Archery - Tool For Developers & Pentesters Scan Vulnerabilities

Categories: Kali Linux

Archery – Open Source Vulnerability Assessment & Management Helps Developers & Pentesters To Perform Scans & Manage Vulnerabilities

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities. It uses popular opensource tools to perform comprehensive scanning for web application and network.

Archery Requirement

Python 2.7
OpenVas 8, 9
OWASP ZAP 2.7.0
Selenium Python Firefox Web driver

Start Application

$ python manage.py runserver 0.0.0.0:8000

Installation

$ git clone https://github.com/archerysec/archerysec.git
$ cd archerysec
$ chmod +x install.sh
$ sudo ./install.sh

Also Read BootStomp – A Bootloader Vulnerability Bug Finder

Manual Installation

$ git clone https://github.com/archerysec/archerysec.git
$ cd archerysec
$ pip install -r requirements.txt
$ python manage.py collectstatic
$ python manage.py makemigrations networkscanners
$ python manage.py makemigrations webscanners
$ python manage.py makemigrations projects
$ python manage.py makemigrations APIScan
$ python manage.py makemigrations osintscan
$ python manage.py makemigrations jiraticketing
$ python manage.py makemigrations tools
$ python manage.py makemigrations archerysettings
$ python manage.py migrate
$ python manage.py createsuperuser
$ python manage.py runserver

Note: Make sure these steps should be perform after every git pull.

Docker Installation

$ docker pull archerysec/archerysec
$ docker run -it -p 8000:8000 archerysec/archerysec:latest

# For persistence

Setting Setup

ZAP running daemon mode

Locate your ZAP startup script, and execute it using the options detailed below.

Windows :

zap.bat -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true

Others :

zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true

Zap Setting

Go to Setting Page
Edit ZAP setting or navigate URL : http://host:port/webscanners/setting_edit/
Fill below required information.
Zap API Key : Leave blank if you using ZAP as daemon api.disablekey=true
Zap API Host : Your zap API host ip or system IP Ex. 127.0.0.1 or 192.168.0.2
Zap API Port : ZAP running port Ex. 8080

OpenVAS Setting

Go to setting Page
Edit OpenVAS setting or navigate URL : http://host:port/networkscanners/openvas_setting
Fill all required information and click on save.

Road Map

Scanners parser & Plugin
- Nessus (XML)
- Webinspect (XML)
- Acunetix (XML)
- AppScan (XML)
- Netsparker (XML)
- AppSpider
Popular Tools plugin support
- Nmap
- SSL Analysis
- Nikto
- WPScan
- OWASP JoomScan
Reporting
- PDF
- Docx
- XML
- Excel
- JSON
API Automated vulnerability scanning.
Vulnerability POC pictures.
Cloud Security scanning.
Source code review project management?
Fortify plugin
Checkmarks ? ….