Acunetix is not just a web vulnerability scanner. With the deployment in a docker environment, just one person with one computer, this complete web application security testing solution can be used as standalone scanning tool to complete a complex scanning task.

This post shows how to search, install AWVS docker using command line or Portainer, and how to change default credential information. 

From Acunetix minimum system requeirements documentation, minimum of 2GB Ram will be required. Based on my testing, 1GB Ram is also working well. 

[root@OCP1-CentOS8 ~]# free
              total        used        free      shared  buff/cache   available
Mem:         823684      258292      120892        1904      444500      553072
Swap:           0            0         0

Check post  “Change SWAP Size to Improve Low Memory Cloud VM Reliability “for how to change your swap size. 


Basic command: 

wget https://raw.githubusercontent.com/51sec/swap/main/swap.sh && bash swap.sh

Search AWVS docker

The easiest way to find out which AWVS image you should use is to search and use the one having the most stars.

test@test1:~# sudo -i
root@test1:~# docker search awvs
NAME                       DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
secfa/docker-awvs          AWVS 14.4.210816098  Linux Version Crack By …   53                   
leishianquan/awvs-nessus                                                   21                   
xrsec/awvs                 Awvs 14 Scanner、fahai                           5                    
lazj/awvs13                                                                1                    
tiancizzz/awvs             一款知名的网络漏洞扫描工具                                   1                    
k3rwin/awvs13                                                              0                    
hangezhao/awvs                                                             0                    
xxlm/awvs13cn                                                              0                    
smarttang/awvs_2019_07                                                     0                    
xfantasy/awvs                                                              0                    
110110/awvs13                                                              0                    
zeyanlin/awvs                                                              0                    
jstang/awvs                配置了API密钥的容器镜像                                   0                    
littlehoury/awvs           A wonderful virtual sleep                       0                    
meterpreter/awvs                                                           0                    
yakoazz/awvsnessus                                                         0                    
saline/awvsengine                                                          0                    
evil0x0/awvs                                                               0                    
sigle0724/awvs                                                             0                    
xschur666/awvs                                                             0                    
nienie/awvs13                                                              0                    
yimingy72/awvs14                                                           0                    
cure0jvs/awvs-engine                                                       0                    
ganl/awvs                                                                  0                    
srsecmmm/awvs13            分布式部署                                           0                    
root@test1:~# 


secfa/docker-awvs has the most stars than other docker docker images.

Docker hub: https://hub.docker.com/r/secfa/docker-awvs

Create AWVS container


From Command line:

root@test1:~# docker pull secfa/docker-awvs
Using default tag: latest
latest: Pulling from secfa/docker-awvs
Digest: sha256:b2737b3decd0729a2f87a803f6b539ef63519fd24e938a9b7c31e9faf4ca7a10
Status: Image is up to date for secfa/docker-awvs:latest
docker.io/secfa/docker-awvs:latest
root@test1:~# 
root@test1:~# docker run -it -d -p 3443:3443 secfa/docker-awvs

From Portainer:

I am using port 3443 to map into docker’s 3443. On your cloud VPS, please make sure port 3443 has been opened for AWVS web gui access. 

Access AVWS and Change Username/Email + Password

Log in Web Gui

Once AWVS docker is up and running, visit https://YOUR_Public_IP:3443/

Default Credential for login:

You can change password after logged in. 

Change Password:

Change Email / Username:

From Command line:

docker ps                    //查看容器,找到相应id
docker exec -it id /bin/bash //进入容器
cd /home/acunetix/.acunetix
./change_credentials.sh
Or from Portainer

Add a Target to Scan

Add Tragets:


Scan Result:


YouTube:
  • Install and Configure Automated Web Application Security Testing Tool (Acunetix) in Windows


References

By Jon

One thought on “AWVS (Acunetix Web Vulnerability Scanner) Docker Installation”

Leave a Reply to Acunetix 網頁掃描軟體 – 資安部落客Cancel reply