Linux command
gixy 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Analyze nginx config
gixy [/etc/nginx/nginx.conf]
Run only specific tests
gixy --tests [http_splitting,ssrf] [/etc/nginx/nginx.conf]
Output in JSON format
gixy -f json [/etc/nginx/nginx.conf]
Skip specific tests
gixy --skips [host_spoofing,low_keepalive_requests] [/etc/nginx/nginx.conf]
Report only high severity issues
gixy -lll [/etc/nginx/nginx.conf]
说明
gixy analyzes nginx configuration files for security issues. It detects common misconfigurations that could lead to vulnerabilities like SSRF, host spoofing, and path traversal. The tool includes plugins for various security checks and provides detailed explanations of issues found. It is used in security audits and CI pipelines to catch nginx misconfigurations before deployment.
参数
- --tests _TESTS_
- Comma-separated list of tests to run.
- --skips _TESTS_
- Comma-separated list of tests to skip.
- -l, --level
- Report issues of a given severity level or higher. Use -l for LOW, -ll for MEDIUM, -lll for HIGH.
- -f _FORMAT_, --format _FORMAT_
- Output format: text, json, console.
- -o _FILE_, --output _FILE_
- Write report to a file.
- -c _FILE_, --config _FILE_
- Path to configuration file.
- -d, --debug
- Enable debug mode.
- --disable-includes
- Disable processing of include directives.
- --help
- Display help information.
FAQ
What is the gixy command used for?
gixy analyzes nginx configuration files for security issues. It detects common misconfigurations that could lead to vulnerabilities like SSRF, host spoofing, and path traversal. The tool includes plugins for various security checks and provides detailed explanations of issues found. It is used in security audits and CI pipelines to catch nginx misconfigurations before deployment.
How do I run a basic gixy example?
Run `gixy [/etc/nginx/nginx.conf]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does --tests _TESTS_ do in gixy?
Comma-separated list of tests to run.