Skip to content

Commit

Permalink
Breaking out PDCP Free
Browse files Browse the repository at this point in the history
  • Loading branch information
@ccosta-pd
ccosta-pd committed Jan 31, 2024
1 parent a283cef commit a1541bc
Show file tree
Hide file tree
Showing 8 changed files with 268 additions and 198 deletions.
36 changes: 36 additions & 0 deletions cloud/free/advanced.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
title: "Advanced Integration"
description: "Implement Advanced Integration Settings for Your PDCP Setup"
sidebarTitle: "Advanced Integration"
---

## Overview

For users who want to apply some additional settings, ProductDiscovery Cloud Platform includes support in the free tier for some additional integraetin and scan options. Those options are outlined below.

If you have questions or need assitance, reach out to us through any of the [Help options](/help).

## Advanced Integration Options

### Setting API key via environment variable

To avoid entering your API key through the command line you can set it via environment variable. Note: Your configured PDCP API key stored in `$HOME/.pdcp/credentials.yaml`

```sh
export PDCP_API_KEY=XXXX-XXXX
```

### Enable scan result upload by default

If you want all your scans to automatically upload results to PDCP, enable the `ENABLE_CLOUD_UPLOAD` environment variable.

```sh
export ENABLE_CLOUD_UPLOAD=true
```

### Disabling PDCP upload warnings

To suppress warnings about result uploads, disable the `DISABLE_CLOUD_UPLOAD_WRN` environment variable.

```sh
export DISABLE_CLOUD_UPLOAD_WRN=true
65 changes: 65 additions & 0 deletions cloud/free/nuclei-setup.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
title: "Setting up Nuclei"
description: "Walk through the steps to install Nuclei to connect to PDCP"
sidebarTitle: "Nuclei Setup"
---

## Overview

Connecting to the free tier of PDCP requires setting up Nuclei to run your scans. You'll need to install Go, update your $PATH, and install Nuclei. Steps for each of those configurations are below.

### Install Go

ProjectDiscovery runs on any operating system that supports Go, but these steps use Linux.

For instructions on installing Go for an OS besides Linux [check out this post on our blog](https://blog.projectdiscovery.io/getting-started-with-projectdiscovery-in-linux-and-windows/)
or refer to the installation instructions [available through the Go website](https://go.dev/doc/install).

<Steps>
<Step title="Get the latest version">
Download and install [the latest version of Go](https://go.dev/doc/install).
</Step>
<Step title="Verify the version">
After downloading and installing run `go version` to verify that you are running the latest version (_v 1.21 at the time of writing_)
</Step>
</Steps>

### Update your $PATH

PATH is an environment variable on UNIX systems to define which directories contain executable programs.
The variable is set within the config file for your particular shell.

To run Nuclei the folder where it resides needs to be in the PATH. ProjectDiscovery binaries are stored in the go/bin directory which is usually in the home directory.

_Note: This folder is not automatically added to your PATH. Refer to the steps below to update it manually._

<Steps>
<Step title="Verify your GOPATH">
To verify your GOPATH Run `go env | grep GOPATH` in your terminal and copy the output path.
You may need to add a `/bin` to the end of this path for it to work correctly.
</Step>
<Step title="Open your shell config file">
Open the shell config file for your shell in an editor (this example refers to nano). The command is `nano ~/.zshrc` for zsh or `nano ~/.bashrc` for bash.

At the bottom of the file, add `export PATH=”$PATH:insert/go/path/here/bin”`, replacing `insert/go/path/here` with the GOPATH from Step 1.
</Step>
<Step title="Reset your terminal">
Run `source ~/.zshrc` or `source~/.bashrc` to reset your terminal and reload it with the new config added.
You can also just close your terminal and open it again for this to take effect.
</Step>
<Step title="Verify your updated PATH">
Your PATH should be updated.
Type `$PATH` to check that the go binary directory is added to the end.
</Step>
</Steps>

### Install Nuclei

<Steps>
<Step title="Install Nuclei with Go">
From your terminal run the following command `go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest`
</Step>
<Step title="Confirm installation">
To confirm installation, on your terminal run `nuclei -h` to see the list of options and flags available.
</Step>
</Steps>
40 changes: 40 additions & 0 deletions cloud/free/overview.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
title: "Getting Started with PDCP Free"
description: "Learn about getting started for free with ProjectDiscovery Cloud Platform"
sidebarTitle: "Getting Started"
---

## Overview

ProductDiscovery Cloud Platform (PDCP) is a hosted enterprise product for continuous visibility and vulnerability scanning. PDCP is currently offered [in two pricing tiers](https://projectdiscovery.io/pricing), Free and Teams.

The Free tier is a great way for existing ProjectDiscovery users, familiar with our open source solutions, to connect their Nuclei scans with PDCP

If you're new to ProjectDiscovery the Free tier is also a great way to get started with ​PDCP.

**The Free Tier includes:**
- Support to upload and view findings from Nuclei (_up to 1K per month_)
- Rescanning in PDCP
- Sharing of findings from PDCP
- [Template Editor](/editor/introduction) functionality and access to our AI Template Generator (_up to 50 per month_)

## What do I need?

To get started with PDCP you'll need two things:

- Scan results from Nuclei
- a PDCP Login/Setup

If you're already a Nuclei user, or you've walked through our [Getting Started example](/getstarted-overview) using Nuclei, you're most of the way there.

## What's in this User Guide?

In this documentation we're going to walk through:

- Installing Nuclei as a new user
- Setting up a new PDCP account
- Generating an API key and authenticating your account
- Connecting your Nuclei scan results to PDCP
- Viewing scan results and exploring some features

<Note> If you already have Nuclei scan results skip to **Run a Scan** to connect. </Note>
33 changes: 33 additions & 0 deletions cloud/free/pdcp-setup.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
title: "Setting up PDCP"
description: "Review your Nuclei scan results in ProjectDiscovery Cloud Platform"
sidebarTitle: "PDCP Setup"
---

## Overview

After setting up Nuclei, or if you're already a Nuclei user, you'll need to sign up for PDCP and connect Nuclei.

## Setup PDCP
Setup for PDCP will require signing up for an account and connecting that account with your Nuclei instance.

Follow these steps to sign up for a ProductDiscovery Cloud Platform (PDCP) account and connect your Nuclei scans.

1. Launch `cloud.projectdiscovery.io`.
2. Navigate to the Profile/Login menu at the top right and select the **Login** option.
3. Select your login preference (GitHub, Google, or email & password)
- Validate your account, if required, to complete the setup.
4. After setting up your account, login to PDCP and open the Profile/Login menu at the top right and select **API Key** to generate an API Key.
- Save your API Key information in a safe place, you'll need this to connect Nuclei to your PDCP account.

## Connect Nuclei to PDCP

After successfully setting up Nuclei and creating your PDCP account you will need to connect your Nuclei setup to PDCP.

1. Locate the API key you generated in PDCP
2. From a terminal window with your Nuclei installation, run the following command

```bash
nuclei -auth
```
3. Enter your API key when prompted.
72 changes: 72 additions & 0 deletions cloud/free/scan.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
---
title: "Connect Your Scan to PDCP"
description: "Review your Nuclei Scan Results in ProjectDiscovery Cloud Platform"
sidebarTitle: "Connect Your Scan"
---

## Overview

In this section we'll walk through the steps you need to run a scan in [Nuclei](/tools/nuclei/overview) and connect your scan to ProjectDiscovery Cloud Platform (PDCP).

## Run a Scan

From a terminal window with your Nuclei installation, run a scan.

**For example, a command might look like:**

```bash
nuclei -target http://honey.scanme.sh -cloud-upload
```

- This example uses a sample site from ProjectDiscovery (http://honey.scanme.sh)
- The `-cloud-upload` flag is required to share results with PDCP
- You can run this command against any URL you want (where you have the appropriate permissions)
- To reduce or narrow the scan results you can select a specific template folder for your scan
- For example `nuclei -u http://buffer.com -t dns/ -cloud-upload`

**And the output of your command (scan) would be:**

```console
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.1.0

projectdiscovery.io

[INF] Current nuclei version: v3.1.0 (latest)
[INF] Current nuclei-templates version: v9.6.9 (latest)
[INF] To view results on cloud dashboard, visit https://cloud.projectdiscovery.io/scans upon scan completion.
[INF] New templates added in latest release: 73
[INF] Templates loaded for current scan: 71
[INF] Executing 71 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.live
[CVE-2017-9506] [http] [medium] http://honey.scanme.sh/plugins/servlet/oauth/users/icon-uri?consumerUri=http://clk37fcdiuf176s376hgjzo3xsoq5bdad.oast.live
[CVE-2019-9978] [http] [medium] http://honey.scanme.sh/wp-admin/admin-post.php?swp_debug=load_options&swp_url=http://clk37fcdiuf176s376hgyk9ppdqe9a83z.oast.live
[CVE-2019-8451] [http] [medium] http://honey.scanme.sh/plugins/servlet/gadgets/makeRequest
[CVE-2015-8813] [http] [high] http://honey.scanme.sh/Umbraco/feedproxy.aspx?url=http://clk37fcdiuf176s376hgj885caqoc713k.oast.live
[CVE-2020-24148] [http] [critical] http://honey.scanme.sh/wp-admin/admin-ajax.php?action=moove_read_xml
[CVE-2020-5775] [http] [medium] http://honey.scanme.sh/external_content/retrieve/oembed?endpoint=http://clk37fcdiuf176s376hgyyxa48ih7jep5.oast.live&url=foo
[CVE-2020-7796] [http] [critical] http://honey.scanme.sh/zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://clk37fcdiuf176s376hgi9b8sd33se5sr.oast.live%23
[CVE-2017-18638] [http] [high] http://honey.scanme.sh/composer/send_email?to=hVsp@XOvw&url=http://clk37fcdiuf176s376hgyf8y81i9oju3e.oast.live
[CVE-2018-15517] [http] [high] http://honey.scanme.sh/index.php/System/MailConnect/host/clk37fcdiuf176s376hgi5j3fsht3dchj.oast.live/port/80/secure/
[CVE-2021-45967] [http] [critical] http://honey.scanme.sh/services/pluginscript/..;/..;/..;/getFavicon?host=clk37fcdiuf176s376hgh1y3xjzb3yjpy.oast.live
[CVE-2021-26855] [http] [critical] http://honey.scanme.sh/owa/auth/x.js
[INF] Scan results uploaded! View them at https://cloud.projectdiscovery.io/scans/clk37krsr14s73afc3ag
```

## Viewing Your Scan

After the scan is complete a URL will display on the command line interface. Visit this URL to check your results in PDCP.

<img src="/images/pdcp-result-dashboard.png" alt="PDCP Result Dashboard"/>

Your scan results will also be available in the Scan tab of PDCP with a generic system generated name. You can rename the scan to identify it later.

The scan "results" tab shows the scan results for all scans.

<Warning>
Nuclei scans connected and uploaded to PDCP are scheduled for automatic cleanup after 30 days. This duration is subject to change as we gauge user feedback and requirements.
</Warning>
Loading

0 comments on commit a1541bc

Please sign in to comment.