-
Notifications
You must be signed in to change notification settings - Fork 115
BCheck Types
BChecks can be categorized as either passive or active.
These cannot issue requests and can only infer the presence of vulnerabilities based on the response provided to the seed request. A passive BCheck should use the construct:
given response then
The Response-level (passive) BCheck template which checks for a leaked AWS Access Key IDs is an example of a passive BCheck.
Active requests can issue additional requests to probe for specific vulnerabilities. They can be further broken down based on the granularity with which they are executed:
These will be executed once per host and use the construct:
given host then
The Host-level BCheck template which checks for exposed Git directories is an example of a host level BCheck.
These will be executed once per path. E.g. if a host has audit items /example/alpha.php and /example/beta.php then a per path BCheck will only be executed once. Path level BChecks use the construct:
given path then
The Path-level BCheck template which checks for exposed backup files is an example of a path level BCheck.
These will be executed once per audit item. Request level BChecks use the construct:
given request then
The Log4Shell (collaborator) BCheck template which checks for Log4Shell is an example of a request level BCheck.
These will be executed once per insertion point for each audit item. Insertion point level BChecks use the construct:
given insertion point then
Note that the insertion points can be filtered using additional keywords. See here for more details.
The Insertion-point-level BCheck template which checks for suspicious input transformation is an example of a insertion point level BCheck.