chopchop
ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.Its goal is to scan several endpoints and identify exposition of services/files/folders through the webroot. Checks/Signatures are declared in a config file (by default: chopchop.yml), fully configurable, and especially by developers.
Details
Category: Scanners
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/chopchop:2f4838c
Source URL: https://github.com/michelin/ChopChop
Parameters
threads
string
Command:
--threads - Number of threads (Default 1).timeout
string
Command:
--timeout - Timeout for the HTTP requests (Default: 10s).insecure
boolean
Command:
--insecure - Check SSL certificate.url-file
file
requiredCommand:
--url-file - Path to a specified file containing URLs to test. If this is used, you should not connect url parameter and vice versa.verbosity
string
Command:
-v - Log level (debug, info, warn, error, fatal, panic) (default warning)signatures
file
Command:
--signatures - Path to signature file (Default: chopchop.yml).max-severity
string
Command:
--max-severity - Block the CI pipeline if severity is over or equal specified flag.plugin-filters
string
Command:
--plugin-filters - Filter by the name of the plugin (engine will only check for plugin with the same name).severity-filter
string
Command:
--severity-filter - Filter by severity (engine will check for same severity checks).