evait-security / envizon Goto Github PK
View Code? Open in Web Editor NEWnetwork visualization & pentest reporting
Home Page: https://evait-security.github.io/envizon/
License: MIT License
network visualization & pentest reporting
Home Page: https://evait-security.github.io/envizon/
License: MIT License
also move, copy, etc. hosts spinner in button (not only blank)
Add trim funktion in the input field of the global search.
add an option to create screenshots from web applications / websites and embedd them into the single host view (quick preview).
suggestions:
https://github.com/maxwell/screencap
https://github.com/vitalie/webshot
Scanning large networks with nmap is not recommend. We will add an individual masscan interface soon. Hold on!
If someone changed the group content a notification or indicator has to send to all connected clients. Best case a rerender button is placed on the target group to notify the user that the group has to be rerendered before making any changes. (Lock mode)
It looks like the scans are starting one at a time and the setting for paralell scans will be ignored in the backend.
-sV -p-
on a target-p 80
on the same targettop
in the docker container (only the first is running)Add error msg to single host view if host does not exists.
Add the option to save / reuse complex queries in the group query interface.
To get a nice choice of icons including some brands for our groups we use fontawesome. The current icon picker is not the best choice and the fontawesome version is strongly outdated.
We searching for alternatives...
In the settings page you are be able to add & modify preconfigured scans. To get the power of the community to envizon itself we want your feedback so we can add your most favourite nmap scans.
New scan suggestions should be provided with the following information:
scan name: short description of the scan
nmap syntax: the exact syntax for nmap without output parameters
long description (optional): here you can explain your ideas and considerations for your scan
Each suggestion will be tested and maybe implemented directly in envizon with the information you provided.
If you start a scan e.g. with 500 targets, envizon should give you a capability to split the scan in smaller subscans.
After 10 secs visiting the scans page it will be refreshed by an ajax function and break the download scan functionality.
envizon hang on if you try to connect without https on the app port. after a while envizon reaches the socket limit and the application timed out.
Fix: add redirect
All groups are always fully rendered in the group view (including datatables) initially and on each change (move, copy, etc.). Performance suffers dramatically with a high amount of groups (> ~100).
Each group should be rendered individually once selected in the sidebar and should be removed (not only made invisible) from the html when clicking on the "close"-button. All visible groups should be re-rendered if any change (move, copy, etc.) happens. In order to implement this enhancement, the partial render group stuff has to be changed/rewritten. Furthermore a js-component needs to be written in order to select and re-render each visible group.
tl;dr
The performance with a high number of groups will improve in the future. We are on it!
The quick settings will get another section to add the possibility for changing or adding new preconfigured scans that can be selected in the drop down menu in the scan interface.
This will be a tough challenge...
maybe add list/view of /24 ranges (network view)
Thought about adding labels/fields for found exploits, based on nmap CVEs, through the API of circl.lu.
Not all CPE are checked over the circl.lu API, but only when a specific version is specified (for example: cpe:/a:microsoft:iis:7.5 and not cpe:/o:microsoft:windows).
Hello former colleagues,
we are using envizon when pentesting, too, and my fellow colleagues are loving the tool.
But we discovered, that when working with a giant range of ip-adresses and ordering them asc. or desc, the counting of envizon seems a bit odd. For example:
192.168.0.1
192.168.0.110
192.168.0.12
192.168.0.2
Would it be possible, that envizon will count in the usual manner and consider each triple as one big number, not as three separate numbers? Thanks in advance.
Add an option to download the finished scans from envizon as xml file in order import the scans in other tools.
git pull && docker-compose build
)docker-compose build
, the prebuilt images from the official repositories, or installed envizon without any problems on my ownIssues violating these prerequisites will be closed without further explanation. Furthermore, you will be haunted by your own shameful behavior for the rest of your life.
I want to change app port
3000 is under grafana.
What should i do?
Please describe the problem or idea with as much detail as possible.
Provide any information to reproduce the issue.
Unknown MySQL server host 'mysql' (-2)
error when trying to add an issue as issue template to remote database.
Instance deployed via Running from local git checkout.
Since version 3.0 the notification progress toasts are not rendered through the websocket connection. Maybe the docker container needs to be reconsidered.
We have to add more security relevant labels.
MS08-067 - should be no problem.
We are open to get more suggestions from the community.
If clients were modified from global search, all participating groups should locked on all viewers screen.
the results of an sV scan are overwritten when a simple scan is performed afterwards
-sV
becomes:80 | http | Apache httpd
80 | http | Unknown Product
Running from local git checkout steps are not correct or envizon_local docker image is bugged.
https://0bin.net/paste/OOsvz6EW#rxj9slgkdPfhMz+9uCYUpf-DhKJ3an3VJd0P4ghxd8L
The idea is that the key .ssl/localhost.key
is missing.
envizon/docker/envizon_local/entrypoint_local.sh
Lines 4 to 11 in b786c6c
It means the entrypoint script is not working as intended.
And effectively at the beginning I can see:
envizon_local | No certificates provided and none in .ssl/, generating some for you
envizon_local | Generating a RSA private key
envizon_local | ...+++++
envizon_local | .............................+++++
envizon_local | writing new private key to '.ssl/localhost.key'
envizon_local | req: Can't open ".ssl/localhost.key" for writing, No such file or directory
If it can't ouput in an non-existing file, maybe a quick touch
can solve that?
Follow Running from local git checkout .
link issues to clients directly in reports view. ajax/jquery live search for client ip or hostname in modal should be finde
if you click select all button in group view, only a maximum of 10 will be selected. Furthermore blur function is missing.
direct (ajax) live search in custom targets?
No description needed.
settings and groups
add a button to move a client from all groups directly to an automaticly created group named "archive"
Hello again,
while working with envizon, it happend to me that I accidentlly archived an entry. But I wasnt able to restore it back to a normal entry, after being archived.
The version, as far as I can say, is 4.0 (its written right under "Settings").
I hope, you can reproduce and fix this issue.
Best regards,
Chris
Starting image scans directly from the group interface with selected clients.
For a decent network graph, open source js libary cytoscape can be used.
If nmap returns scriptoutput which are empty do not store them to the database
run nmap -sC
over an ip with open ports and check the script outputs in envizion
nothing to say
The Funktion "Add new Group" do not close the modal, if "move" is selected. maybe the issue only triggers in virtuell Groups(custom Search).
in backgroud the funktion seems to work (if you reload the page all seams fine)
Hello again,
while using envizon, we found, that it would be an huge improvement, if it would be possible, to add notes to each entry in a seperate field. Even better, but also more complicated, would be a search feature for these notes.
Yours sincerly,
Chris
issues should have unique text partials that are referenced to an issue and the label (Description, Recommendation, etc.)
Add function to init a scan directly from group view with selected targets.
Maybe via post method /scans and prefilled target fields.
render a issue with a global variable (setting) "presentation mode=true" will display the screenshots only in mosaik view
Implement a code style font for the nmap plugin output in the groups interface.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.