README
¶
Vulcan Checks
This repository holds the code for each Vulcan check's main binary.
Vendoring
Currently there's no vendoring provided for this project.
Current list of Checks
- vulcan-aws-alerts - Warns about CA issues in AWS RDS
- vulcan-aws-trusted-advisor - Checks AWS Trusted Advisor for security findings
- vulcan-burp - Runs a PortSwigger Burp Enterprise scan
- vulcan-dmarc - Checks if a domain (asset with a SOA record) have valid DNS configuration for DMARC
- vulcan-drupal - Checks for vulnerabilities in Drupal CMS
- vulcan-exposed-bgp - Checks for exposed BGP port on Internet routers
- vulcan-exposed-db - Checks if an asset has open database well known ports
- vulcan-exposed-http - Checks if an asset has open HTTP well known ports
- vulcan-exposed-memcached - Checks if an asset has exposed a memcached server
- vulcan-exposed-router-ports - Checks if an asset has open router well known ports
- vulcan-exposed-services - Checks if a host has any port opened by scanning the 1000 most common TCP and UDP ports
- vulcan-exposed-ssh - Checks SSH server configuration for compliance with Mozilla OpenSSH guidelines
- vulcan-github-alerts - Retrieves existing vulnerability alerts for a Github repository
- vulcan-gitleaks - Checks if a Git repository contains secrets like passwords, API tokens or private keys
- vulcan-heartbleed - Checks if an asset is vulnerable to heartbleed vulnerability
- vulcan-host-discovery - Performs a quick Nmap ping scan that identifies which hosts are up
- vulcan-http-headers - Analyzes the security of a website based on its HTTP headers
- vulcan-ipv6 - Checks for IPv6 presence
- vulcan-masscan - Checks if a host has any port opened by scanning the whole TCP port range using masscan
- vulcan-mx - Looks for MX DNS Records on a given domain
- vulcan-nessus - Runs a Nessus scan
- vulcan-nuclei - Runs Nuclei scanner tool with selected templates
- vulcan-prowler - Checks compliance against CIS AWS Foundations Benchmark
- vulcan-results-load-test - Internal testing check, not for production
- vulcan-retirejs - Checks for vulnerabilities in JS frontend dependencies
- vulcan-semgrep - Runs Semgrep scanner tool for detect security issues in code
- vulcan-sleep - Internal testing check, not for production
- vulcan-smtp-open-relay - Checks for exposed SMTP, and if they are open relay
- vulcan-spf - Checks if a domain (asset with a SOA record) have valid DNS configuration for SPF
- vulcan-trivy - Checks if a Docker image uses vulnerable packages or dependencies using Trivy
- vulcan-unclassified - Example vulnerability to test the monitoring of unclassified vulnerabilities - not for production
- vulcan-vulners - Runs https://vulners.com/api/v3/burp/software/
- vulcan-wpscan - Checks Wordpress sites for vulnerabilities using the open source wpscan utility
- vulcan-zap - Checks for vulnerabilities in web applications using OWASP ZAP
Removed Checks
For future reference, this section contains links to the last working commits of checks that were removed.
- vulcan-certinfo - Extracts information about SSL/TLS certificates
- vulcan-exposed-amt - Checks if an asset has the Intel AMT port exposed and whether is it vulnerable or not
- vulcan-exposed-files - Check asset for sensitive files exposed on HTTP server
- vulcan-exposed-ftp - Checks if an asset has open FTP well known ports and if they allow anonymous logins or vulnerable to bounce attack
- vulcan-exposed-hdfs - Checks if an EMR cluster is exposed to the Internet
- vulcan-exposed-http-resources - Checks if a web address exposes sensitive resources
- vulcan-exposed-rdp - Checks if a Microsoft Remote Desktop service is exposed to the Internet
- vulcan-exposed-varnish - Checks if an asset is a Web Cache, and also if it is a Varnish
- vulcan-gozuul - Checks if a Zuul Gateway is vulnerable to Remote Code Execution as specified in nflx-2016-003
- vulcan-lucky - Checks if an TLS asset is vulnerable to LuckyMinus20 attack
- vulcan-s3-takeover - Checks for a vulnerability related to domain names pointing to a S3 static website when the S3 bucket has been deleted
- vulcan-tls - Analyzes TLS health of an asset
Building and testing
This project is primarily built using the vulcan-checks-bsys project.
But it's possible to build each one of the checks with go build.
In every check directory there is an example configuration file called local.toml.example, most checks reads a
file named local.toml if you pass the -t parameter, so by copying that file you can do a local test of your code
before you commit.
The checks that are not self-contained, and instead rely on external binaries, can be locally tested with
vulcan-checks-bsys. By running vulcan-build-images -r PATH_TO_THE_CHECK_DIR it will create a docker image and
run it, feeding the check with the input from local.toml.
Full example to build and test run one check:
cd cmd/vulcan-drupal
go build
cp local.toml.example local.toml
./vulcan-drupal -t
If you are running go version 1.17 or later, you can easily use the build system project with go run:
cd cmd/vulcan-drupal
go run github.com/adevinta/vulcan-checks-bsys/cmd/vulcan-build-images@master -r ../vulcan-drupal
For older versions of go you should use go install or go get, depending on version.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
vulcan-blast-radius
vulcan-blast-radius implements a check that uses the Security Graph to get the blast radius of an asset.
|
vulcan-blast-radius implements a check that uses the Security Graph to get the blast radius of an asset. |
|
vulcan-blast-radius/intel
Package intel provides a client to interact with the Intel API.
|
Package intel provides a client to interact with the Intel API. |
Click to show internal directories.
Click to hide internal directories.