Every scan you want to perform is made by using the Chorizo! UI, which is displayed in your own webpages.
The first item on the console is named "Check the current page".
If you click on this "Check the current page" link, Chorizo! scans the page you are currently on and only that page. When the scan has started, the view will automatically switch to the "Status" tab and will display the tests that Chorizo! is performing on this page currently:
You might notice the red close button. If you click on this button, you can stop the scan process. This might be useful especially if you scan recursively (only available in the commercial version) where up to 10,000 tests will be performed. The smiley indicates if Chorizo! has found some bugs. If everything is fine, the smiley will be happy. If Chorizo! found some bugs, the smiley turns into an angry smiley.
After the tests were performed, Chorizo! presents you a brief overview of the security issues it has found (please refer to "Analyze the results" about how to deal with the found issues):
You can click on each found issue, which opens up a fully draggable layer with more details about this issue. This is a short overview for each security issue. You can get more detailed information and statistics on the report page, which will be explained in the Analyze chapter.
The second item on the UI is named "Scan recursive":
Using this mode Chorizo! is able to scan a page recursively, i.e. scan also all links on the webpage and the child links of the links etc. You can specify the depth of the scan.
Be careful: the greater the depth, the longer the tests are running and penetrating your website! Furthermore, only links to your site will be scanned - no external links.
When the scan has started, the view will automatically switch to the "Status" tab and will display the tests that Chorizo! is performing currently. You are able to stop the scan using the red cross button on top of the Chorizo! UI.
During the scan Chorizo! gives you a brief overview on the security issues it has found:
Please refer to the Analyze chapter to see how to deal with the results.
The third scan mode Chorizo! provides is called "Scanning while browsing":
This mode enables you to scan while you are surfing your site. It is extremely useful if you want to check multi-page forms or login areas. Just surf your website like you would do: all requests and tests are made automatically in the background. You can view all the results on the Reports page that is explained in the Analyze chapter.
We encourage you to use this mode, it is known for delivering the best results!
Chorizo! is based on a plugin architecture. With this architecture we are able to provide you with new scan plugins that are able to test for new security flaws. Sometimes, however, it might be useful to deactivate some of the plugins.
To give you a rough overview about the plugins that are available for your account, please go to the "Checks" tab in the Chorizo! UI:
In this screen you can see each plugin family Chorizo! offers. Every plugin family consists of several plugins where each single plugin performs one test. By default, all plugin families are activated. You can deactivate i.e. the "PHP Versions" plugin by deselecting the corresponding checkbox.
Check out the video tutorial where you can see how to make a real life scan. Flash plugin is required.