olacabs / jackhammer Goto Github PK

Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.

Home Page: https://jch.olacabs.com/userguide

License: Other

Shell 0.05% Dockerfile 0.12% Java 99.84%

security-vulnerability-assessment vulnerability-management static-code-analysis mobile-security webappsec wordpress-security network-security security-scanner security dynamic-analysis

jackhammer's Introduction

Jackhammer:

One Security vulnerability assessment/management tool to solve all the security team problems.

What is Jackhammer?

Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capability. It finds security vulnerabilities in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.

It completely works on RBAC (Role Based Access Control). There are cool dashboards for individual scans and team scans giving ample flexibility to collaborate with different teams. It is totally built on pluggable architecture which can be integrated with any open source/commercial tool.

Jackhammer uses the OWASP pipeline project to run multiple open source and commercial tools against your code,web app, mobile app, cms (wordpress), network.

Key Features:

Provides unified interface to collaborate on findings
Scanning (code) can be done for all code management repositories
Scheduling of scans based on intervals # daily, weekly, monthly
Advanced false positive filtering
Publish vulnerabilities to bug tracking systems
Keep a tab on statistics and vulnerability trends in your applications
Integrates with majority of open source and commercial scanning tools
Users and Roles management giving greater control
Configurable severity levels on list of findings across the applications
Built-in vulnerability status progression
Easy to use filters to review targeted sets from tons of vulnerabilities
Asynchronous scanning (via sidekiq) that scale
Seamless Vulnerability Management
Track statistics and graph security trends in your applications
Easily integrates with a variety of open source, commercial and custom scanning tools

Supported Vulnerability Scanners:

Static Analysis:

* license required ** commercial license required

Finding hard coded secrets/tokens/creds:

Trufflehog (Slightly modified/extended for better result and integration as of May 2017)

Webapp:

Arachni

Mobile App:

Androbugs (Slightly modified/extended for better result and integration as of May 2017)
Androguard (Slightly modified/extended for better result and integration as of May 2017)

Wordpress:

WPScan (Slightly modified/extended for better result and integration as of May 2017)

Network:

Nmap

Adding Custom (other open source/commercial /personal) Scanners:

You can add any scanner to jackhammer within 10-30 minutes. Check the links/video

Quick Start and Installation

See our Quick Start/Installation Guide if you want to try out Jackhammer as quickly as possible using Docker Compose.

Run the following commands for local setup (corporate mode):

 git clone https://github.com/olacabs/jackhammer
 sh ./docker-build.sh

Default credentials for local setup:

username: [email protected]

password: j4ckh4mm3r

(For single user mode)

sh ./docker-build.sh SingleUser

do signup for access

Restarting Jackhammer

docker-compose stop
docker-compose rm
docker-compose up -d

User Guide

The User Guide will give you an overview of how to use Jackhammer once you have things up and running.

Demo

Demo Environment Link:

https://jch.olacabs.com/

Default credentials:

username: [email protected]

password: [email protected]

jackhammer's People

Contributors

Stargazers

Watchers

Forkers

bbghunter 1ab1 kartikeyap kakuye d1pakda5 mferreirasec security-geeks nitesculucian testrockytesting lubyruffy hackerabhinavverma puppycodes mbarrerar yikez978 team-firebugs peval yuedeji barkinet mlgbsec awesome-security olivierh59500 thinksabin sidheshenator superdaigo foukation lexcia vishal-test tmcmil sh1nu11bi nkennaroot mandeeps13k mwhawkins irivera007 wloong blackthorne s-chand perplext methos2016 yankaics erangoldman pythonmaster41 hackmycontrolsystem siemonster cavallando techexplained johnofsaints sbambach rongqinglee dokydoky luqmanzagi jaikishantulswani bernadsatriani zminjiao ayikurniawan nishtha04 dylankrul m1sn1k superpoussin22 sspatil94 quochien ro9ueadmin aeoniandev xuezs arjunreddyd sporiyano chrislakin r3dfruitrollup opt9 pburglin fivetwentyseven jackflax aaronksalmon nani1337 alex-rad fuckup1337 kamalonline4 wh0amis zee7han koushikr venutrue shantanu561993 nrashok seabreg dkogue arunsigood security-prince ajaynegi-websecresearch 3rdbody teicu themallcop r0cknrolla michaeltestliu mlynchcogent hakimkt rajivraj bbhunter adeyosemanputra orf53975 jhedden kmadhusudhan

jackhammer's Issues

Jackhammer is installed but can't access localhost:5000

I have installed jackhammer in windows 10 with the necessary pre requisites

But cannot access localhost 5000.Netstat shows port 5000 is not listening.
I'am able to ping 127.0.0.1.
Any help is appreciated.

mysql container unhealthy

When I start jackhammer containers, mysql container healthcheck returns unhealthy status. I tried restarting the just mysql container. Still it shows up as unhealthy.

sidheshenator@jackhammer:~$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS                     NAMES
300219770c48        jackhammer_web      "bash -c 'mkdir -p..."   13 minutes ago      Up 13 minutes               0.0.0.0:5000->3000/tcp    jackhammer_web_1
32c64f339133        redis               "docker-entrypoint..."   13 minutes ago      Up 13 minutes               0.0.0.0:32769->6379/tcp   jackhammer_redis_1
f397c19e49ef        mysql               "docker-entrypoint..."   13 minutes ago      Up 13 minutes (unhealthy)   0.0.0.0:3306->3306/tcp    jackhmmaer-db

project target content is invalid

when i try to upload a .apk it tells me : project target content is invalid... Please what do i do to resolve that...?

Jackhammer Web Dies Exit 1 (Mac OSX)

I am running the current version of Docker and just pulled and ran Jackhammer. I have a Mac, and when I do:
sh ./docker-build.sh
It seems to build properly but when I open a browser to http://localhost:5000 it can not connect. The docker-compose ps shows:
Name Command State Ports

jackhammer-db docker-entrypoint.sh mysqld Up 0.0.0.0:3306->3306/tcp
jackhammer_redis_1 docker-entrypoint.sh redis ... Up 0.0.0.0:32770->6379/tcp
jackhammer_web_1 bash -c mkdir -p tmp/pids ... Exit 1

I re-ran sh ./docker-build.sh as "sudo sh ./docker-build.sh" and it came up and ran. The web was available and it worked.

I shut down the docker and jackhammer and have tried every way from sunday today and it I get the exit 1 on the web and it never comes up fully (both as root and not).

Changing Host

Hey as it by default runs on local host , so i have configured it on ec2 so where i can change the host ?

Can't Access Jackhammer - Error: We're sorry, but something went wrong. If you are the application owner check the logs for more information.

I was able to access jackhammer. However, now I am getting an error

We're sorry, but something went wrong.

If you are the application owner check the logs for more information.

when I try to access it via Chrome over port 5000.

Here are the logs -

root@jackhammer-nginx:/home/sidheshenator/jackhammer# docker-compose up -d
Creating network "jackhammer_default" with the default driver
Creating jackhammer_redis_1 ... 
Creating jackhmmaer-db ... 
Creating jackhammer_redis_1
Creating jackhammer_redis_1 ... done
Creating jackhammer_web_1 ... 
Creating jackhammer_web_1 ... done
root@jackhammer-nginx:/home/sidheshenator/jackhammer# docker-compose logs
Attaching to jackhammer_web_1, jackhmmaer-db, jackhammer_redis_1
web_1      | Puma starting in single mode...
web_1      | * Version 2.14.0 (ruby 2.3.0-p0), codename: Fuchsia Friday
web_1      | * Min threads: 0, max threads: 16
web_1      | * Environment: production
web_1      | /root/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/rb-readline-0.5.1/lib/readline.rb:458: warning: already initialized constant Readline::HISTORY
web_1      | /root/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/rb-readline-0.5.1/lib/readline.rb:486: warning: already initialized constant Readline::FILENAME_COMPLETION_PROC
web_1      | /root/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/rb-readline-0.5.1/lib/readline.rb:517: warning: already initialized constant Readline::USERNAME_COMPLETION_PROC
web_1      | /root/.rbenv/versions/2.3.0/lib/ruby/gems/2.3.0/gems/rb-readline-0.5.1/lib/readline.rb:523: warning: already initialized constant Readline::VERSION
web_1      | * Listening on tcp://0.0.0.0:3000
web_1      | Use Ctrl-C to stop
jackhmmaer-db | Initializing database
jackhmmaer-db | 2017-05-17T17:07:52.470795Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
jackhmmaer-db | 2017-05-17T17:07:58.157026Z 0 [Warning] InnoDB: New log files created, LSN=45790
jackhmmaer-db | 2017-05-17T17:07:58.879713Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
jackhmmaer-db | 2017-05-17T17:07:58.981477Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 60ab2d86-3b23-11e7-a9f2-0242ac120003.
jackhmmaer-db | 2017-05-17T17:07:58.990931Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
jackhmmaer-db | 2017-05-17T17:07:58.991685Z 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
jackhmmaer-db | 2017-05-17T17:08:01.389731Z 1 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:01.389836Z 1 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:01.389887Z 1 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:01.389913Z 1 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:01.389977Z 1 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | Database initialized
jackhmmaer-db | Initializing certificates
jackhmmaer-db | Generating a 2048 bit RSA private key
jackhmmaer-db | .....................................................................................................+++
jackhmmaer-db | ........................................................................................................................+++
jackhmmaer-db | unable to write 'random state'
jackhmmaer-db | writing new private key to 'ca-key.pem'
jackhmmaer-db | -----
jackhmmaer-db | Generating a 2048 bit RSA private key
jackhmmaer-db | ..............................................................+++
jackhmmaer-db | ........+++
jackhmmaer-db | unable to write 'random state'
jackhmmaer-db | writing new private key to 'server-key.pem'
jackhmmaer-db | -----
jackhmmaer-db | Generating a 2048 bit RSA private key
jackhmmaer-db | .......+++
jackhmmaer-db | .+++
jackhmmaer-db | unable to write 'random state'
jackhmmaer-db | writing new private key to 'client-key.pem'
jackhmmaer-db | -----
jackhmmaer-db | Certificates initialized
jackhmmaer-db | MySQL init process in progress...
jackhmmaer-db | 2017-05-17T17:08:06.304582Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
jackhmmaer-db | 2017-05-17T17:08:06.306298Z 0 [Note] mysqld (mysqld 5.7.18) starting as process 135 ...
jackhmmaer-db | 2017-05-17T17:08:06.318166Z 0 [Note] InnoDB: PUNCH HOLE support available
jackhmmaer-db | 2017-05-17T17:08:06.318234Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
jackhmmaer-db | 2017-05-17T17:08:06.318254Z 0 [Note] InnoDB: Uses event mutexes
jackhmmaer-db | 2017-05-17T17:08:06.318270Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
jackhmmaer-db | 2017-05-17T17:08:06.318300Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.3
jackhmmaer-db | 2017-05-17T17:08:06.318316Z 0 [Note] InnoDB: Using Linux native AIO
jackhmmaer-db | 2017-05-17T17:08:06.318698Z 0 [Note] InnoDB: Number of pools: 1
jackhmmaer-db | 2017-05-17T17:08:06.318932Z 0 [Note] InnoDB: Using CPU crc32 instructions
jackhmmaer-db | 2017-05-17T17:08:06.322017Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
jackhmmaer-db | 2017-05-17T17:08:06.344603Z 0 [Note] InnoDB: Completed initialization of buffer pool
jackhmmaer-db | 2017-05-17T17:08:06.346698Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
jackhmmaer-db | 2017-05-17T17:08:06.358406Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
jackhmmaer-db | 2017-05-17T17:08:06.405283Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
jackhmmaer-db | 2017-05-17T17:08:06.405455Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
jackhmmaer-db | 2017-05-17T17:08:06.998775Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
jackhmmaer-db | 2017-05-17T17:08:06.999770Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
jackhmmaer-db | 2017-05-17T17:08:06.999819Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
jackhmmaer-db | 2017-05-17T17:08:07.000677Z 0 [Note] InnoDB: Waiting for purge to start
jackhmmaer-db | MySQL init process in progress...
jackhmmaer-db | 2017-05-17T17:08:07.050849Z 0 [Note] InnoDB: 5.7.18 started; log sequence number 2536227
jackhmmaer-db | 2017-05-17T17:08:07.052416Z 0 [Note] Plugin 'FEDERATED' is disabled.
jackhmmaer-db | 2017-05-17T17:08:07.061730Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.
redis_1    | 1:C 17 May 17:07:52.352 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
redis_1    |                 _._                                                  
redis_1    |            _.-``__ ''-._                                             
redis_1    |       _.-``    `.  `_.  ''-._           Redis 3.2.8 (00000000/0) 64 bit
redis_1    |   .-`` .-```.  ```\/    _.,_ ''-._                                   
redis_1    |  (    '      ,       .-`  | `,    )     Running in standalone mode
redis_1    |  |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
redis_1    |  |    `-._   `._    /     _.-'    |     PID: 1
redis_1    |   `-._    `-._  `-./  _.-'    _.-'                                   
redis_1    |  |`-._`-._    `-.__.-'    _.-'_.-'|                                  
redis_1    |  |    `-._`-._        _.-'_.-'    |           http://redis.io        
redis_1    |   `-._    `-._`-.__.-'_.-'    _.-'                                   
redis_1    |  |`-._`-._    `-.__.-'    _.-'_.-'|                                  
redis_1    |  |    `-._`-._        _.-'_.-'    |                                  
redis_1    |   `-._    `-._`-.__.-'_.-'    _.-'                                   
redis_1    |       `-._    `-.__.-'    _.-'                                       
redis_1    |           `-._        _.-'                                           
redis_1    |               `-.__.-'                                               
redis_1    | 
redis_1    | 1:M 17 May 17:07:52.358 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
redis_1    | 1:M 17 May 17:07:52.358 # Server started, Redis version 3.2.8
redis_1    | 1:M 17 May 17:07:52.358 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
redis_1    | 1:M 17 May 17:07:52.358 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
redis_1    | 1:M 17 May 17:07:52.358 * The server is now ready to accept connections on port 6379
jackhmmaer-db | 2017-05-17T17:08:07.061923Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
jackhmmaer-db | 2017-05-17T17:08:07.063556Z 0 [Warning] CA certificate ca.pem is self signed.
jackhmmaer-db | 2017-05-17T17:08:07.067612Z 0 [Note] InnoDB: Buffer pool(s) load completed at 170517 17:08:07
jackhmmaer-db | 2017-05-17T17:08:07.077350Z 0 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:07.077419Z 0 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:07.077487Z 0 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:07.077512Z 0 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:07.078954Z 0 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:07.090918Z 0 [Note] Event Scheduler: Loaded 0 events
jackhmmaer-db | 2017-05-17T17:08:07.095283Z 0 [Note] mysqld: ready for connections.
jackhmmaer-db | Version: '5.7.18'  socket: '/var/run/mysqld/mysqld.sock'  port: 0  MySQL Community Server (GPL)
jackhmmaer-db | 2017-05-17T17:08:07.095324Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 
jackhmmaer-db | 2017-05-17T17:08:07.095339Z 0 [Note] Beginning of list of non-natively partitioned tables
jackhmmaer-db | 2017-05-17T17:08:07.116407Z 0 [Note] End of list of non-natively partitioned tables
jackhmmaer-db | Warning: Unable to load '/usr/share/zoneinfo/iso3166.tab' as time zone. Skipping it.
jackhmmaer-db | Warning: Unable to load '/usr/share/zoneinfo/leap-seconds.list' as time zone. Skipping it.
jackhmmaer-db | Warning: Unable to load '/usr/share/zoneinfo/zone.tab' as time zone. Skipping it.
jackhmmaer-db | 2017-05-17T17:08:16.293286Z 5 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:16.293363Z 5 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:16.293394Z 5 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:16.293425Z 5 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:16.293465Z 5 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | mysql: [Warning] Using a password on the command line interface can be insecure.
jackhmmaer-db | mysql: [Warning] Using a password on the command line interface can be insecure.
jackhmmaer-db | ERROR 1396 (HY000) at line 1: Operation CREATE USER failed for 'root'@'%'
jackhmmaer-db | 2017-05-17T17:08:17.390571Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
jackhmmaer-db | 2017-05-17T17:08:17.397958Z 0 [Note] mysqld (mysqld 5.7.18) starting as process 1 ...
jackhmmaer-db | 2017-05-17T17:08:17.404950Z 0 [Note] InnoDB: PUNCH HOLE support available
jackhmmaer-db | 2017-05-17T17:08:17.404998Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
jackhmmaer-db | 2017-05-17T17:08:17.405015Z 0 [Note] InnoDB: Uses event mutexes
jackhmmaer-db | 2017-05-17T17:08:17.405028Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
jackhmmaer-db | 2017-05-17T17:08:17.405039Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.3
jackhmmaer-db | 2017-05-17T17:08:17.405049Z 0 [Note] InnoDB: Using Linux native AIO
jackhmmaer-db | 2017-05-17T17:08:17.405382Z 0 [Note] InnoDB: Number of pools: 1
jackhmmaer-db | 2017-05-17T17:08:17.405569Z 0 [Note] InnoDB: Using CPU crc32 instructions
jackhmmaer-db | 2017-05-17T17:08:17.411998Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
jackhmmaer-db | 2017-05-17T17:08:17.428654Z 0 [Note] InnoDB: Completed initialization of buffer pool
jackhmmaer-db | 2017-05-17T17:08:17.430583Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
jackhmmaer-db | 2017-05-17T17:08:17.442119Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
jackhmmaer-db | 2017-05-17T17:08:17.443012Z 0 [Note] InnoDB: Log scan progressed past the checkpoint lsn 2536246
jackhmmaer-db | 2017-05-17T17:08:17.838749Z 0 [Note] InnoDB: Doing recovery: scanned up to log sequence number 7778816
jackhmmaer-db | 2017-05-17T17:08:18.299873Z 0 [Note] InnoDB: Doing recovery: scanned up to log sequence number 6861312
jackhmmaer-db | 2017-05-17T17:08:18.729194Z 0 [Note] InnoDB: Doing recovery: scanned up to log sequence number 12104192
jackhmmaer-db | 2017-05-17T17:08:18.732651Z 0 [Note] InnoDB: Doing recovery: scanned up to log sequence number 12140172
jackhmmaer-db | 2017-05-17T17:08:18.738714Z 0 [Note] InnoDB: Database was not shutdown normally!
jackhmmaer-db | 2017-05-17T17:08:18.738756Z 0 [Note] InnoDB: Starting crash recovery.
jackhmmaer-db | 2017-05-17T17:08:18.763259Z 0 [Note] InnoDB: Starting an apply batch of log records to the database...
jackhmmaer-db | InnoDB: Progress in percent: 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 
jackhmmaer-db | 2017-05-17T17:08:19.459747Z 0 [Note] InnoDB: Apply batch completed
jackhmmaer-db | 2017-05-17T17:08:19.562983Z 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
jackhmmaer-db | 2017-05-17T17:08:19.563074Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
jackhmmaer-db | 2017-05-17T17:08:19.563145Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
jackhmmaer-db | 2017-05-17T17:08:20.151328Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
jackhmmaer-db | 2017-05-17T17:08:20.152290Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
jackhmmaer-db | 2017-05-17T17:08:20.152335Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
jackhmmaer-db | 2017-05-17T17:08:20.153275Z 0 [Note] InnoDB: Waiting for purge to start
jackhmmaer-db | 2017-05-17T17:08:20.204397Z 0 [Note] InnoDB: 5.7.18 started; log sequence number 12140172
jackhmmaer-db | 2017-05-17T17:08:20.205410Z 0 [Note] Plugin 'FEDERATED' is disabled.
jackhmmaer-db | 2017-05-17T17:08:20.219550Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
jackhmmaer-db | 2017-05-17T17:08:20.220789Z 0 [Note] InnoDB: Buffer pool(s) load completed at 170517 17:08:20
jackhmmaer-db | 2017-05-17T17:08:20.229391Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.
jackhmmaer-db | 2017-05-17T17:08:20.246909Z 0 [Warning] CA certificate ca.pem is self signed.
jackhmmaer-db | 2017-05-17T17:08:20.249286Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
jackhmmaer-db | 2017-05-17T17:08:20.249360Z 0 [Note] IPv6 is available.
jackhmmaer-db | 2017-05-17T17:08:20.249384Z 0 [Note]   - '::' resolves to '::';
jackhmmaer-db | 2017-05-17T17:08:20.249434Z 0 [Note] Server socket created on IP: '::'.
jackhmmaer-db | 2017-05-17T17:08:20.348541Z 0 [Warning] 'user' entry 'root@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:20.348572Z 0 [Warning] 'user' entry 'mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:20.348590Z 0 [Warning] 'db' entry 'sys mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:20.348599Z 0 [Warning] 'proxies_priv' entry '@ root@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:20.353324Z 0 [Warning] 'tables_priv' entry 'sys_config mysql.sys@localhost' ignored in --skip-name-resolve mode.
jackhmmaer-db | 2017-05-17T17:08:20.402172Z 0 [Note] Event Scheduler: Loaded 0 events
jackhmmaer-db | 2017-05-17T17:08:20.410779Z 0 [Note] mysqld: ready for connections.
jackhmmaer-db | Version: '5.7.18'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
jackhmmaer-db | 2017-05-17T17:08:20.410818Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check. 
jackhmmaer-db | 2017-05-17T17:08:20.410832Z 0 [Note] Beginning of list of non-natively partitioned tables
jackhmmaer-db | 2017-05-17T17:08:20.452223Z 0 [Note] End of list of non-natively partitioned tables

Some more container information -

root@jackhammer-nginx:/home/sidheshenator/jackhammer# docker ps --all
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                     PORTS                     NAMES
f78ac7d70dc4        jackhammer_web      "bash -c 'mkdir -p..."   5 minutes ago       Up 5 minutes               0.0.0.0:5000->3000/tcp    jackhammer_web_1
66ea6be2fa1e        mysql               "docker-entrypoint..."   5 minutes ago       Up 5 minutes (unhealthy)   0.0.0.0:3306->3306/tcp    jackhmmaer-db
cb0bd58fd1e2        redis               "docker-entrypoint..."   5 minutes ago       Up 5 minutes               0.0.0.0:32783->6379/tcp   jackhammer_redis_1
root@jackhammer-nginx:/home/sidheshenator/jackhammer#

SMTP Alerting

Is there an easy way to debug the SMTP alerting? Maybe creating a test email generator to make sure that the Jackhammer instance connects to the mail server would work. I might be having authentication issues and I'm trying to see if anyone else has used the alerting features. Thanks guys! :)

Cannot View All Repos

I am not able to view all Github repositories owned by a team. Only one repository per team shows up when I navigate to Add Target -> corporate -> Static -> click on the Team drop-down list -> click on Project
Is that a known issue? Or am I doing something wrong?
Please let me now if you need any logs.

gem install bundler error

My docker version is 17.05.0-ce, build 89658be
docker-compose version 1.12.0, build b31ff33.
So i tried upgrading it and it throws the error
[ Could not find a valid gem 'bundler' (>= 0), here is why:
Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (https://rubygems.org/specs.4.8.gz) ]

Even when i do sh ./docker-build.sh it throws the same error.
kindly advise.

Which branch is scanned by default when scanning git repos?

Hi,

Which branch is scanned by default when scanning git repos? Can I change the branch somewhere?

Problem installing the jackhammer on windows 7

bundle.sh: line 13: syntax error: unexpected end of file
ERROR: Service 'web' failed to build: The command '/bin/sh -c bash bundle.sh' re
turned a non-zero code: 2

Http -> Https

How can I enable HTTPS for the jackhammer?

Unable to install in debian variant

I tried to install this at debian variant of the machine , but i get the following error :

ERROR: Version in "./docker-compose.yml" is unsupported. You might be seeing this error because you're using the wrong Compose file version. Either specify a version of "2" (or "2.0") and place your service definitions under the services key, or omit the version key and place your service definitions at the root of the file to use version 1.

Kindly advise

change findsecbugs_path

Hi
I want to upgrade findsecbugs up to 1.7.1, so I downloaded it in tool folder and change findsecbugs_path to /home/app/tools/find-sec-bugs-version-1.7.1/cli in config/app.yml.
But, it still refer /home/app/tools/findsecbugs-cli-1.4.6, when findsecbugs.rb is executed.
Could you let me know which value do I have to change to upgrade it?

Port 5000 listing but can't connect to web portal

MySQL database location

Where is the MySQL database file stored?
Which container and what location? :)

Public available jackhammer

How I change from localhost to 0.0.0.0?

Deleted Github repos are not removed from the list

I deleted a repo from my organization.
However, when I navigate to Add Target -> corporate -> Static -> click on the Team drop-down list -> click on Project, I am able to list the deleted repo.
I navigated to Settings -> Github -> clicked on Fetch repo, teams, and users to update the list of repos.
However, the list of repos continues to list the deleted repo.

Improvements on Network scanning and Scan Uploading

It looks like you only allow a single IP address when performing Network scans. This won't scale much at all..

Additionally, when a new Network project is created and a nessus scan is uploaded all of the findings within the Nessus scan would be associated with the target ip used whenthe scan project was created instead of the actually reported IPs within the Nessus scan results. In general, I have the following proposals for making this a better solution

Support multiple targets, since scans are typically run against multiple IPs
Decouple Scan Projects and targets from the scanner uploads. Having to create a new scan project and specify a target before you can upload a scan result is a awkward workflow and doesn't scale.
The ingested results should be tied to the IPs addresses reported within the uploaded results and not to the predefined target IP address when the project was created. Networks scans will likely always be run against multiple targets.
Expose scan uploads as a API call. I envision this tool being useful in existing CI infrastructures that already have code, app and network scanning in place. Jackhammer has a lot of value in being a central location to view the results and manage vulnerability triaging.

can not find vulnerable

Hello my friend, thanks for your anwser , im builded jackhammer, and use it scan website eg: http://testphp.vulnweb.com , ten minute after, can not find any vuln ,so can you help me , and nmap or wpscan is worked

Simple Question

What should be the minimum requirement for a VM?

Ex: 1 core / 1 GB RAM

Source code scan for GitHub Enterprise

Hi,
While trying to use the source code scan for Github Enterprise(different domain from github.com),
I came across a following issue.

First, I did set host, user name, password, API Endpoint and Api access token on [Settings > Github > General]

Even though I set proper Github information, I got below error message when I was trying to use "Fetch repo, teams, users" menu
"GET https://api.github.com/user/orgs: 401 - Bad credentials // See: https://developer.github.com/v3"

And also I got below error message when I was trying to do source code scan with Github repo URL.
"Invalid Repo/Repo can not be accesible"

I wonder if it supports Github Enterprise.

Able to fetch gitlab repo but scanning fails with repo not accessible

Hi,

I am able to fetch list of repos from gitlab. But when scanning it says that repo is not accessible. Have put in my username, password, api endpoint and personal access token. What else needs to be configured to access the repo?

What are the default admin master logon credentials ?

tried [email protected] after installing but that does not seem to work. Also is there a way of disabling registration ?

how to give external MYSQL Database details in docker-compose.yml

can any one help me out for giving external MYSQL Database details in docker-compose.yml

Github Settings

While playing around with Jackhammer, I came across two issues -

The Github account must be part of a Github Organization and a public member of a team. Else, the repositories can't be accessed.
The Github account's password cannot contain @

Uploaded APK files persist after scan

The APK files which are uploaded as part of the mobile scan into the tmp directory persist after the scan is completed in /tmp directory in the container.

root@jackhammer-nginx:~# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                      NAMES
74a1f4a66259        jackhammer_web      "bash -c 'mkdir -p..."   35 hours ago        Up 35 hours         127.0.0.1:5000->3000/tcp   jackhammer_web_1
85ca4738eb8f        redis               "docker-entrypoint..."   35 hours ago        Up 35 hours         0.0.0.0:32795->6379/tcp    jackhammer_redis_1
6a38e6db51cc        mysql               "docker-entrypoint..."   35 hours ago        Up 35 hours         127.0.0.1:3306->3306/tcp   jackhmmaer-db
root@jackhammer-nginx:~# docker exec -it 74a1f4a66259 /bin/bash
root@74a1f4a66259:/home/app# tree /tmp/
/tmp/
|-- Gemfile
|-- Gemfile.lock
|-- RackMultipart20170518-37-rmb4dq.apk
|-- bundle.sh
|-- d20170518-40-1n8ttqn
|   `-- NAME-OF-APK-debug.apk
|-- d20170518-40-1y29459
|   `-- NAME-OF-APK-debug.apk
|-- d20170518-40-pf88sh
|   `-- NAME-OF-APKdebug.apk
|-- log
|   `-- scans
|-- ruby-build.20170516232007.23.log
`-- tmp
    `-- pids

7 directories, 8 files
root@74a1f4a66259:/home/app#

Dependency security vulnerability will be a good addition.

Generally devs use dependencies with out checking for vulnerabilities in those dependencies. It could be a great addition.
Listing few of the tools below.

Safety db.
nsp for Node.
security checker from sensiolabs for php.
Bundler audit you have already integrated.

error on web build

I get the error at the bottom when running the docker-compose up d command. see the bottom.

---> Using cache
---> fbb6e3cf87f7
Step 23/48 : RUN apt-get install maven3
---> Using cache
---> c2478d8eefb5
Step 24/48 : RUN apt-get -y install libfontconfig
---> Using cache
---> 32ac2d0ec0c6
Step 25/48 : RUN wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2
---> Using cache
---> ebd3cb4c402c
Step 26/48 : RUN tar xvfj ./phantomjs-2.1.1-linux-x86_64.tar.bz2
---> Using cache
---> 4cce33280883
Step 27/48 : RUN ln -sf $(pwd)/phantomjs-2.1.1-linux-x86_64/bin/phantomjs /usr/bin
---> Using cache
---> 468c0e428ae7
Step 28/48 : RUN git clone https://github.com/sstephenson/rbenv.git /root/.rbenv
---> Using cache
---> 8ba605b74734
Step 29/48 : RUN git clone https://github.com/sstephenson/ruby-build.git /root/.rbenv/plugins/ruby-build
---> Using cache
---> 99fa37799cc4
Step 30/48 : RUN echo 'eval "$(rbenv init -)"' >> $HOME/.profile
---> Using cache
---> a6cbb3062c06
Step 31/48 : RUN echo 'eval "$(rbenv init -)"' >> $HOME/.bashrc
---> Using cache
---> f4c8ec4e0a7a
Step 32/48 : RUN rbenv install 2.3.0
---> Using cache
---> df397cdedf69
Step 33/48 : RUN rbenv global 2.3.0
---> Using cache
---> 826aaab4b6e4
Step 34/48 : RUN gem install bundler
---> Using cache
---> c567a6f0a905
Step 35/48 : WORKDIR /tmp
---> Using cache
---> 5cf5085bba89
Step 36/48 : ADD app/Gemfile Gemfile
---> Using cache
---> aaf450232c0f
Step 37/48 : ADD app/Gemfile.lock Gemfile.lock
---> Using cache
---> 122d7c3474f2
Step 38/48 : ADD bundle.sh bundle.sh
---> Using cache
---> 284f5e6913b1
Step 39/48 : RUN bash bundle.sh
---> Running in e99d39f77d5e
bundle.sh: line 13: syntax error: unexpected end of file
ERROR: Service 'web' failed to build: The command '/bin/sh -c bash bundle.sh' returned a non-zero code: 2

how to setup this on ec2 ?

i have done the proper setup on ec2 .

and port are open too all inbound and outbound but still not working .

Register function

How can I disable the register function?

Integration with Checkmarx and HP WI

Regarding the integration with Checkmarx, does it need to be installed on the same server as jackhammer? Can I somehow leverage exiting Checkmarx install through API calls to kick off the scans? Same for HP WebInspect?
Thanks
Marcelo

Local Setup for the Jackhammer

Hi
Can you provide the steps for local setup. I don't want to use docker to run the jackhammer framework.

Do you have any documentation to do the local setup without docker?

Skipfish upload

Why at the scan upload page I have skipfish as a tool?

Skipfish can not save output as XML.

Do you guys have some ideas to make this work?

Running services on localhost(lo) instead on all interfaces

Currently, the jackhammer_web, redis, and mysql bind to all IPv6 interfaces.

root@jackhammer-nginx:/home/sidheshenator/jackhammer# sudo netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::5000                 :::*                    LISTEN      26530/docker-proxy
tcp6       0      0 :::3306                 :::*                    LISTEN      26841/docker-proxy
tcp6       0      0 :::32784                :::*                    LISTEN      26317/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      2417/nginx -g daemo

Is it possible to bind it to particular interface only? I wanted it to run on localhost(lo) only instead of making it available to the world :)

update username and password

hello my friend:)
i want update username and password ,but can not find username and password on "sh" file, maybe i need docker file ssh username and password or mysql db username and password ,can you tell me how to update username and password ?

thanks ~

Couldn't find option for authenticated web app scan?

Hi,

Is there any option in jackhammer that allows authenticated web scan? I looked around after setting it up but couldn't find anything.

Thanks,
Ashutosh

Not able to scan any website or apk from jackhammer

I have installed Jakhammer in a docker of my ubuntu machine.

I have tried to scan multiple website but it is not giving any result after scan s completed.
i have tried demo.testfire.com and multiple vulnerable website available to see how it works but unfortunately i am not able to see any result (As these are vulnerable website it should give result). I also installed DVWA and Webgoat in docker and tried to scan the those but still i am not getting any result.

Am i doing anything wrong or scanner is not working.

Add new tool theHarvester

Can u please writing tool step by step for demo

Adding CPP Checker and Klocwork to Jackhammer

Hello,

I would like to add the Klocwork and CPP checker to the Jackhammer and take it to the next level. In order to proceed with this i have few queries !!

Does Jackhammer support these tools?
If yes, please suggest me how to proceed further.

Thank you

Not start web container

Hi.
Use instruction:

Quick Start and Installation
See our Quick Start/Installation Guide if you want to try out Jackhammer as quickly as possible using Docker Compose.
Run the following commands for local setup (corporate mode):

git clone https://github.com/olacabs/jackhammer
sh ./docker-build.sh
sh ./docker-build.sh SingleUser (For single user)

Default credentials for local setup:
username: [email protected]
password: j4ckh4mm3r

But after "sh ./docker-build.sh " didn't start web container and only start mysql and redis containers
Why!? or What command I must enter for start web_container with Corporate Mode?

I didn't use next command "sh ./docker-build.sh SingleUser" because want setup jackhammer with Corporate Mode.

Add Tools : AltDNS not running

lib/pipeline/task below :

https://gist.github.com/omarkurt/c538d5fd4bf277fd97a71d73c0ae2bff

docker-compose stop
docker-compose rm
sudo sh docker-build.sh SignleUser

How debug adding tool?

Read error (Connection reset by peer) in headers.

root@norvium02:~/jackhammer# wget localhost:5000
--2017-05-13 15:05:48--  http://localhost:5000/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--2017-05-13 15:05:49--  (try: 2)  http://localhost:5000/
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--2017-05-13 15:05:51--  (try: 3)  http://localhost:5000/
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--2017-05-13 15:05:54--  (try: 4)  http://localhost:5000/
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--2017-05-13 15:05:58--  (try: 5)  http://localhost:5000/
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2017-05-13 15:06:03--  (try: 6)  http://localhost:5000/
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... No data received.
Retrying.

--2017-05-13 15:06:09--  (try: 7)  http://localhost:5000/
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... 500 Internal Server Error
2017-05-13 15:06:09 ERROR 500: Internal Server Error.

root@norvium02:~/jackhammer# wget localhost:5000
--2017-05-13 15:06:31--  http://localhost:5000/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response...

What should I do?

Unable to locate "Import Results from other scanners" functionality

Hello,

I am unable to locate "Import Results from other scanners" functionality. I see that upload scan option in documentation; however, unable to locate one.

tried Win7, Ubuntu, Kali - all install fails

I have tried all three OS's listed and the Linux version I cannot start the sh ./docker commands and the install for Win7 is not terribly clear.
I have also tried Win10 with no luck.
Is there a clear set of installation instructions that one could follow?

Add-In Tools Instructions??

So I have followed the instructions for adding in tools, and I am completely perplexed.

Wrote the .rb file for Nikto (also copied the example one provided - tried both ways)
I added the Nikto tool description in settings.
2.a. I didn't at first have the name in the description matching the name in the file, but thinking that might be the issue I made them all match up.
I then re-built jackhammer with stop/rm/build

Poof... each time I do the description file is gone and no Nikto tool exists.

There is nothing in the logs I can find that appear to even do anything with the new tool I have added.

Questions:

What is the right way to get this installed?
How do you debug tool failures and issues?

Need some help here...

default credencials not working

after installation i tried to log int with

username: [email protected]

password: j4ckh4mm3r

yet it gives me invalid email or password

Unable to manually add users

Is there a way to add new users to Jackhammer? Modify Teams/Roles button does not let add new users.

Service 'web' failed to build: Oracle JDK 8 download failed

Getting a /var/cache/oracle-jdk8-installer' returned a non-zero code: 100 error at the end up the install.

before this I think there is an error downloading Java SDK? Is there a way to manually install it or change the script to point to location for Java?

Connecting to download.oracle.com (download.oracle.com)|72.246.43.25|:80... conn
ected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://edelivery.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47
b9b721c7dfaa008135/jdk-8u144-linux-x64.tar.gz [following]
--2017-10-18 17:19:54-- https://edelivery.oracle.com/otn-pub/java/jdk/8u144-b01
/090f390dda5b47b9b721c7dfaa008135/jdk-8u144-linux-x64.tar.gz
Resolving edelivery.oracle.com (edelivery.oracle.com)... 104.93.179.190, 2600:14
0a:0:38c::2d3e, 2600:140a:0:382::2d3e
Connecting to edelivery.oracle.com (edelivery.oracle.com)|104.93.179.190|:443...
connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://download.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47b9
b721c7dfaa008135/jdk-8u144-linux-x64.tar.gz?AuthParam=1508347315_ebf4c5125797698
2dd50449d421b756a [following]
--2017-10-18 17:19:55-- http://download.oracle.com/otn-pub/java/jdk/8u144-b01/0
90f390dda5b47b9b721c7dfaa008135/jdk-8u144-linux-x64.tar.gz?AuthParam=1508347315_
ebf4c51257976982dd50449d421b756a
Connecting to download.oracle.com (download.oracle.com)|72.246.43.25|:80... conn
ected.
HTTP request sent, awaiting response... 404 Not Found
2017-10-18 17:19:55 ERROR 404: Not Found.

download failed
Oracle JDK 8 is NOT installed.
dpkg: error processing package oracle-java8-installer (--configure):
subprocess installed post-installation script returned error exit status 1

Error bundle.sh on windows

Steps

git clone https://github.com/olacabs/jackhammer
sh ./docker-build.sh

Error :
bundle.sh: line 14: syntax error: unexpected end of file
ERROR: Service 'web' failed to build: The command '/bin/sh -c bash bundle.sh' returned a non-zero code: 2

....
Step 24/45 : RUN apt-get -y install phantomjs
 ---> Using cache
 ---> 7df46559ccf4
Step 25/45 : RUN git clone https://github.com/sstephenson/rbenv.git /root/.rbenv
 ---> Using cache
 ---> 3d1a5382230e
Step 26/45 : RUN git clone https://github.com/sstephenson/ruby-build.git /root/.rbenv/plugins/ruby-build
 ---> Using cache
 ---> 58056546a6a8
Step 27/45 : RUN echo 'eval "$(rbenv init -)"' >> $HOME/.profile
 ---> Using cache
 ---> 61646b84df75
Step 28/45 : RUN echo 'eval "$(rbenv init -)"' >> $HOME/.bashrc
 ---> Using cache
 ---> bde5f876ba4f
Step 29/45 : RUN rbenv install 2.3.0
 ---> Using cache
 ---> 4a6f74df5629
Step 30/45 : RUN rbenv global 2.3.0
 ---> Using cache
 ---> bb01c90f806c
Step 31/45 : RUN gem install bundler
 ---> Using cache
 ---> 6ef426968154
Step 32/45 : WORKDIR /tmp
 ---> Using cache
 ---> e611be2cb5eb
Step 33/45 : ADD app/Gemfile Gemfile
 ---> Using cache
 ---> c7fa32836b49
Step 34/45 : ADD app/Gemfile.lock Gemfile.lock
 ---> Using cache
 ---> ce773a4df4bc
Step 35/45 : ADD bundle.sh bundle.sh
 ---> aa196782f920
Removing intermediate container 0cb1e8f6b588
Step 36/45 : RUN bash bundle.sh
 ---> Running in 8f10ab2b7dc4
bundle.sh: line 14: syntax error: unexpected end of file
ERROR: Service 'web' failed to build: The command '/bin/sh -c bash bundle.sh' returned a non-zero code: 2

olacabs / jackhammer Goto Github PK

jackhammer's Introduction

Jackhammer:

What is Jackhammer?

Key Features:

Supported Vulnerability Scanners:

Static Analysis:

Finding hard coded secrets/tokens/creds:

Webapp:

Mobile App:

Wordpress:

Network:

Adding Custom (other open source/commercial /personal) Scanners:

Quick Start and Installation

Run the following commands for local setup (corporate mode):

Default credentials for local setup:

(For single user mode)

Restarting Jackhammer

User Guide

Demo

Demo Environment Link:

Default credentials:

jackhammer's People

Contributors

Stargazers

Watchers

Forkers

jackhammer's Issues

I am running the current version of Docker and just pulled and ran Jackhammer. I have a Mac, and when I do: sh ./docker-build.sh It seems to build properly but when I open a browser to http://localhost:5000 it can not connect. The docker-compose ps shows: Name Command State Ports

Recommend Projects

Recommend Topics

Recommend Org

I am running the current version of Docker and just pulled and ran Jackhammer. I have a Mac, and when I do:
sh ./docker-build.sh
It seems to build properly but when I open a browser to http://localhost:5000 it can not connect. The docker-compose ps shows:
Name Command State Ports