HawkScan is highly configurable, accommodating multiple application types and their associated aspects such as authentication, path discovery (e.g., spidering), and API architecture.
If an application has an HTTP(S) endpoint, HawkScan can scan it, regardless of the underlying tech stack.
To that end, HawkScan requires that the
.host field be configured in
stackhawk.yml -- this represents the root URL of the application being scanned.
What do we mean by root URL?
HawkScan allows the following options for URL's in
an FQDN in a URL (
an IP:PORT in a URL (
localhost as URL
a domain as a URL (
this approach is uncommon -- scans should be granular, localized, and non-production in nature (for instance, in a
While the above examples use https, http (e.g.,
http://localhost:5000) is also an option within the URL
If not port is specified in the URL, the default http port (
80) or https port (
443) are assumed
But what about paths?
Specific paths (e.g., API paths such as
https://myapp.com/api/v2) can be scanned, but can't serve as the root of the application to be scanned.
If you have applications for which communication with the root application url is not allowed (i.e., only specific paths respond to http messages, but the root does not), reach out to StackHawk Support for assistance.
Set app.host according to the rules above
Configure HawkScan to populate the paths beneath the application root, via:
standard spider (on by default)
ajax spider (off by default)
manually enter app.spider.seedPaths entries to add additional starting points (relative to
app.host) for crawling
not for use for populating API Paths...see below
API configuration (to seed API paths to be scanned):
set up Authenticated scanning as applicable
Run a scan
Repeat after me: "KaaKaww!"