Categories: Kali Linux

Archery – Open Source Vulnerability Assessment & Management Helps Developers & Pentesters To Perform Scans & Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. It uses popular opensource tools to perform comprehensive scanning for web application and network.

Archery Requirement

  1. Python 2.7
  2. OpenVas 8, 9
  3. OWASP ZAP 2.7.0
  4. Selenium Python Firefox Web driver

Start Application

$ python manage.py runserver 0.0.0.0:8000

Installation

$ git clone https://github.com/archerysec/archerysec.git
$ cd archerysec
$ chmod +x install.sh
$ sudo ./install.sh

Also Read BootStomp – A Bootloader Vulnerability Bug Finder

Manual Installation

$ git clone https://github.com/archerysec/archerysec.git
$ cd archerysec
$ pip install -r requirements.txt
$ python manage.py collectstatic
$ python manage.py makemigrations networkscanners
$ python manage.py makemigrations webscanners
$ python manage.py makemigrations projects
$ python manage.py makemigrations APIScan
$ python manage.py makemigrations osintscan
$ python manage.py makemigrations jiraticketing
$ python manage.py makemigrations tools
$ python manage.py makemigrations archerysettings
$ python manage.py migrate
$ python manage.py createsuperuser
$ python manage.py runserver

Note: Make sure these steps should be perform after every git pull.

Docker Installation

$ docker pull archerysec/archerysec
$ docker run -it -p 8000:8000 archerysec/archerysec:latest

# For persistence

Setting Setup

ZAP running daemon mode

Locate your ZAP startup script, and execute it using the options detailed below.

Windows :

zap.bat -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true

Others :

zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true

Zap Setting

  • Go to Setting Page
  • Edit ZAP setting or navigate URL : http://host:port/webscanners/setting_edit/
  • Fill below required information.
    Zap API Key : Leave blank if you using ZAP as daemon api.disablekey=true
    Zap API Host : Your zap API host ip or system IP Ex. 127.0.0.1 or 192.168.0.2
    Zap API Port : ZAP running port Ex. 8080

OpenVAS Setting

  • Go to setting Page
  • Edit OpenVAS setting or navigate URL : http://host:port/networkscanners/openvas_setting
  • Fill all required information and click on save.

Road Map

  • Scanners parser & Plugin
    • Nessus (XML)
    • Webinspect (XML)
    • Acunetix (XML)
    • AppScan (XML)
    • Netsparker (XML)
    • AppSpider
  • Popular Tools plugin support
    • Nmap
    • SSL Analysis
    • Nikto
    • WPScan
    • OWASP JoomScan
  • Reporting
    • PDF
    • Docx
    • XML
    • Excel
    • JSON
  • API Automated vulnerability scanning.
  • Vulnerability POC pictures.
  • Cloud Security scanning.
  • Source code review project management?
  • Fortify plugin
  • Checkmarks ? ….

R K

Recent Posts

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

12 hours ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

13 hours ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

1 day ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

2 days ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

2 days ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

1 week ago