This document discusses the installation and use of domain-scan
. In
some ways the instructions are slightly specific to the DHS NCATS BOD
18-01 scanning use case, but they are easily tailored.
When installing domain-scan
, one has two options:
- Install Docker on Linux, Windows, or OSX and run the tools via a Docker container.
- Install the tools directly to a Linux host or VM.
A system with Docker installed.
Pull down the Docker image that is unofficially published to the
dhsncats
account on Docker
Hub:
docker pull dhsncats/domain-scan:latest
This Docker image comes preinstalled with
dhs-ncats/pshtt
,
dhs-ncats/trustymail
,
nabla-c0d3/sslyze
,
18F/domain-scan
, and all of
their dependencies. If you prefer, you can build the image from the
Dockerfile
that is in the root directory of the
18F/domain-scan
project.
You should always run the docker pull
command before using the
dhsncats/domain-scan:latest
container, since updated versions of the
container will be published frequently to include any updates to
[dhs-ncats/pshtt
], [dhs-ncats/trustymail
], [nabla-c0d3/sslyze
],
[18F/domain-scan
], or their dependencies.
Start the container with the arguments necessary to scan your domain(s):
docker run --volume $PWD/results:/home/scanner/results dhsncats/domain-scan:latest --scan=pshtt,trustymail,sslyze dhs.gov
Or, if for any reason you want to save the cache between runs:
docker run --volume $PWD/results:/home/scanner/results --volume $PWD/cache:/home/scanner/cache dhsncats/domain-scan:latest --scan=pshtt,trustymail,sslyze dhs.gov
- Vagrant
git
First, cd
into your work directory and clone the 18F/domain-scan
repository:
cd /your/work/directory
git clone https://github.com/18F/domain-scan.git
cd domain-scan
Next, install Vagrant from: https://vagrantup.com
Use Vagrant to build a new VM with everything installed into it:
vagrant up
To execute a scan against a domain, say dhs.gov
, simply enter the VM and run
/vagrant/scan ...
:
# SSH into the VM
vagrant ssh
# Run the scan
/vagrant/scan dhs.gov --scan=pshtt,trustymail,sslyze
When you are finished scanning, exit the virtual machine with exit
.
- A Linux host or VM
git
pyenv
First, cd
into your work directory and clone the 18F/domain-scan
repository:
cd /your/work/directory
git clone https://github.com/18F/domain-scan.git
cd domain-scan
Next, install a recent version of Python and create a clean Python virtual environment:
pyenv install 3.6.4
pyenv local 3.6.4
python -m venv venv
source venv/bin/activate
Now install the latest versions of dhs-ncats/trustymail
and
dhs-ncats/pshtt
, then install the remaining 18F/domain-scan
dependencies:
pip install --upgrade git+https://github.com/dhs-ncats/pshtt.git@develop git+https://github.com/dhs-ncats/trustymail.git@develop
pip install -r requirements.txt
Now exit the Python virtual environment and revert to the version of Python installed on your system:
deactivate
pyenv version system
To execute a scan against a domain, say dhs.gov
, simply reenter the
Python virtual environment and run domain-scan
:
cd /your/work/directory/domain-scan
source venv/bin/activate
./scan dhs.gov --scan=pshtt,trustymail,sslyze
When you are finished scanning, exit the Python virtual environment
via the deactivate
command.