chopchop
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.
Details
Category: Scanners
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/chopchop:2f4838c
Source URL: https://github.com/michelin/ChopChop
Parameters
Command:
--threads - Number of threads (Default 1).Command:
--timeout - Timeout for the HTTP requests (Default: 10s).Command:
--insecure - Check SSL certificate.Command:
--url-file - Path to a specified file containing URLs to test. If this is used, you should not connect url parameter and vice versa.Command:
-v - Log level (debug, info, warn, error, fatal, panic) (default warning)Command:
--signatures - Path to signature file (Default: chopchop.yml).Command:
--max-severity - Block the CI pipeline if severity is over or equal specified flag.Command:
--plugin-filters - Filter by the name of the plugin (engine will only check for plugin with the same name).Command:
--severity-filter - Filter by severity (engine will check for same severity checks).