Gryffin 是雅虎开发的一个大规模 Web 安全扫描平台。它不是另外一个扫描器,其主要目的是为了解决两个特定的问题 —— 覆盖率和伸缩性。
该平台采用 Go 语言开发,依赖:
-
Go
-
PhantomJS, v2
-
Sqlmap (for fuzzing SQLi)
-
Arachni (for fuzzing XSS and web vulnerabilities)
-
NSQ ,
-
running lookupd at port 4160,4161
-
running nsqd at port 4150,4151
-
with
--max-msg-size=5000000
-
Kibana and Elastic search, for dashboarding
-
listening to JSON over port 5000
-
Preconfigured docker image available in https://hub.docker.com/r/yukinying/elk/
