chopchop
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.
Name:chopchop
Category:Scanners
Publisher:trickest
Created:6/23/2021
Container:
quay.io/trickest/chopchop:2f4838cOutput Type:
License:Unknown
Source:View Source
Parameters
--threadsNumber of threads (Default 1).--timeoutTimeout for the HTTP requests (Default: 10s).--insecureCheck SSL certificate.--url-filePath to a specified file containing URLs to test. If this is used, you should not connect url parameter and vice versa.-vLog level (debug, info, warn, error, fatal, panic) (default warning)--signaturesPath to signature file (Default: chopchop.yml).--max-severityBlock the CI pipeline if severity is over or equal specified flag.--plugin-filtersFilter by the name of the plugin (engine will only check for plugin with the same name).--severity-filterFilter by severity (engine will check for same severity checks).