Asset inventory tracking and security scanners.
For AWS, check aws-cdk folder
# Clone this repo
git clone https://github.com/surface-security/surface/
# Create a `local.env` for any custom settings
touch surface/local.env
# Launch the docker stack
docker compose -f dev/docker-compose-in-a-box.yml up
# Run the "quick start" script - choose password for `admin` user
dev/box_setup.sh
Open http://localhost:8080 and login as admin
.
box_setup.sh
created a local
Rootbox and added the example
, httpx
and nmap
scanners images (all from here).
You might need to reload nginx
and Surface
so the migrations and the webserver are put in effect. You can do so with docker container restart dev-nginx-1 dev-surface-1
.
Quick check:
- add IPAddress or DNSRecord (and tag it
is_external
), create aScanner
usingexample
image and chooseRun scanner
from the actions dropdown - check scan logs
We have in-depth documentation and instructions on this repository's wiki page.