AWVS (Acunetix Web Vulnerability Scanner) Docker Installation

Acunetix is not just a web vulnerability scanner. With the deployment in a docker environment, just one person with one computer, this complete web application security testing solution can be used as standalone scanning tool to complete a complex scanning task.

This post shows how to search, install AWVS docker using command line or Portainer, and how to change default credential information. 

From Acunetix minimum system requeirements documentation, minimum of 2GB Ram will be required. Based on my testing, 1GB Ram is also working well. 

[root@OCP1-CentOS8 ~]# free
 total used free shared buff/cache available
Mem: 823684 258292 120892 1904 444500 553072
Swap:     0     0     0

Basic command: 

wget https://raw.githubusercontent.com/51sec/swap/main/swap.sh && bash swap.sh

Search AWVS docker

The easiest way to find out which AWVS image you should use is to search and use the one having the most stars.

test@test1:~# sudo -i
root@test1:~# docker search awvs
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
secfa/docker-awvs AWVS 14.4.210816098 Linux Version Crack By … 53 
leishianquan/awvs-nessus 21 
xrsec/awvs Awvs 14 Scanner、fahai 5 
lazj/awvs13 1 
tiancizzz/awvs 一款知名的网络漏洞扫描工具 1 
k3rwin/awvs13 0 
hangezhao/awvs 0 
xxlm/awvs13cn 0 
smarttang/awvs_2019_07 0 
xfantasy/awvs 0 
110110/awvs13 0 
zeyanlin/awvs 0 
jstang/awvs 配置了API密钥的容器镜像 0 
littlehoury/awvs A wonderful virtual sleep 0 
meterpreter/awvs 0 
yakoazz/awvsnessus 0 
saline/awvsengine 0 
evil0x0/awvs 0 
sigle0724/awvs 0 
xschur666/awvs 0 
nienie/awvs13 0 
yimingy72/awvs14 0 
cure0jvs/awvs-engine 0 
ganl/awvs 0 
srsecmmm/awvs13 分布式部署 0 
root@test1:~# 

secfa/docker-awvs has the most stars than other docker docker images.

Docker hub: https://hub.docker.com/r/secfa/docker-awvs

Create AWVS container

From Command line:

root@test1:~# docker pull secfa/docker-awvs
Using default tag: latest
latest: Pulling from secfa/docker-awvs
Digest: sha256:b2737b3decd0729a2f87a803f6b539ef63519fd24e938a9b7c31e9faf4ca7a10
Status: Image is up to date for secfa/docker-awvs:latest
docker.io/secfa/docker-awvs:latest
root@test1:~# 

root@test1:~# docker run -it -d -p 3443:3443 secfa/docker-awvs

From Portainer:

I am using port 3443 to map into docker's 3443. On your cloud VPS, please make sure port 3443 has been opened for AWVS web gui access. 

Access AVWS and Change Username/Email + Password

Log in Web Gui

Once AWVS docker is up and running, visit https://YOUR_Public_IP:3443/

Default Credential for login:

• Username:[email protected]
• password:Admin123

You can change password after logged in. 

Change Password:

Change Email / Username:

From Command line:

docker ps //查看容器,找到相应id
docker exec -it id /bin/bash //进入容器
cd /home/acunetix/.acunetix
./change_credentials.sh

Add a Target to Scan

Add Tragets:

References