Scanning with the Artemis security scanner
2024-10-24 , Hollenfels

At CERT PL we periodically scan 500 thousands of domains and subdomains and automatically report found vulnerabilities and misconfigurations using the Artemis scanner (https://github.com/CERT-Polska/Artemis). Are you e.g. a CSIRT, hosting provider, or an university network administrator and want to set up a similar project?


During the training, you will learn how to set up and use Artemis. For best results you are encouraged to have a Linux virtual machine with Docker and Docker Compose and a list of domains to scan. During the training, you’ll configure Artemis and initiate a scan that will end with a package of e-mails ready to be sent to the affected entities. We recommend starting with a list of 100 domains.

Note that having a list of domains is not required. If you don't bring one, you will still learn how Artemis works and how to use it in practice. You will configure Artemis (or use a demo instance I will set up) and scan exemplary domains.

See also: slides (1.4 MB)

Senior Threat Analysis Specialist at CERT PL, currently working on automated vulnerability discovery techniques. Before becoming a security specialist, he's been a software engineer for more than ten years. Teaches offensive security at the University of Warsaw. Formerly a CTF player, playing with the p4 CTF team. Likes cats and bad puns.

This speaker also appears in: