Giter Club home page Giter Club logo

kvasir's Introduction

Kvasir

Welcome to Kvasir! Herein these directories lay the groundwork tools for effective data management during a Penetration Test.

Penetration tests can be data management nightmares because of the large amounts of information that is generally obtained. Vulnerability scanners return lots of actual and potential vulnerabilities to review. Port scanners can return thousands of ports for just a few hosts. How easy is it to share all this data with your co-workers?

That's what Kvasir is here to help you with. Here's what you'll need to get started:

  • The latest version of web2py (http://www.web2py.com/)
  • A database (PostgreSQL known to work)
  • A network vulnerability scanner (Nexpose, Nessus and Nmap supported)
  • Additional python libraries

Kvasir is a web2py application and can be installed for each customer or task. This design keeps data separated and from you accidentally attacking or reviewing other customers.

This tool was developed primarily for the Cisco Systems Advanced Services Security Posture Assessment (SPA) team. While not every methodology may not directly align, Kvasir is something that can be molded and adapted to fit almost any working scenario. Pull requests through Github are encouraged!

DOCUMENTATION

Current documentation will be maintained on the Kvasir Github wiki (https://github.com/KvasirSecurity/Kvasir/wiki)

NOTES

Kvasir was primarily designed for use on short customer-focused engagements. A directory 'application' for each customer would be used allowing for much stronger data separation.

For example lets assume two customers, Foo Widgets and Bar Napkins.

Data for each customer is stored in /opt/data/$CUSTOMERNAME

Install Kvasir in each customer's directory:

Now symbolically link Kvasir to the web2py application directory:

  • ln -s /opt/data/foowidgets/kvasir $WEB2PY_HOME/applications/foowdigets
  • ln -s /opt/data/barnapkins/kvasir $WEB2PY_HOME/applications/barnapkins

Create unique databases:

  • sudo su - postgres
  • createdb -O pguser foowidgets
  • createdb -O pguser barnapkins

Copy the kvasir.yaml.sample to kvasir.yaml and change the defaults:

  • db->kvasir->uri

You're ready to go!

WEB2PY SCHEDULER TASK QUEUE

The web2py scheduler task system is used for long-running tasks such as launching terminals, processing XML report files, etc. The scheduler can run with the main web2py process or started from a separate terminal.

To start as part of the web2py web server process:

cd $WEB2PY_HOME
python web2py.py -a <recycle> -X -K foowidgets,barnapkins

To start as its own process:

cd $WEB2PY_HOME
python web2py.py -K foowidgets,barnapkins

Additional workers may be started by repeating the application name:

cd $WEB2PY_HOME
python web2py.py -K foowidgets,foowidgets,barnapkins,barnapkins

LOGGING

By default the scheduler task logging level is DEBUG. This can get very noisy on a terminal. To change this copy the logging.conf file to the web2py home directory. Modify it as you see fit.

cd $WEB2PY_HOME
cp applications/$APPNAME/logging.conf .

kvasir's People

Contributors

grutz avatar eddiezab avatar nexusbla18 avatar 001001 avatar 010101010100 avatar juushya avatar andurin avatar marpie avatar vikasprogrammer avatar hybriz avatar samuelbonilla avatar

Watchers

 avatar James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.