Skip to content

Creating Custom Runbooks

Learn how to create custom runbooks tailored to your specific security testing needs.

Overview

Custom runbooks allow you to create reusable testing workflows that match your organization's requirements and methodologies.

Creating a Runbook

Step 1: Plan Your Runbook

Define: - Objective: What are you testing? - Target Type: Web app, network, API? - Modules Needed: Which tools? - Execution Order: What sequence? - Expected Results: What should you find?

Step 2: Create in Web UI

  1. Navigate to Attack Platform → Runbooks
  2. Click Create Runbook
  3. Fill in basic information
  4. Add modules
  5. Configure each module
  6. Test the runbook
  7. Save
📸 Screenshot: Create runbook form

Step 3: Add Modules

For Each Module: 1. Click Add Module 2. Select tool (Nmap, Nikto, Nuclei, etc.) 3. Configure options 4. Set execution order 5. Add conditions (optional)

Step 4: Configure Options

Module Options: - Tool-specific parameters - Timeout settings - Output preferences - Error handling

Step 5: Test

Testing Process: 1. Select test target 2. Run runbook 3. Review results 4. Adjust as needed 5. Retest

Step 6: Save and Share

Save Options: - Private (only you) - Team (your organization) - Public (all users)

Module Configuration

Available Modules

See Modules Overview for complete list of available security testing modules.

Module Options

Each module has specific configuration options. Common options include: - Target specification - Scan depth - Timing/speed - Output format

Example Runbooks

Example 1: Quick Web Scan

name: "Quick Web Security Scan"
description: "Fast web application security assessment"

modules:
  - name: "Port Scan"
    tool: "nmap"
    options:
      ports: "80,443,8080,8443"
      scan_type: "syn"

  - name: "Web Scan"
    tool: "nikto"
    options:
      tuning: "1,2,3"
      timeout: "300"

  - name: "Vulnerability Scan"
    tool: "nuclei"
    options:
      severity: "critical,high"
      templates: "cves,exposures"

Example 2: Comprehensive Network Scan

name: "Full Network Assessment"
description: "Comprehensive network security scan"

modules:
  - name: "Host Discovery"
    tool: "nmap"
    options:
      scan_type: "ping"

  - name: "Port Scan"
    tool: "nmap"
    options:
      ports: "1-65535"
      scan_type: "syn"

  - name: "Service Detection"
    tool: "nmap"
    options:
      version_detection: true
      os_detection: true

  - name: "Vulnerability Scan"
    tool: "nuclei"
    options:
      severity: "all"

Best Practices

✅ Start Simple: Begin with basic runbooks
✅ Test Thoroughly: Validate on test targets
✅ Document Well: Clear names and descriptions
✅ Version Control: Track changes
✅ Share Knowledge: Collaborate with team
✅ Optimize: Improve based on results

Troubleshooting

Module Won't Add

Check: - Module compatibility - Required parameters - Dependencies

Runbook Fails

Review: - Module configuration - Target accessibility - Parameter validity - Logs for errors

Related: Runbooks Overview | Attack Trees | Modules