Security Hub

Bring your software development workflows to security

icon-scanner

Security scanners

Signals & Triggers

On request
If user agent or path requested match security scanner signature

Actions

  • Log the malicious request Log the malicious request

Details

Security scanners are tools helping attackers or pentesters to discover potential vulnerabilities in an application. Security scanners range from very basic to advanced tools.

This plugin detects security scanners by looking at the user agents and the requested paths (matching known vulnerabilities, sensitive paths, data exposure, etc). Most of the requests made by a security scanner end up being 404 - not found.

Should the scanner discover a vulnerability, the related plugins will trigger and protect the application.

Advanced details

The plugin will check if the user agent is from a known security scanner. Those could be:

  • tinfoil
  • sqlmap
  • DirBuster
  • Nikto
  • Arachni
  • acunetix
  • and more

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals

Malicious requests


On attack
  • Request payload
  • Attacker IP
  • Attacker account (Sqreen SDK)

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" >> config/sqreen.yml

$ curl -s https://download.sqreen.io/php/install.sh > sqreen-install.sh && bash sqreen-install.sh your token

$ pip install sqreen

$ echo -e '[sqreen]\ntoken: your token' >> sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen-latest-all.jar

 

// Next, edit the JVM startup file:

-javaagent:/path/to/sqreen-agent.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 7 days · No credit card required Get started Request demo