GitHub InfoSec Threepeat: HELK, ptf, and VulnWhisperer
There are numerous and exciting information security-related projects on GitHub; one can dive quickly down the rabbit hole, never to be seen again, in an effort to identify the best of breed for use in their security practices. In the last three days, three separate projects have hit my radar screen via social media that I thought readers might find intriguing and likely beneficial. I'm listing the projects in alphabetic order, not order of preference, each project represents a unique discipline and opportunity.
The first project is for hunters. HELK is a Hunting ELK (Elasticsearch, Logstash, Kibana) stack with advanced analytic capabilities, currently in beta. This project hits themes near and dear to me, and will definitely receive toolsmith attention in the near term. From @Cyb3rWard0g, HELK aims to:
- Provide a free hunting platform to the community and share the basics of Threat Hunting.
- Make sense of a large amount of event logs and add more context to suspicious events during hunting.
- Expedite the time it takes to deploy an ELK stack.
- Improve the testing of hunting use cases in an easier and more affordable way.
- Enable Data Science via Apache Spark, GraphFrames & Jupyter Notebooks
Second up, for your consideration, is the just released version 1.17 of ptf, the pentester's framework from Dave Kennedy's @TrustedSec.
The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.
PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES).
The 1.17 release includes:
- multiple fixes for aftercommands and escaping
- add Joomslav
- update masscan
- add Robot-Detect
Third on our list is VulnWhisper, also slotted for future toolsmith attention; it's already caught many an eye and cause some excitement, particularly in light of Spectre/Meltdown vulnerabilities. VulnWhisperer is a vulnerability data and report aggregator. Austin Taylor's VulnWhisperer will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename and tags all of the information inside the report (see logstash_vulnwhisp.conf file). Data is then shipped to elasticsearch to be indexed. VulnWhisperer includes support for:
- Nessus (v6 & v7)
- Qualys Web Applications
- Qualys Vulnerability Management (in progress)
- OpenVAS
- Nexpose
- Insight VM
- NMAP
- More to come
This is a great triple threat of GitHub offerings for your review and consideration, I know they're slated for me to do much more exploration.
Feel free to comment with some of your favorite GitHub information security projects.
Cheers.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago