For more information about StackHawk see https://www.stackhawk.com
- Create an application on the StackHawk Web platform.
- Clone this repo or copy the
stackhawk-rest.ymlconfiguration file and place in the root of your project directory.
The OpenAPI Specification (AKA Swagger) is an industry-adopted standard for describing RESTful interfaces, which HawkScan can use to deliver a faster, more thorough scan.
HawkScan will use the contents of a provided OpenAPI spec to improve the quality of the scan by:
- Pre-seeding the sitemap using the routes defined in the OpenAPI spec. This can be used to complement any crawled routes or can be used instead of app spidering altogether.
- Using defined inputs to routes in the spec to inform how to communicate with the web application and gather clues on how to better attack endpoints.
HawkScan can work with OpenAPI definitions as separate files or defined inline via the stackhawk.yml.
For more help configuring OpenAPI, see our Documentation.
| Using a spec file | Using a relative URL |
|---|---|
| app: ... openApiConf: filePath: "openapi.yaml" |
app: ... openApiConf: path: /api/docs |
app:
applicationId: xxxx-XXXX-xxxx-XXXX-xxxxxxxx
env: Development
host: http://localhost:8000
autoPolicy: true
openApiConf:
path: /swagger
docker run --rm -v $(pwd):/hawk:rw -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest stackhawk-rest.ymldocker run --rm -v %cd%:/hawk -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest stackhawk-rest.ymldocker run --rm -v ${PWD}:/hawk -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest stackhawk-rest.ymldocker run --rm -v $(pwd):/hawk:rw -network host -e API_KEY=hawk.xxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxx -t stackhawk/hawkscan:latest stackhawk-rest.yml