Login
Implement and monitor Appsec control at scale.
FreshRSS 
$ git clone git@github.com:mf-labs/witcher.git
$ cd witcher
$ npm i
$ git clone git@github.com:mf-labs/witcher.git
$ cd witcher
$ docker build -t witcher .
# Running docker image
$ docker run -e GITHUB_TOKEN=$GITHUB_TOKEN -e ORG=$ORG witcher -a status -m ghas -r offsec-sast-testing
β witcher git:(master) node witcher.js -h
usage: witcher.js [-h] -m MODULE -a ACTION [--daily-summary] [--mass-action] [--slack] [--siem] [--jira]
[--jira-ticket JIRATICKET] [--org ORG] [-r REPO] [-b BRANCH]
[--workflow-file WORKFLOW] [--repo-file REPOFILE]
witcher ....... you can't escape
optional arguments:
-h, --help show this help message and exit
-m MODULE, --module MODULE
ghas, dependabot, secret-scanning, codeql, iac, workflows, ALL
-a ACTION, --action ACTION
enable, disbale, status, alert, deploy, delete
--daily-summary Get the Daily Summary
--mass-action Perform action (enable, deploy, delete) at scale
--slack Post new alert(s) on Slack
--siem Log activities on SIEM
--jira Post new vulnerability ticket on Jira
--jira-ticket JIRATICKET
Jira ticket ID (e.g. PROJECT-123)
Input:
--org ORG Organization Name
-r REPO, --repo REPO Repository Name, ALL
-b BRANCH, --branch BRANCH
Branch Name
--workflow-file WORKFLOW
Workflow File Name
--repo-file REPOFILE Repo File Name
Set the following environment variable first
export GITHUB_TOKEN=YOUR_GITHUB_TOKEN
export GITHUB_USER=YOUR_GITHUB_USERNAME
export ORG=YOUR_GITHUB_ORGANIZATION
# Optional to configure slack
export SLACK_BOT_TOKEN
export SLACK_SIGNING_SECRET
export SLACK_CHANNEL
# Optional to send data to SIEM
export SERVERLESS_APP_URL
# Optional for Jira ticket creation
export JIRA_API_TOKEN
export JIRA_EMAIL
export JIRA_URL
export JIRA_PROJECT
export JIRA_ISSUE_TYPE
Update the github/data/exclusion.json file with list of repositories excluded from Core Repositories / GHAS.
# List repositories where GHAS is disabled
$ node witcher.js -m ghas -a status --repo All
# Enable GHAS on certain repo
$ node witcher.js -m ghas -a enable --repo <repo-name>
# Disable GHAS on certain repo
$ node witcher.js -m ghas -a disable --repo <repo-name>
# Check GHAS status on certain repo
$ node witcher.js -m ghas -a status --repo <repo-name>
# Get latest code scanning vulnerability
$ node witcher.js -m codeql -a alert --slack // --slack to post on slack
# Mass Action
$ node witcher.js --mass-action -a enable -m ghas --repo-file mass_action.txt --jira-ticket PROJECT-123
# Run Daily Summary
$ node witcher.js --daily-summary -m ALL -a status --slack --jira
# Daily Summary includes the checking of
# 1. GHAS status on all repositories
# 2. Secret Scanning status on all repositories
# 3. Check for Depenabot status
# 4. Check for paused Dependabot
# 5. Code Scanning status on applicable repositories
# 6. IaC Scanning status on applicable repositories
# 7. Check alerts for any new vulnerability
# 8. Logged daily summary on SIEM and posted on Slack
- All public repositories are excluded from witcher
- All archived repositories are excluded from witcher
- All deprecated repositories are excluded from witcher
This tool is designed to interact with the GitHub API and retrieve specific user details, repository information, and commit emails for a given user.
pip install requestspython3 gitgrab.py
Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned So Ashok is an Incredible fast recon tool for penetration tester which is specially designed for Reconnaissance" title="Reconnaissance">Reconnaissance phase. And in Ashok-v1.1 you can find the advanced google dorker and wayback crawling machine.
- Wayback Crawler Machine
- Google Dorking without limits
- Github Information Grabbing
- Subdomain Identifier
- Cms/Technology Detector With Custom Headers
~> git clone https://github.com/ankitdobhal/Ashok
~> cd Ashok
~> python3.7 -m pip3 install -r requirements.txt
A detailed usage guide is available on Usage section of the Wiki.
But Some index of options is given below:
Ashok can be launched using a lightweight Python3.8-Alpine Docker image.
$ docker pull powerexploit/ashok-v1.2
$ docker container run -it powerexploit/ashok-v1.2 --help
MasterParser stands as a robust Digital Forensics and Incident Response tool meticulously crafted for the analysis of Linux logs within the var/log directory. Specifically designed to expedite the investigative process for security incidents on Linux systems, MasterParser adeptly scans supported logs, such as auth.log for example, extract critical details including SSH logins, user creations, event names, IP addresses and much more. The tool's generated summary presents this information in a clear and concise format, enhancing efficiency and accessibility for Incident Responders. Beyond its immediate utility for DFIR teams, MasterParser proves invaluable to the broader InfoSec and IT community, contributing significantly to the swift and comprehensive assessment of security events on Linux platforms.
Love MasterParser as much as we do? Dive into the fun and jazz up your screen with our exclusive MasterParser wallpaper! Click the link below and get ready to add a splash of excitement to your device! Download Wallpaper
This is the list of supported log formats within the var/log directory that MasterParser can analyze. In future updates, MasterParser will support additional log formats for analysis. |Supported Log Formats List| | --- | | auth.log |
If you wish to propose the addition of a new feature \ log format, kindly submit your request by creating an issue Click here to create a request
# How to navigate to "MasterParser-main" folder from the PS terminal
PS C:\> cd "C:\Users\user\Desktop\MasterParser-main\"
# How to show MasterParser menu
PS C:\Users\user\Desktop\MasterParser-main> .\MasterParser.ps1 -O Menu
# How to run MasterParser
PS C:\Users\user\Desktop\MasterParser-main> .\MasterParser.ps1 -O Start
https://github.com/YosfanEilay/MasterParser/assets/132997318/d26b4b3f-7816-42c3-be7f-7ee3946a2c70
MemTracer is a tool that offers live memory analysis capabilities, allowing digital forensic practitioners to discover and investigate stealthy attack traces hidden in memory. The MemTracer is implemented in Python language, aiming to detect reflectively loaded native .NET framework Dynamic-Link Library (DLL). This is achieved by looking for the following abnormal memory regionβs characteristics:
The tool starts by scanning the running processes, and by analyzing the allocated memory regions characteristics to detect reflective DLL loading symptoms. Suspicious memory regions which are identified as DLL modules are dumped for further analysis and investigation.
Furthermore, the tool features the following options:
python.exe memScanner.py [-h] [-r] [-m MODULE]
-h, --help show this help message and exit
-r, --reflectiveScan Looking for reflective DLL loading
-m MODULE, --module MODULE Looking for spcefic loaded DLL
The script needs administrator privileges in order incepect all processes.
