StackHawk

___________________________________________________________

What hosts and ports does HawkScan need access to in order to run scans and gather scan data?

HawkScan authenticates to the StackHawk platform and uploads scan data to signed S3 URLs on AWS. It also directly accesses the application being scanned. 

- HawkScan's authentication service
- cnames to <code>auth.prod.stackhawk.com</code>

- build an FQDN rule in the firewall to allow access auth.stackhawk.com on TCP destination port 443

- What is it? 
 - HawkScan's authentication service
 - cnames to <code>auth.prod.stackhawk.com</code>
- How to access it? 
 - build an FQDN rule in the firewall to allow access auth.stackhawk.com on TCP destination port 443

- HawkScan's api service
- cnames to <code>api.prod.stackhawk.com</code>

- build an FQDN rule in the firewall to allow access api.stackhawk.com on TCP destination port 443

- What is it?
 - HawkScan's api service
 - cnames to <code>api.prod.stackhawk.com</code>
- How to access it?
 - build an FQDN rule in the firewall to allow access api.stackhawk.com on TCP destination port 443

- When HawkScan generates scan results, it uploads these to signed S3 URL's, where they become available at app.stackhack.com

- Ensure that <a href="https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html" rel="nofollow noopener noreferrer" target="_blank">AWS' S3 IP address ranges</a> are accessible from the system running HawkScan (Docker host, laptop running CLI)

- What is it?
 - When HawkScan generates scan results, it uploads these to signed S3 URL's, where they become available at app.stackhack.com
- How to access it?
 - Ensure that <a href="https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html" rel="nofollow noopener noreferrer" target="_blank">AWS' S3 IP address ranges</a> are accessible from the system running HawkScan (Docker host, laptop running CLI)

- Docker-based scanning:
 - Make sure the docker host can reach the host and port of the application to be scanned
 - See these troubleshooting Resources if encountering issues here:
 - <a href="https://docs.stackhawk.com/hawkscan/troubleshooting.html#networking-option" rel="nofollow noopener noreferrer" target="_blank">Use docker host networking</a>
 - <a href="https://docs.stackhawk.com/hawkscan/troubleshooting.html#networking" rel="nofollow noopener noreferrer" target="_blank">Permitted ports</a>
- CLI-based scanning:
 - Make sure the system (e.g., laptop) that the CLI scanner is running from can reach the host and port of the application to be scanned

- What is it?
 - Applications being scanned by HawkScan
- How to access it?
 - Docker-based scanning:
 - Make sure the docker host can reach the host and port of the application to be scanned
 - See these troubleshooting Resources if encountering issues here:
 - <a href="https://docs.stackhawk.com/hawkscan/troubleshooting.html#networking-option" rel="nofollow noopener noreferrer" target="_blank">Use docker host networking</a>
 - <a href="https://docs.stackhawk.com/hawkscan/troubleshooting.html#networking" rel="nofollow noopener noreferrer" target="_blank">Permitted ports</a>
 - CLI-based scanning:
 - Make sure the system (e.g., laptop) that the CLI scanner is running from can reach the host and port of the application to be scanned
 
 ___________________________________________________________

Question:

Answer:

Requirements Summary

Detailed Requirements

`auth.stackhawk.com`

`api.stackhawk.com`

S3

Target Applications

Endpoint	Port
auth.stackhawk.com	443
api.stackhawk.com	443
AWS S3 (IP range)	443
Target Application	variable