https://github.com/ciphermarco/BOAST

The BOAST Outpost for AppSec Testing: a server designed to receive and report Out-of-Band Application Security Testing (OAST) reactions.
https://github.com/ciphermarco/BOAST

appsec appsec-testing go golang security security-testing security-tools

Last synced: 26 days ago
JSON representation

The BOAST Outpost for AppSec Testing: a server designed to receive and report Out-of-Band Application Security Testing (OAST) reactions.

• Host: GitHub
• URL: https://github.com/ciphermarco/BOAST
• Owner: ciphermarco
• License: apache-2.0
• Created: 2020-09-14T17:08:37.000Z (about 4 years ago)
• Default Branch: master
• Last Pushed: 2024-07-30T18:14:16.000Z (5 months ago)
• Last Synced: 2024-11-09T02:02:48.015Z (about 1 month ago)
• Topics: appsec, appsec-testing, go, golang, security, security-testing, security-tools
• Language: Go
• Homepage:
• Size: 65.4 KB
• Stars: 60
• Watchers: 1
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• WebHackersWeapons - boast

README

        
# BOAST

**BOAST** is the **B**OAST **O**utpost for **A**ppSec **T**esting: a server designed to receive and report Out-of-Band Application Security Testing (OAST) reactions.

```

            ┌─────────────────────────┐ 

            |          BOAST          ◄──┐

          ┌─┤ (DNS, HTTP, HTTPS, ...) |  |     

          │ └─────────────────────────┘  │     

          │                              │     

Reactions │                              │ Reactions

          │                              │     

          │                              │     

          │                              │     

   ┌──────▼──────────┐   Payloads   ┌────┴────┐

   │ Testing client  ├──────────────► Target  │

   └─────────────────┘              └─────────┘

```

Some application security tests will only trigger out-of-band reactions from

the tested applications. These reactions will not be sent as a response to

the testing client and, due to their nature, will remain unseen when the

client is behind a NAT. To clearly observe these reactions, another component

is needed. This component must be freely reachable on the Internet and capable

of communicating using various protocols across multiple ports for maximum

impact. BOAST is that component.

BOAST features DNS, HTTP, and HTTPS protocol receivers, each supporting multiple

simultaneous ports. Implementing protocol receivers for new protocols or customising

existing ones to better suit your needs is almost as simple as implementing the protocol

interaction itself.

## Used By

BOAST is used by projects such as:

- [Zed Attack Proxy (ZAP)](https://www.zaproxy.org/)

## Documentation

https://github.com/ciphermarco/boast/tree/master/docs