Skip to content

This repository holds the code for each Vulcan check's main binary.

License

Notifications You must be signed in to change notification settings

adevinta/vulcan-checks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Vulcan Checks

This repository holds the code for each Vulcan check's main binary.

Vendoring

Currently there's no vendoring provided for this project.

Current list of Checks

  • vulcan-aws-alerts - Warns about CA issues in AWS RDS
  • vulcan-aws-trusted-advisor - Checks AWS Trusted Advisor for security findings
  • vulcan-burp - Runs a PortSwigger Burp Enterprise scan
  • vulcan-dmarc - Checks if a domain (asset with a SOA record) have valid DNS configuration for DMARC
  • vulcan-drupal - Checks for vulnerabilities in Drupal CMS
  • vulcan-exposed-bgp - Checks for exposed BGP port on Internet routers
  • vulcan-exposed-db - Checks if an asset has open database well known ports
  • vulcan-exposed-http - Checks if an asset has open HTTP well known ports
  • vulcan-exposed-memcached - Checks if an asset has exposed a memcached server
  • vulcan-exposed-router-ports - Checks if an asset has open router well known ports
  • vulcan-exposed-services - Checks if a host has any port opened by scanning the 1000 most common TCP and UDP ports
  • vulcan-exposed-ssh - Checks SSH server configuration for compliance with Mozilla OpenSSH guidelines
  • vulcan-github-alerts - Retrieves existing vulnerability alerts for a Github repository
  • vulcan-gitleaks - Checks if a Git repository contains secrets like passwords, API tokens or private keys
  • vulcan-heartbleed - Checks if an asset is vulnerable to heartbleed vulnerability
  • vulcan-host-discovery - Performs a quick Nmap ping scan that identifies which hosts are up
  • vulcan-http-headers - Analyzes the security of a website based on its HTTP headers
  • vulcan-ipv6 - Checks for IPv6 presence
  • vulcan-masscan - Checks if a host has any port opened by scanning the whole TCP port range using masscan
  • vulcan-mx - Looks for MX DNS Records on a given domain
  • vulcan-nessus - Runs a Nessus scan
  • vulcan-nuclei - Runs Nuclei scanner tool with selected templates
  • vulcan-prowler - Checks compliance against CIS AWS Foundations Benchmark
  • vulcan-results-load-test - Internal testing check, not for production
  • vulcan-retirejs - Checks for vulnerabilities in JS frontend dependencies
  • vulcan-semgrep - Runs Semgrep scanner tool for detect security issues in code
  • vulcan-sleep - Internal testing check, not for production
  • vulcan-smtp-open-relay - Checks for exposed SMTP, and if they are open relay
  • vulcan-spf - Checks if a domain (asset with a SOA record) have valid DNS configuration for SPF
  • vulcan-trivy - Checks if a Docker image uses vulnerable packages or dependencies using Trivy
  • vulcan-unclassified - Example vulnerability to test the monitoring of unclassified vulnerabilities - not for production
  • vulcan-vulners - Runs https://vulners.com/api/v3/burp/software/
  • vulcan-wpscan - Checks Wordpress sites for vulnerabilities using the open source wpscan utility
  • vulcan-zap - Checks for vulnerabilities in web applications using OWASP ZAP

Removed Checks

For future reference, this section contains links to the last working commits of checks that were removed.

  • vulcan-certinfo - Extracts information about SSL/TLS certificates
  • vulcan-exposed-amt - Checks if an asset has the Intel AMT port exposed and whether is it vulnerable or not
  • vulcan-exposed-files - Check asset for sensitive files exposed on HTTP server
  • vulcan-exposed-ftp - Checks if an asset has open FTP well known ports and if they allow anonymous logins or vulnerable to bounce attack
  • vulcan-exposed-hdfs - Checks if an EMR cluster is exposed to the Internet
  • vulcan-exposed-http-resources - Checks if a web address exposes sensitive resources
  • vulcan-exposed-rdp - Checks if a Microsoft Remote Desktop service is exposed to the Internet
  • vulcan-exposed-varnish - Checks if an asset is a Web Cache, and also if it is a Varnish
  • vulcan-gozuul - Checks if a Zuul Gateway is vulnerable to Remote Code Execution as specified in nflx-2016-003
  • vulcan-lucky - Checks if an TLS asset is vulnerable to LuckyMinus20 attack
  • vulcan-s3-takeover - Checks for a vulnerability related to domain names pointing to a S3 static website when the S3 bucket has been deleted
  • vulcan-tls - Analyzes TLS health of an asset

Building and testing

This project is primarily built using the vulcan-checks-bsys project.

But it's possible to build each one of the checks with go build.

In every check directory there is an example configuration file called local.toml.example, most checks reads a file named local.toml if you pass the -t parameter, so by copying that file you can do a local test of your code before you commit.

The checks that are not self-contained, and instead rely on external binaries, can be locally tested with vulcan-checks-bsys. By running vulcan-build-images -r PATH_TO_THE_CHECK_DIR it will create a docker image and run it, feeding the check with the input from local.toml.

Full example to build and test run one check:

cd cmd/vulcan-drupal
go build
cp local.toml.example local.toml
./vulcan-drupal -t

If you are running go version 1.17 or later, you can easily use the build system project with go run:

cd cmd/vulcan-drupal
go run github.com/adevinta/vulcan-checks-bsys/cmd/vulcan-build-images@master -r ../vulcan-drupal

For older versions of go you should use go install or go get, depending on version.

About

This repository holds the code for each Vulcan check's main binary.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published