Enterprise Recon 2.6.0

Websites

This section covers the following topics:

Licensing

For Sitewide Licenses, all scanned website Targets consume data from the Sitewide License data allowance limit.

For Non-Sitewide Licenses, website Targets require Server & DB Licenses, and consume data from the Server & DB License data allowance limit.

See Target Licenses for more information.

Requirements

Requirements Description
Proxy Agent Required Proxy Agents:
  • Windows Agent with database runtime components
  • Windows Agent
  • Linux Agent with database runtime components
  • Linux Agent
  • macOS Agent
TCP Allowed Connections
  • Port 80 for HTTP website.
  • Port 443 for HTTPS website.
  • All TCP ports used by the website.

Set Up a Website as a Target Location

  1. From the New Scan page, Add Targets.
  2. In the Select Target Type dialog box, select Server.
  3. In Enter New Target Hostname, enter the website domain name.
  4. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  5. Click Commit to add the Target.
  6. In the Select Types dialog box, select Websites.
  7. Under Websites section, select Website (http://) or SSL Website (https://).
  8. Fill in the fields as follows:

    Field Description
    (Optional) Path See Path Options table to understand the parameters available to configure a website scan.
    If Path field is left blank, only resources available at the Target website root directory will be scanned.
    (Optional) Credential Label Enter a descriptive label for the credential set.
    Only "Basic" HTTP authentication scheme credentials are supported.
    (Optional) Username Enter your user name.
    (Optional) Password Enter your password.
    Agent to act as proxy host

    The host name of the machine on which the Proxy Agent resides on. This selected Proxy Agent will be used to scan the website.

    Recommended Least Privilege User Approach

    To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.

  9. Click +Add customised.

Path Options

The following options can be defined in the Path field to setup a website Target scan:

Options Description
<folder>

Scan a specific directory on the website domain.

If <folder> is not defined in the Path field, only resources available at the Target website root directory will be scanned.

(port=<port>)

Define a custom port for the Proxy Agent to establish a connection with the server hosting the Target website.

If the Target website is hosted on a port other than the standard HTTP (80) or HTTPS (443) ports, the port option must be specified.

(depth=<depth>)

Specify the depth of the website scan:

  • If depth is not specified or (depth=0), the Agent will scan resources available only in the specified directory.
  • For (depth=x), the Agent will scan resources available in the specified directory and x levels down from the specified directory.

(proxy=<proxy>)

Specify the address of the HTTP proxy server.

If the Proxy Agent has to connect to the Target website via a HTTP proxy server, the proxy option must be specified.

The examples below describe the different scan scenarios based on the value in the Path field for a Target website hosted at http://www.example.com.

  1. folder1(depth=2)(port=8080)
    Proxy Agent will receive instructions to scan the resources available in the following directories on port 8080:
    • www.example.com:8080/folder1/*
    • www.example.com:8080/folder1/folder2a/*
    • www.example.com:8080/folder1/folder2a/folder3a/*
    • www.example.com:8080/folder1/folder2b/*
    • www.example.com:8080/folder1/folder2b/folder3b*
  2. (proxy=proxy.example.com) No folder or depth is defined. Proxy Agent will receive instructions to scan only the resources available in the root directory through the proxy server proxy.example.com:
    • www.example.com/*

Sub-domains

Sub-domains are considered individual Targets, therefore each sub-domain must be licensed and scanned separately from apex domains.

Three separate licenses are required to scan the Targets below:
  • www.example.com
  • example.com
  • subdomain.example.com