Custom executive summary
# - Filtered vulnerability lists
# - Risk scoring methodology
# - Remediation prioritization
# - Trend analysis periods
# - Compliance mapping
# - Technical appendices
# Automated report distribution:
# - Scheduled report generation
# - Email distribution lists
# - Secure file sharing
# - API-driven report delivery
# - Integration with ticketing systems
# - Dashboard embedding
Caractéristiques avancées
Technologie de numérisation intelligente
# Intelligent vulnerability detection:
# - Machine learning-based false positive reduction
# - Context-aware vulnerability assessment
# - Business logic flaw detection
# - Advanced payload generation
# - Evasion technique detection
# - Zero-day vulnerability research
# Adaptive scanning algorithms:
# - Dynamic scan optimization
# - Resource-aware scanning
# - Application behavior learning
# - Custom attack pattern recognition
# - Threat intelligence integration
# - Emerging vulnerability detection
Renseignements sur les menaces Intégration
# External threat intelligence sources:
# - CVE database integration
# - NIST vulnerability database
# - Exploit database correlation
# - Dark web monitoring
# - Threat actor attribution
# - IoC (Indicators of Compromise) matching
# Real-time threat updates:
# - New vulnerability notifications
# - Exploit availability alerts
# - Threat landscape changes
# - Attack pattern evolution
# - Remediation priority updates
# - Emergency security bulletins
Caractéristiques de la collaboration
# Team collaboration tools:
# - Shared vulnerability management
# - Assignment and tracking
# - Comment and annotation system
# - Approval workflows
# - Progress tracking
# - Knowledge base integration
# Role-based access control:
# - Administrator: Full system access
# - Security Manager: Scan management and reporting
# - Security Analyst: Vulnerability analysis and remediation
# - Developer: Assigned vulnerability access
# - Auditor: Read-only compliance access
# - Guest: Limited dashboard access
Exemples d'intégration
Intégration Slack
# Slack webhook configuration:
# 1. Create Slack app in workspace
# 2. Add incoming webhook
# 3. Configure webhook URL in Intruder
# 4. Set notification preferences
# 5. Test integration
# Slack notification format:
# Channel: #security-alerts
# Message: "🚨 High severity vulnerability found on example.com"
# Details: "SQL Injection in /login.php (CVSS: 8.1)"
# Actions: "View Details | Assign | Mark as False Positive"
Intégration Jira
# Jira integration setup:
# 1. Create Jira API token
# 2. Configure Jira connection in Intruder
# 3. Map vulnerability fields to Jira fields
# 4. Set up automatic ticket creation rules
# 5. Configure status synchronization
# Automatic ticket creation:
# Project: SECURITY
# Issue Type: Bug
# Priority: Based on vulnerability severity
# Assignee: Security team or developer
# Labels: vulnerability, security, intruder
# Description: Detailed vulnerability information
SIEM Intégration
# SIEM integration via API:
# - Real-time vulnerability feed
# - Security event correlation
# - Threat intelligence enrichment
# - Incident response automation
# - Compliance reporting
# - Risk scoring integration
# Splunk integration example:
# Data input: HTTP Event Collector
# Index: security_vulnerabilities
# Source type: intruder_vulnerability
# Fields: severity, target, vulnerability_type, cvss_score
# Dashboards: Security posture overview
# Alerts: High severity vulnerability detection
Intégration des pipelines CI/CD
# Jenkins pipeline example:
pipeline {
agent any
stages {
stage('Security Scan') {
steps {
script {
// Trigger Intruder scan
def scanResult = sh(
script: """
curl -X POST "https://api.intruder.io/v1/scans" \
-H "Authorization: Bearer ${INTRUDER_API_KEY}" \
-H "Content-Type: application/json" \
-d '{"target_id": "${TARGET_ID}", "scan_type": "quick"}'
""",
returnStdout: true
)
def scanId = readJSON(text: scanResult).scan_id
// Wait for scan completion
timeout(time: 30, unit: 'MINUTES') {
waitUntil {
script {
def status = sh(
script: """
curl -X GET "https://api.intruder.io/v1/scans/${scanId}" \
-H "Authorization: Bearer ${INTRUDER_API_KEY}"
""",
returnStdout: true
)
def statusJson = readJSON(text: status)
return statusJson.status == 'completed'
}
}
}
// Check for high severity vulnerabilities
def vulns = sh(
script: """
curl -X GET "https://api.intruder.io/v1/vulnerabilities?severity=high&target_id=${TARGET_ID}" \
-H "Authorization: Bearer ${INTRUDER_API_KEY}"
""",
returnStdout: true
)
def vulnCount = readJSON(text: vulns).size()
if (vulnCount > 0) {
error("High severity vulnerabilities found: ${vulnCount}")
}
}
}
}
}
}
Dépannage et meilleures pratiques
Questions et solutions communes
# Scan failures and timeouts:
# Issue: Target unreachable during scan
# Solution: Verify network connectivity and firewall rules
# Check: DNS resolution, port accessibility, rate limiting
# Authentication problems:
# Issue: Login sequence fails during scan
# Solution: Update authentication credentials
# Check: Session timeout, CSRF tokens, multi-factor authentication
# False positives:
# Issue: Legitimate functionality flagged as vulnerability
# Solution: Mark as false positive and add to exclusions
# Check: Business logic understanding, custom applications
# Performance impact:
# Issue: Scans affecting application performance
# Solution: Adjust scan intensity and timing
# Check: Rate limiting, resource usage, peak hours
Stratégies d'optimisation
# Scan performance optimization:
# - Schedule scans during off-peak hours
# - Use appropriate scan intensity levels
# - Configure rate limiting for sensitive applications
# - Implement scan result caching
# - Optimize target scope and exclusions
# - Monitor resource usage during scans
# False positive reduction:
# - Maintain accurate asset inventory
# - Configure proper authentication
# - Use application-specific scan profiles
# - Regularly review and tune scan settings
# - Implement feedback loops for accuracy
# - Train team on vulnerability validation
Pratiques exemplaires en matière de sécurité
# API security:
# - Use strong API keys with limited scope
# - Implement API key rotation policy
# - Monitor API usage and access logs
# - Use HTTPS for all API communications
# - Implement rate limiting and throttling
# - Validate webhook signatures
# Data protection:
# - Encrypt sensitive scan data
# - Implement access controls and RBAC
# - Regular security audits of Intruder usage
# - Secure storage of authentication credentials
# - Data retention and deletion policies
# - Compliance with data protection regulations
Surveillance et entretien
# Regular maintenance tasks:
# - Review and update target configurations
# - Validate authentication credentials
# - Update scan schedules and frequencies
# - Review and tune alert thresholds
# - Analyze scan performance metrics
# - Update integration configurations
# - Review user access and permissions
# - Validate compliance reporting accuracy
# Performance monitoring:
# - Track scan completion rates
# - Monitor false positive trends
# - Analyze vulnerability discovery rates
# - Review remediation timelines
# - Assess security posture improvements
# - Monitor integration health
# - Track API usage and limits
Ressources
Documentation
- Documentation d'intrus
- [Référence API] (LINK_9)
- [Guides d'intégration] (LINK_9)
Soutien et Communauté
- [Portail de soutien aux intrus] (LINK_9)
- [Base de connaissances] (LINK_9)
- [Forum communautaire] (LINK_9)
Formation et certification
- [Académie d'intrus] (LINK_9)
- [Série Webinaire] (LINK_9)
- [Guide des meilleures pratiques] (LINK_9)