Prancer PAC CLI
It is possible to integrate Prancer PAC pentesting in the CI / CD pipeline to integrate with your current SDLC process tightly. To do so, you will use Prancer PAC CLI to run the pentesting.
make sure the following binaries are installed on your CI machine:
How to Install Prancer Pac
To Install Prancer PAC, you can flow these steps:
Download prancer-pac installer
Extract download file
If extract for the first time, You will run chmod command for install.sh:
sudo chmod 0777 install.sh
To Install Prancer PAC, you can run the following command:
To make sure prancer-pac is installed successfully, you can run this command:
$ prancer-pac version The version of prancer pac is 0.1.4-beta linux/amd64
Defining variables in PAC tool to run Prancer PAC in your pipeline, you need to define some variables.
Prancer API token
Generate a user access token from Prancer SaaS solution How to generate token in Prancer SaaS
You should define this variable as
APITOKEN in your CI tool. Add this as a secret.
Pentest Configuration ID
you need to get target configoration, you need go to admin panel and choose PAC Management page from side bar and then choose your config and press in pac configuration and finally copy config id.
How to run
For run pentest without authentication run following command:
prancer-pac pentest --customer YOUR_CUSTOMER_ID --token APITOKEN --config CONFIGURATION_ID
For run pentest with authentication run following command:
prancer-pac pentest --customer YOUR_CUSTOMER_ID --token APITOKEN --config CONFIGURATION_ID auth --username USERNAME --password PASSWORD
[short description] Pentest command prepare an enviroment to set your information and create zap enviroment to start test.
### The pentest flags
-c, --config=> Config is the id of configuration that, it will going to extract required data from prancer database for setting up pentest configurations
-i, --customer =>Customer should pass for getting jwt token
-e, --env=> Set your working enviroment. the list including dev,qa and prod. (default is prod) (default "prod")
-t, --token=> Access token should passed as prameter for getting jwt token so prancer-cli be able to send request to portal
-o, --output=> Output field will use to get out put in terminal and out put support json and normal (Default=normal) (default "normal")
-p, --port=> Set your available port for proxy docker port on your system, default is 8080 (default 8080)
-s, --silent=> Silent field will use to ignore the details of terminal
-h, --help=> Help for pentest
The pentest available commands
auth=> [short description] this part used in pentest with auth and flags list are :
-u, --username=> Enter your target user name for authorize
-p, --password=> Enter your target user name for authorize