Skip to content

Scanner

The Scanner is Caido's official template-based, vulnerability detection engine that brings automated security testing capabilities to Caido.

INFO

The Scanner is available for installation in the Official tab of the Plugin interface.

The Scanner plugin listed in the Official tab.

Checks

The templates utilized by the plugin are referred to as "checks" and contain the logic for identifying specific security issues.

To view the checks available, navigate to the Scanner plugin interface and click on the Checks tab.

Each check is listed as a table row. A check's metadata information, including a description of the vulnerability tested for and categorical tags, can be viewed by clicking on the button attached to its row. The metadata also includes a check's:

  • Type: Passive type checks are silent enough to run in the background without causing noise. Active type checks require more noticible interaction with the target.
  • Aggressivity: The number of requests that are generated and sent.
The expanded details section of the Command Injection check row.

Selecting Checks

The Scanner plugin runs checks either passively as traffic is proxied through Caido or actively against manually selected requests.

To include or exclude a check in either passive or active scanning, click on it's associated checkbox in the Passive or Active column.

The list of checks in the Checks tab of the Scanner plugin.

Check Presets

Predefined selections of passive and active checks are available as check presets. To save your current selection of checks as a custom preset, click on the + New Preset button.

Passive Scanning

By default, once the Scanner plugin is installed, passive scanning is enabled against in-scope proxied traffic. To disable passive scanning or apply it to all proxied traffic, navigate to the Settings tab interface.

This interface also includes rate limiting options and allows you to select the vulnerability severity levels that should generate findings upon detection.

The Settings tab of the Scanner plugin.

Active Scanning

To execute a scan manually against a specific request right-click within a request pane or on a traffic table row, hover your mouse cursor over Plugins and Scanner, and select Run Active Scanner to open the Scan Launcher window.

TIP

To scan multiple requests, either CTRL + click select multiple rows or select a range of rows with SHIFT + click.

The Run Active Scanner context menu option.

All requests that the scan will be applied to will be listed in the Targets tab.

The target requests of the scan.

Additional configuration options for active scans are available in the Configuration tab.

The configuration options available to active scans.

Once the active scan is configured, click on the Run Scan button to run the enabled active checks.

In addition to generating findings, the results of ongoing and completed active scans are available in the Dashboard tab interface.

TIP

To interupt an in-progress active scan, click on the Cancel button.

The Dashboard tab interface.