Nemesida WAF Scanner module installation and setup guide.

Nemesida WAF Scanner setup

The Nemesida WAF Scanner module is designed to detect web vulnerabilities in protected web applications.

Before installing and using the Nemesida WAF Scanner read the manuals carefully.

During its work the module makes requests to the nemesida-security.com to get information about vulnerabilities by Nemesida Vulnerability API and transmits the information about detected vulnerabilities into Cabinet by Nemesida WAF API.

Information transmitted by the Nemesida WAF Scanner when accessing the Nemesida Vulnerability API can be transferred to third-parties vulnerability databases.

Module installation on the server:

DebianUbuntuCentOS
# apt install apt-transport-https
Debian 9
# echo "deb https://repository.pentestit.ru/nw/debian stretch non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
Debian 10
# echo "deb https://repository.pentestit.ru/nw/debian buster non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# wget -O- https://repository.pentestit.ru/nw/gpg.key | apt-key add -
# apt update && apt upgrade
# apt install python3-pip python3-venv python3-dev postgresql-server-dev-all 
# apt install nwaf-scanner
# apt install apt-transport-https
16.04
# echo "deb [arch=amd64] https://repository.pentestit.ru/nw/ubuntu xenial non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# wget -O- https://repository.pentestit.ru/nw/gpg.key | apt-key add -

Connect Python 3.6 reposirory:

# apt install software-properties-common
# add-apt-repository ppa:deadsnakes/ppa

Install the packages:

# apt update && apt upgrade
# apt install python3.6 python3.6-venv python3.6-dev postgresql-server-dev-all gcc
# curl https://bootstrap.pypa.io/get-pip.py | python3.6 
18.04
# echo "deb [arch=amd64] https://repository.pentestit.ru/nw/ubuntu bionic non-free" > /etc/apt/sources.list.d/NemesidaWAF.list
# wget -O- https://repository.pentestit.ru/nw/gpg.key | apt-key add -
# apt update && apt upgrade
# apt install python3-pip python3-venv python3-dev postgresql-server-dev-all
# apt install nwaf-scanner

Connect repositories and install necessary dependencies:

# rpm -Uvh https://repository.pentestit.ru/nw/centos/nwaf-release-centos-7-1-6.noarch.rpm
# rpm -Uvh https://yum.postgresql.org/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm
# yum update
# yum install python36 python36-pip python36-devel postgresql11-devel gcc
# yum install nwaf-scanner

Add the necessary changes to the main configuration file /opt/nws/main.conf to set up the module.

main.conf settings
Default parameters
Parameter description

[main]
Main section.
nwaf_license_key
Parameter for specifying the license key of the Nemesida WAF Scanner module. If the parameter is not specified, the module will try to use the license key from the /etc/nginx/nwaf/conf/global/nwaf.conf file. In case the license key is not detected or is invalid, the module launch will end with the corresponding error.

sys_proxy
api_proxy
sys_proxy is the proxy server address for accessing to nemesida-security.com:443 (checking of the license key, accessing with Nemesida Vulnerability API). Example: sys_proxy=proxy.example.com:3128.

api_proxy is the proxy server address for accessing to Nemesida WAF API.
Example: api_proxy=proxy.example.com:3128.

api_host
Configure of API address for sending the scanning results into Nemesida WAF API. Example: api_host=http://localhost:8080.
verbose
The activation/deactivation parameter for displaying error information in to console.

[recheck]
Check vulnerabilities using Personal Account Nemesida WAF.
enable
The activation/deactivation parameter.
db_name
db_user
db_pass
db_host
Parameters of connecting to Personal Account Nemesida WAF database.

For setting scanning parameters in directory /opt/nws/conf/ create file(s) with extension conf. For every web application it is necessary to create individual configuration file.

Configuration file example.conf example
Default parameters
Parameter description

[scan]
Main section.
target
Web application address. For example: target = example.com
ssl
Connection activation/deactivation with using SSL/TLS request to the web application. For example: ssl = false.
scan_proxy
Proxy server address for requests to the web application. For example: scan_proxy = example.com:1111.
uri_list
File path uri.list, contains URI List, which was generated by Nemesidia AI MLC. For example: uri_list = /opt/mlc/bf/uri.list.

[auth]
Authorization section.
auth_uri
Web application page address for the authorization. For example: auth_uri = /login.
login
password
User’s name and password for authorization. For example: login = user and password = pass.