Party applies a corporate extranet assets periodic scanning surveillance system

Project github address: https: //github.com/ATpiu/asset-scan

Brief introduction

asset-scan for the party extranet assets periodic scans to monitor for new assets port service automation unauthorized access / weak passwords burst detection and real-time alerts to facilitate foreign enterprises network attack surface exposed converge

Combined kibana, the user can always search extranet assets exposed ports, services and other information versions; the production of various types of charts, an open port statistics, the new service version scanning time consuming analysis and asset statistics; internal use Dashboard and other reports show

Currently support ssh, redis, mysql, ftp, mongodb, postgresqland mssqlweak passwords blasting seven kinds of services, additional support mongod, redisand
memcachedunauthorized access test

Please users to comply with "People's Republic of China Network Security Act", not for unauthorized test.

Features

• Periodic scans to monitor
• Automated unauthorized access / blasting weak passwords
• Scanning white list support, configuration and alarm control hot update
• Search, custom charts, multi-dimensional analysis

Illustration shows

- with Kibana powerful statistical analysis features, you can customize charts and other dial

- new asset servicing brute success notification

Profile Description

nmap:
  path:                          #不指定则使用系统默认的nmap

masscan:
  path:                          #不指定则使用系统默认的masscan
  rate: 5000                     #masscan扫描速度，不建议设很大

es:
  address: 127.0.0.1:9200        #elasticsearch地址

scan:
  ipFile: ip.txt                 #包含扫描的ip范围文件，文件内容格式参照nmap -iL参数所支持的格式
  ipexcludeFile: ipExclude.txt   #包含需排除的ip范围文件，文件内容格式参照nmap --excludefile参数所支持的格式
  port: 1-65535                  #扫描端口范围
  userDict: user.txt             #对服务进行弱口令爆破的用户名字典
  passwordDict: password.txt     #对服务进行弱口令爆破的密码字典
  scan_interval: 30              #扫描间隔，单位：秒

observe:
  switch: on                     #观察者模式开关：（1）开启:on （2）关闭:off

mail:                            #告警邮箱设置，若观察者模式始终开启，则可忽略邮箱配置
  host: xxx.xxx.com
  port: 123
  username: [email protected]
  password: xxx
  from: [email protected]
  to: ["[email protected]","[email protected]"]

Run Guide

• Linux environment to run, need Nmap, Masscan, Es and Kibana 5.6.x version, see the Installation Guide: Installation Guide
• After the desired components are installed, the release from the downloaded archive, for config.yaml configuration, the IP segment ip.txt fill to be scanned (refer to nmap -iL parameter format supported format), can be entered directly after the ./asset-scanoperation
• The initial scan, it is recommended config.yaml the observer mode switch to onavoid causing alarm bombing (of opening up new service or brute success will send warning messages)
• ipExclude.txt to be excluded from scanning for IP segment, user.txt and password.txt are the user name field and password dictionary

Es Field Description

Currently there are five Es type:

• result

  It contains basic scanning probe each asset data:

• scanhistory

  Start time and end of each scan includes time

• addhistory

  Compared with the most recent scan of the historical range, the new port services

• uphistory

  Compared with the most recent scan of the historical range, the same assets (with the same IP, port and protocol) service updates

• bruteforce

  Services include asset unauthorized access / brute record