Add example how to mount user & password lists into ncrack scans

Co-authored-by: Sebastian Franz <32578476+SebieF@users.noreply.github.com>

Author: J12934

scanners/ncrack/examples/dummy-ssh/README.md

@@ -2,11 +2,28 @@ In this example we execute an ncrack scan against the intentional vulnerable ssh
 
 ### Install dummy-ssh
 
-Before executing the scan, make sure to have dummy-ssh installed:
+Before executing the scan, make sure to have dummy-ssh installed, and have the proper username & password lists:
 
 ```bash
-helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait
-```
+# Create user & password list files, you can edit them later if you want
+echo "root\nadmin" > users.txt
+echo "THEPASSWORDYOUCREATED\n123456\npassword" > passwords.txt
 
+# Create a Kubernetes secret containing these files
+kubectl create secret generic --from-file users.txt --from-file passwords.txt ncrack-lists
 
+# Install dummy-ssh app. We'll use ncrack to enumerate its ssh username and password
+helm install dummy-ssh ./demo-apps/dummy-ssh/ --wait
 
+# Install the ncrack scanType and set mount the files from the ncrack-lists Kubernetes secret
+cat <<EOF | helm install ncrack ./scanners/ncrack --values -
+scannerJob:
+  extraVolumes:
+    - name: ncrack-lists
+      secret:
+        secretName: ncrack-lists
+  extraVolumeMounts:
+    - name: ncrack-lists
+      mountPath: "/ncrack/"
+EOF
+```

scanners/ncrack/examples/dummy-ssh/scan.yaml

@@ -5,8 +5,10 @@ metadata:
 spec:
   scanType: "ncrack"
   parameters:
+    # Enable verbose logging
     - -v
-    - --user=root,admin
-    - --pass=THEPASSWORDYOUCREATED,12345
+    - -U
+    - /ncrack/users.txt
+    - -P
+    - /ncrack/passwords.txt
     - ssh://dummy-ssh
-

scanners/ncrack/templates/ncrack-scan-type.yaml

@@ -19,3 +19,12 @@ spec:
               command: ["ncrack", "-oX", "/home/securecodebox/ncrack-results.xml"]
               resources:
                 {{- toYaml .Values.scannerJob.resources | nindent 16 }}
+              volumeMounts:
+              {{- if .Values.scannerJob.extraVolumeMounts }}
+              {{- toYaml .Values.scannerJob.extraVolumeMounts | nindent 14 }}
+              {{- end }}
+          volumes:
+          {{- if .Values.scannerJob.extraVolumes }}
+          {{- toYaml .Values.scannerJob.extraVolumes | nindent 10 }}
+          {{- end }}
+

scanners/ncrack/values.yaml

@@ -5,4 +5,5 @@ parserImage:
 
 scannerJob:
   resources: {}
-
+  extraVolumes: []
+  extraVolumeMounts: []