_Taipan_ is a an automated web application scanner that allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which includes other components, like a web dashboard where you can manage your scans, download a PDF report and a scanner agent to run on specific host. Below are some screenshots of the _Taipan_ dashboard:
9
+
_Taipan_ is a an automated web application vulnerabilityscanner that allows to identify web vulnerabilities in an automatic fashion. This project is the core engine of a broader project which includes other components, like a web dashboard where you can manage your scans, download a PDF report and a scanner agent to run on specific host. Below are some screenshots of the _TaipanProEdition_ dashboard:
10
10
11
11
<table>
12
12
<tr>
skipped 10 lines
23
23
24
24
If you are interested in trying the full product, you can visit the dedicated web site: <a href="https://taipansec.com/index.html">https://taipansec.com/index.html</a>.
25
25
26
-
## Download
27
-
- [Source code][1]
28
-
- [Download binary][2]
29
-
30
-
## Chat Room
26
+
We have also created a more affordable version, the *Consultant Edition*. You can read more at the <a href="https://taipansec.com/news_consultant_24">Taipan web site</a>.
31
27
32
-
We have a chat room in case you feel like chatting a bit.
28
+
Below you can watch a demonstration video of the Consultant Edition:
If you want to try the dev version of Taipan without to wait for an official release, you can download the build version. This version is built every time that a commit is done and the build process is not broken.
38
-
39
-
You can download it from the [Artifacts Directory](https://ci.appveyor.com/project/enkomio/taipan/build/artifacts).
40
-
41
-
## Using Taipan
42
-
_Taipan_ can run on both Windows (natively) and Linux (with mono). To run it in Linux you have to install **mono in version >= 4.8.0**. You can track the implementation of the new features in the related <a href="https://github.com/taipan-scanner/Taipan/projects/1">Kanban board</a>.
43
-
44
-
### Scan Profile
45
-
_Taipan_ allow to scan the given web site by specify different kind of profiles. Each profile enable or disable a specific scan feature, to show all the available profile just run _Taipan_ with the `--show-profiles_` option.
46
-
47
-
### Pause/Stop/Resume a scan
48
-
During a scan you can interact with it by set the scan in Pause or Stop it if necessary. In order to do so you have to press:
49
-
50
-
- P: pause the scan
51
-
- S: stop the scan
52
-
- R: resume a paused scan
53
-
54
-
The change is not immediate and you have to wait until all threads have reached the desider state.
55
-
56
-
### Launch a Full scan
57
-
To launch a new scan you have to provide the _url_ and the _profile_ which must be used. It is not necessary to specify the full profile name, a prefix is enough.
32
+
## Community Edition
33
+
We believe that security is a necessity for everyone and it is for this reason that we have decided to release a *Community* version of the core of our scanner.
58
34
59
-
Taipan.exe -p Full -u http://127.0.0.1/
35
+
The Community version carries the exact same code as the commercial version but without the advanced features. You can use the Community to scan your personal website or for any not commercial purpose.
**berez23** created a docker image for the CI release. For more information take a look at <a href="https://github.com/berez23/taipandocker">his project</a>.
68
-
69
-
## Build Taipan
70
-
_Taipan_ is currently developed with using VisualStudio 2017 Community Edition and uses _paket_ as packet manager. To build the source code you have to:
71
-
* clone the repository
72
-
* run ``paket.exe install``
73
-
* open the solution in VisualStudio and compile it
74
-
75
-
## Taipan Components
76
-
_Taipan_ is composed of four main components:
77
-
78
-
### Web Application fingerprinter
79
-
it inspects the given application in order to identify if it is a COTS application. If so, it extracts the identified version. This components is very important since it allows to identify vulnerable web applications.
80
-
81
-
### Hidden Resource Discovery
82
-
this component scans the application in order to identify resources that are not directly navigable or that shouldn't be accessed, like secret pages or test pages.
83
-
84
-
### Crawler
85
-
This component navigates the web site in order to provide to the other components a list of pages to analyze. It allows to mutate the request in order to find not so common pathes.
86
-
87
-
### Vulnerability Scanner
88
-
this component probes the web application and tries to identify possible vulnerabilities. It is composed of various AddOn in order to easily expand its Knowledge Base. It is also in charge for the identification of know vulnerabilities which are defined by the user.
89
-
90
-
## Versioning
91
-
92
-
We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/enkomio/Taipan/tags).
41
+
## Using Taipan
42
+
_Taipan_ can run on both Windows (natively) and Linux (with mono). To run it in Linux you have to install **mono in version >= 4.8.0**. For more information on how to use Taipan please refer to the <a href="https://taipansec.com/support">official documentation</a>.
Antonio Parata
committed
with
GitHub
5 years ago
1 parent dd62acde