Docker and Paskto – Passive Web Scanner

 Paskto will passively scan the web using the Common Crawl internet index either by downloading the indexes on request or parsing data from your local system. URLs are then processed through Nikto and known URL lists to identify interesting content. Hash signatures are also used to identify known default content for some IoT devices or web applications.

Installation

You can install Paskto by copy & paste this to console or you can play with this tool in my docker image. Tested on Ubuntu:16.04

RUN apt-get install -y sudo && \
    apt-get install -y curl && \
    apt-get install -y git && \
    curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - && \
    apt-get install -y nodejs && \
    git clone https://github.com/szalek/paskto /home/paskto && \
    chmod +x /home/paskto/paskto.js && \
    /bin/sed -i '1s/^/#!\/usr\/bin\/env node\n/' /home/paskto/paskto.js && \
    ln -s /home/paskto/paskto.js /usr/bin/paskto

Docker image

My pentest-tool docker image already contains Paskto

https://hub.docker.com/r/szalek/pentest-tools/


More info here

http://www.kitploit.com/2017/11/paskto-passive-web-scanner.html
https://github.com/cloudtracer/paskto