For over a year, I have been using a script that automates several of the initial steps taken when starting a new VAPT Project. Thanks to Docker and Homebrew, I am finally able to share this script and setup without worrying about the potential issues that could arise during the setup or the ad-hoc changes that would need to be made to the script if someone else were to use it.
What it does currently
Scans include checks for missing HTTP security headers, subdomains, SSL issues, port scans, service vulnerabilities, etc. by leveraging popular tools like Nikto, Nmap, TestSSL and others.
- More tools will be added in the future.
- This toolkit can be set up using Docker on Linux or macOS. For macOS users, VAPT Toolkit is also available via Homebrew.
I have set up the script and the required tools in a docker image as a toolkit to help automate the initial VAPT tests. All anyone who wants to use it has to do is pull the image from the Docker Hub at https://hub.docker.com/r/jinsonvarghese/vapt and run the container process, as explained below.
Steps to set it up
Install using Docker:
- Pull the image from Docker Hub:
docker pull jinsonvarghese/vapt
- Run the image and enter the Ubuntu base system terminal:
docker run -it jinsonvarghese/vapt
- Run a scan on any website using the command
vapt {{URL}}
, for examplevapt google.com
Install using Homebrew:
- For those who don’t have Homebrew installed, you can install it by running the following command in the macOS Terminal:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
- Install VAPT Toolkit via Homebrew:
brew install jinsonvarghese/toolkit/vapt
- Run scan:
vapt google.com
Tips
- After the Toolkit installation using Docker, save time by setting up aliases to run the docker image or start/attach container.
- For those unfamiliar, to restart and enter the toolkit’s base terminal on a stopped container, run
docker start --attach {{CONTAINER ID}}
.