Black Candy is an open-source web application scanner designed to help security professionals and developers to identify security vulnerabilities in web applications. In this tutorial, we will guide you through the installation process of Black Candy on Debian Latest. We assume that you have already installed Debian on your system.
Before you start with the installation process, you need to make sure that the following packages are installed on your system:
gitpython3python3-piplibcurl4-openssl-devlibssl-devlibxml2libxml2-devlibxslt1.1libxslt1-devYou can install these packages by running the following command:
$ sudo apt update
$ sudo apt install git python3 python3-pip libcurl4-openssl-dev libssl-dev libxml2 libxml2-dev libxslt1.1 libxslt1-dev
First, you need to clone the Black Candy repository from GitHub using the following command:
$ git clone https://github.com/blackcandy-org/black_candy.git
$ cd black_candy
Next, you need to install the Python dependencies required for Black Candy. You can install these dependencies using the following command:
$ sudo pip3 install -r requirements.txt
Before you can start using Black Candy, you need to configure it by editing the config.yml file. You can do this by running the following command:
$ cp black_candy/config/example.config.yml black_candy/config/config.yml
$ nano black_candy/config/config.yml
In the config.yml file, you need to specify the targets that you want to scan. You can do this by editing the targets section of the file. For example, you can add the following line:
targets:
- https://example.com
You can also configure other parameters such as the scanner options, crawler options, and report options. Once you have configured Black Candy, save the changes and exit the text editor.
You are now ready to run Black Candy on your targets. You can do this by running the following command:
$ python3 black_candy.py scan
This will start the scanning process and generate a report in the reports directory. Once the scan is complete, you can view the report by opening the HTML file in a web browser.
Congratulations! You have successfully installed Black Candy on Debian Latest. You can now use Black Candy to identify security vulnerabilities in your web applications. Keep in mind that Black Candy is a powerful tool that can have serious consequences if used improperly. Always test on your own web applications or with written consent from the owner of the target before scanning any site.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!
