Built-In Service Checks

Standard Checks

DNS

This service type will query the team’s DNS server for a record matching the service’s url. The check uses the following command:

dig <dns_server> +nocmd +short +noidentif +nocomments +nostats +time=5 <service_url>

SFTPS

This is a multi-protocol check that will use FTP or SFTP depending on the port number.

This check requires credentials.

FTP

This service type will check, in the following order:

  • FTPS

  • FTP

If FTPS fails, it will fallback to FTP.

This check requires credentials.

HTTP

Checks that an HTTP server is up.

If “http_string” is provided, this check will fail if the given string does not exist in the server’s response.

This check will send HTTP basic auth headers if credentials are given, but they are not required.

HTTP Form

New in version 2.0.

Checks that an HTTP(S) server is up, and that a user is able to submit a form and receive the correct response. This is useful to test form-based authentication.

If `http_string` is provided, this check will return a partial score

(configurable with `partial_score`, otherwise `max_score` / 2) if the server provides the form but the given string does not exist in the server’s response after form POST. If the string is not provided, the check will succeed on a non-error HTTP code.

`username_field` and `password_field` can be used to specify the HTML name attribute of the input fields. These will fallback to “username” and “password”, respectively. Other pre-populated fields such as CSRF tokens will be detected and used automatically.

This check requires credentials.

SSH

Changed in version 2.0.

This service type checks that an SSH server is up and that the supplied credentials are allowed to log in. Upon connecting, the check will attempt to run the command specified in the Django setting SSH_COMMAND or the command service configuration value if it is specified. If the commad starts with sudo, this check will handle that. In either case, the check will succeed if the command returns a non-error code.

This check requires credentials.

Port Check

Simply checks that a port is open and listening.

Other Checks

  • SMTP

  • SFTP

  • Remote Desktop Protocol

  • POP3

  • LDAP

  • IMAP

Mass Checks

JSON

New in version 2.2.

This service check reaches out to an external scanning service for a list of scores, rather than doing the scoring itself. The standard field url field in the service check object is not used, instead using a required configuration parameter master_url. This is done to prevent leaking the location of the scanner to teams.

The JSON returned by the scanner is expected to follow the following standard:

{
   "teams":{
      "1": {
         "status": "up",
         "msg": ""
      }, "2": {
         "status": "errored",
         "msg": "Why the check errored"
      }, "3": {
         "status": "Message returned by the down service, or reason to be down.",
         "msg": ""
      }
   }
}

A full example for all 40 teams can be found here.