Giter Club home page Giter Club logo

overmind's Introduction

Overmind
Control Framework

david-prv - overmind maintained - yes issues - overminde PHP Composer

A small framework capable of running open-source vulnerability scanners to inspect and scan any kind of webpage

image

Disclaimer

This tool is not intended to be used for any criminal act. It's used to find vulnerabilites on websites whose owners have given me express permission to do so! You are responsible for all your decisions.

Roadmap

  • FIX final report layout
  • ADD sonar mode
  • ADD website auto-detection (selects e.g. "wordpress" automatically)
  • ADD more dependencies (components) for single pages
  • ADD customization option for engines (add own runners with corresponding requirements)
  • ADD json-import for engines
  • ADD AI-assistant for report analysis

Don't forget issues, that should be re-opened: label:willreopen

Requirements

  • Apache2
  • PHP (>= 8.2.0)
  • Python (>= 3.9.13)
  • Composer (>= 2.1.2)

Snapshot Structure

snapshot.zip/
├── _extra/
│   └── empty
├── _tools/
│   ├── sample
│   │   ├── sample.info
│   │   ├── sample.reference
│   │   ├── sample.schedule
│   │   └── sample.zip
│   └── sample2
│       ├── sample2.info
│       ├── sample2.reference
│       ├── sample2.schedule
│       └── sample2.zip
├── .author
└── .info

Installation

Clone repository:

git clone https://github.com/david-prv/overmind.git

Navigate into project's root folder:

cd overmind

Install dependencies:

composer install

Run compressor:

php compressor.php

Firing Up & Getting Started

This application is only meant to be running locally. It's not supposed to be a public accessible application in the web. To run a local instance, you can either use XAMPP to run a local web-server, or just launch a PHP development server.

# in project's root folder...
php -S localhost:8080

Now open a web browser and navigate to http://localhost:8080/. The Overmind framework should appear.

Information about what to do next will be provided here. For guests, check out the github wiki.

License

Released under GPL by @david-prv.

image

overmind's People

Contributors

david-prv avatar

Watchers

avatar

overmind's Issues

Interaction Mgr does not clear on tool removal

The scheduled inputs aren't removed when disintegrating a tool. This does not break the framework but may lead to issues for certain cases: assume the last deleted tool was interactive and also the last recently added tool (assume ID=7). Now, an user adds a new non-interactive tool to the framework. The scanner will eventually be assigned ID=7 (assuming that the topmost tool has ID=6). The interactions are still stored for ID=7, so, the framework may think that the newly integrated tool is interactive. This should not break the tool but may lead to confusions.

Compressor Exception 

PHP Fatal error:  Uncaught Error: Call to undefined function MatthiasMullie\PathConverter\mb_substr() in C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\path-converter\src\Converter.php:192
Stack trace:
#0 C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\path-converter\src\Converter.php(53): MatthiasMullie\PathConverter\Converter->dirname('C:\\Users\\david\\...')
#1 C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\minify\src\CSS.php(777): MatthiasMullie\PathConverter\Converter->__construct('C:\\Users\\david\\...', 'C:\\Users\\david\\...')
#2 C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\minify\src\CSS.php(339): MatthiasMullie\Minify\CSS->getPathConverter('C:\\Users\\david\\...', 'C:\\Users\\david\\...')
#3 C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\minify\src\Minify.php(152): MatthiasMullie\Minify\CSS->execute('C:\\Users\\david\\...')
#4 C:\Users\david\PhpstormProjects\scanner-bundle\compressor.php(81): MatthiasMullie\Minify\Minify->minify('C:\\Users\\david\\...')
#5 {main}
  thrown in C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\path-converter\src\Converter.php on line 192

Fatal error: Uncaught Error: Call to undefined function MatthiasMullie\PathConverter\mb_substr() in C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\path-converter\src\Converter.php:192
Stack trace:
#0 C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\path-converter\src\Converter.php(53): MatthiasMullie\PathConverter\Converter->dirname('C:\\Users\\david\\...')
#1 C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\minify\src\CSS.php(777): MatthiasMullie\PathConverter\Converter->__construct('C:\\Users\\david\\...', 'C:\\Users\\david\\...')
#2 C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\minify\src\CSS.php(339): MatthiasMullie\Minify\CSS->getPathConverter('C:\\Users\\david\\...', 'C:\\Users\\david\\...')
#3 C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\minify\src\Minify.php(152): MatthiasMullie\Minify\CSS->execute('C:\\Users\\david\\...')
#4 C:\Users\david\PhpstormProjects\scanner-bundle\compressor.php(81): MatthiasMullie\Minify\Minify->minify('C:\\Users\\david\\...')
#5 {main}
  thrown in C:\Users\david\PhpstormProjects\scanner-bundle\vendor\matthiasmullie\path-converter\src\Converter.php on line 192

PHP: v8.2.0

Snapshot Creator Namespace Issue

When creating a snapshot from an instance that has a different name then its namespace, the snapshot creator will be confused and puts an empty zip archive into _tools/sample. Familiar with #7

Remove reference file too when deleting a tool

Reference files are not removed at all, when disintegrating a tool. This is has already been considered during the development of the integration bot as possible bug, which is handled as a warning. The framework should clean-up the reference files too, for the same reasons as mentioned here: #2

Tool namespace does not need to be the tool's name

Snapshots created from an instance, where a git project was purely integrated, contain faulty information by default. The name is usually set manually, which does not need to match the namespace necessarily. When integrating a snapshot containing such an issue leads to "breaking" (or rather confusing) the runner. It reports:

Could not open input file: ~/scanner-bundle-main/app/tools/Wordpress-scanner-master/app.php
The tool is called Wordpress-scanner in the wordpress-scanner.info file. That's why the namespace was automatically set to Wordpress-scanner/ instead of Wordpress-scanner-master/

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.