Usage Examples

NeuraLegion CLI provides many features in addition to scan control over our API. This section describes the NPM and Docker sample use cases.

NPM

New Scan from a Swagger Schema

This example describes how to scan an API endpoint directly. The scope of the scan, all the possible interactions and parameters are defined in an OpenAPI schema that is uploaded before starting the scan.

Prerequisites

  • An active user in the NeuraLegion App.
  • A Swagger/OpenAPI schema FILE_PATH.
  • A valid AUTH_TOKEN (API key) with the following scopes: files:read, files:write, scans, org:read, and projects:read. You can set up an organization API key or a personal API key.

Step-by-Step Guide

Step 1 – Upload a Schema

  FILE_ID=$(nexploit-cli archive:upload --token $AUTH_TOKEN --type openapi --discard true $FILE_PATH)

Step 2 – Create a New Scan

  SCAN_ID=$(nexploit-cli scan:run --token $AUTH_TOKEN --name "My First Scan" --project $PROJECT_ID --archive $FILE_ID --smart)

Step 3 – Poll Scan Status

  nexploit-cli scan:polling --token $AUTH_TOKEN --breakpoint high_issue --interval 3000 --timeout 1h $SCAN_ID

Re-run a Previous Scan

This example describes how to re-run a previous scan using all the same scan settings and parameters.

Prerequisites

Step-by-Step Guide

Step 1 – Re-run a Previous Scan

  NEW_SCAN_ID=$(nexploit-cli scan:retest --token $AUTH_TOKEN $SCAN_ID)

Step 2 – Poll Scan Status

  nexploit-cli scan:polling --token $AUTH_TOKEN --breakpoint high_issue --interval 3000 --timeout 1h $NEW_SCAN_ID

New Scan with a Repeater

This example describes how to run a scan using a local Repeater.

Prerequisites

Step-by-Step Guide

Step 1 – Start a Repeater

  PID_REPEATER=$(nexploit-cli repeater --token $AUTH_TOKEN --id $REPEATER_ID > /dev/null & echo $! )

  echo "Repeater PID: $PID_REPEATER"

Step 2 – Run a New Scan with a Crawler

  SCAN_ID=$(nexploit-cli scan:run --token $AUTH_TOKEN --name "My First Scan" --repeater $REPEATER_ID --project $PROJECT_ID --crawler www.example.com --host-filter www.example.com --smart $SCAN_ID)

Step 3 – Poll Scan Status

  nexploit-cli scan:polling --token $AUTH_TOKEN --breakpoint high_issue --interval 3000 --timeout 1h $SCAN_ID

Docker

The Docker version of NeuraLegion CLI comes as a preconfigured Repeater container. As soon as the container is launched, the CLI activates the Repeater mode.

Prerequisites

Step-by-Step Guide

STEP 1 – Create a .yml File

version: '3'
services:
  target.local:
    image: path/image-name

  repeater:
    image: neuralegion/repeater:latest
    restart: always
    environment:
      REPEATER_TOKEN: AUTH_TOKEN
      REPEATER_ID: REPEATER_ID

STEP 2 – Run the Docker

Run the Repeater Docker using the command:

docker-compose up

📘

Note

If a valid AUTH_TOKEN and REPEATER_ID was not added, then the Unauthorized access error appears. Please check your credentials.

Now, when Starting a New Scan, you can connect the Repeater in the Network Settings tab or use the NeuraLegion CLI to start a scan.

New Scan with Docker Startup

The Docker version of the Repeater comes with a built-in NeuraLegion CLI, so that additional functions can be added to the docker container to be executed after the Repeater mode is launched.

Here is an example of a .yaml configuration that will launch a new scan as soon as the Docker is running:

Prerequisites

version: '3'
services:
  target.local:
    image: path/image-name
    ports:
      - '3000:3000'

  repeater:
    image: neuralegion/repeater:latest
    restart: always
    environment:
      REPEATER_TOKEN: AUTH_TOKEN
      REPEATER_ID: REPEATER_ID

  nexploit:
    depends_on:
      - repeater
      - target.local
    image: neuralegion/repeater:nexploit-cli
    environment:
      REPEATER_TOKEN: AUTH_TOKEN
      REPEATER_ID: REPEATER_ID
    entrypoint:
      - bash
      - -c
      - >
        sleep 10;
        HARID=$$(nexploit-cli archive:upload --type openapi --token=$$AUTH_TOKEN /opt/repeater/swagger.yaml);
        echo Your HAR ID is $$HARID;
        SCANID=$$(nexploit-cli scan:run --name='My Scan'  --project $$PROJECT_ID --repeater=$$REPEATER_ID --archive $$HARID --tests header_security --token $$AUTH_TOKEN);
        echo Scan started $$SCAN_ID;
        echo Poll for scan results;
        RESULT=$$(nexploit-cli scan:polling --token $$AUTH_TOKEN --breakpoint=high_issue \
          --interval=10000 --timeout=5min $$SCAN_ID);
        nexploit-cli scan:stop --token=$$AUTH_TOKEN $$SCAN_ID;
        exit $$RESULT;

Adding Extra Headers Locally

The Repeater enables a user to overload extra headers onto the Repeater's requests LOCALLY, without the need to set them up in the NeuraLegion cloud engine. This is done by setting the REPEATER_HEADERS environment variable.
For example:

version: '3'
services:
  repeater:
    image: neuralegion/repeater:latest
    restart: always
    environment:
      REPEATER_TOKEN: AUTH_TOKEN
      REPEATER_ID: REPEATER_ID
      REPEATER_HEADERS: '{ "my_header": "special token" }'

Or as a command line configuration:

docker run neuralegion/repeater -e 'REPEATER_HEADERS={"my_header": "special token"}'

Did this page help you?