The scanners are available for use as follows:
Currently, you may use these standalone scanners:
Fluid Attacks' scanners' CLIs follow this structure:
CLI_NAME [GLOBAL_OPTIONS] COMMAND [ARGUMENTS]
CLI_NAME
with the scanner's identifier as follows:skims
: SAST CLIspots
: SCA CLIprobes
: DAST CLIflags
: CSPM CLIinspects
: APK CLIUse the --help
flag to get information about the tool's usage and a description of each available argument.
Examples:
skims --help
For the DAST CLI:
probes --help
Use the --strict
flag to run the scanner in strict mode. This means the execution will fail (with an exit code 1) if it finds any vulnerabilities in your targets. This is ideal for using the scanner as a CI/CD job.
Example (replace path/to/config.yaml
with the actual path to your configuration file, if using one):
skims --strict scan path/to/config.yaml
All of Fluid Attacks' scanners have one command option: scan
skims scan /my-dir
Use this to perform DAST scans with the DAST CLI:
probes scan https://www.my-app.com
This argument is the path to the directory you want to scan.
Example (replace path/to/directory
with the actual path to your target):
skims scan path/to/directory
This argument is a URL. Depending on the scanner you are using, you can use the following URLs:
Git repository URL: Using Fluid Attacks' SAST or SCA CLIs to download a repository and analyze it with static application security testing (SAST) and software composition analysis (SCA). For example, for SAST scans:
skims scan https://github.com/tree-sitter/tree-sitter.git
Use this for SCA scans:
spots scan https://github.com/tree-sitter/tree-sitter.git
Page or web application URL: Using Fluid Attacks' CLI to perform dynamic application security testing (DAST), using the URL of a page or web application.
Example:
probes scan https://www.google.com
This argument is the path to a YAML configuration file where you customize the vulnerability scanner's execution. To avoid confusion and possible problems, you should place this file in the same directory as the project you want to scan.
Example (replace path/to/config.yaml
with the actual path to your configuration file):
skims scan path/to/config.yaml
namespace: myapp
output:
file_path: ./Fluid-Attacks-Results.csv
format: CSV
working_dir: .
language: EN
sast:
include:
- .
exclude:
- glob(**/node_modules/**)
- glob(**/test/**)