{"id":13766812,"url":"https://github.com/HewlettPackard/reconbf","last_synced_at":"2025-05-10T22:31:17.784Z","repository":{"id":142765545,"uuid":"63261868","full_name":"HewlettPackard/reconbf","owner":"HewlettPackard","description":"Recon system hardening scanner","archived":false,"fork":false,"pushed_at":"2016-09-09T13:34:37.000Z","size":327,"stargazers_count":47,"open_issues_count":1,"forks_count":7,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-26T19:39:36.668Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HewlettPackard.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-07-13T16:23:18.000Z","updated_at":"2022-11-11T21:09:17.000Z","dependencies_parsed_at":"2024-01-07T09:43:28.663Z","dependency_job_id":null,"html_url":"https://github.com/HewlettPackard/reconbf","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HewlettPackard%2Freconbf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HewlettPackard%2Freconbf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HewlettPackard%2Freconbf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HewlettPackard%2Freconbf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HewlettPackard","download_url":"https://codeload.github.com/HewlettPackard/reconbf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253492529,"owners_count":21916959,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T16:01:01.295Z","updated_at":"2025-05-10T22:31:17.455Z","avatar_url":"https://github.com/HewlettPackard.png","language":"Python","funding_links":[],"categories":["Security","Hardening"],"sub_categories":["Hardening","Ghidra"],"readme":"Recon by fire\n=============\n\nRecon is a tool for reviewing the security configuration of a local system. It\ncan detect existing issues, known-insecure settings, existing strange behaviour,\nand options for further hardening.\n\nRecon can be used in existing systems to find out which elements can be improved\nand can provide some information about why the change is recommended. It can\nalso be used to scan prepared system images to verify that they contain the\nexpected protection.\n\n\nWhat can Recon help with\n------------------------\n\nRecon checks:\n\n- sysctl settings\n- application configs\n- security features used in compiled binaries\n- security features of current kernel\n- suspicious system conditions (like upgraded binaries which have not been\n restarted)\n- and many others\n\nRecon is most useful for verifying that the system security is configured as\nexpected and for spotting hardening opportunities.\n\n\nWhat Recon isn't\n----------------\n\nSystem integrity checker - although it can be used to check the results or any\nsuch system.\n\nRootkit detector - Recon uses only the most strightforward way to verify the\nsystem state. It does not try to detect existing hidden or malicious elements.\n\nIntrusion detection system - it will not attempt to detect active attackers.\n\n\nRecon usage\n-----------\n\nRecon requires root privileges on the system to run most of its tests. All the\nsystem access is readonly however - no changes are made during the run and Recon\nshould not affect processes on a production system.\n\n::\n\n usage: reconbf [-h] [-c CONFIG_FILE] [-g {default,inline}]\n [-l--level {debug,info,error}] [-rf REPORT_FILE]\n [-rt {csv,json,html}] [-dm {all,fail,overall,notpass}]\n\n ReconBF - a Python OS security feature tester\n\n optional arguments:\n -h, --help show this help message and exit\n -c CONFIG_FILE, --config CONFIG_FILE\n use specified config file instead of default\n -g {default,inline}, --generate {default,inline}\n generates config file contetns with all the available\n modules listed and either configured to use the config\n that comes with the test, or inlines the current\n default configuration\n -l--level {debug,info,error}\n log level: can be \"debug\", \"info\", or \"error\"\n default=info\n -rf REPORT_FILE, --reportfile REPORT_FILE\n output file: default=result.out\n -rt {csv,json,html}, --reporttype {csv,json,html}\n output type: can be \"csv\", \"json\", or \"html\"\n -dm {all,fail,overall,notpass}, --displaymode {all,fail,overall,notpass}\n controls how tests are displayed: all-displays all\n results, fail-displays only tests which failed,\n overall-displays parent test statuses only, notpass-\n displays any test which didn't pass\n\nThe default way to run Recon is just `python -m reconbf` or install it and run\n`reconbf` (both with `sudo` if running as a non-root user).\n\nIf you need to adjust the configuration or verify your system against only a\nspecific set of tests, you can generate a new configuration file using `-g\ninline` option. The resulting configuration will include all the available\nmodules and also the default module configuration where needed.\n\n\nInterpreting results\n--------------------\n\nSome tests will result in a very clear answer. For example `test_sysctl_values`\nis going to always give the real answer coming from the `sysctl` output.\n\nOther tests may not be that clear, or may be skipped when some system elements\nare not reachable. For example `test_ptrace_scope` depends on kernel config\nbeing available on the system and matching the currently deployed kernel. While\nthis is the usual and expected state, any failures or skipped tests should be\ninvestigated separately and understood before taking actions to correct them.\n\nOther tests may rely on information which is not always available. For example\n`test_binaries` will attempt to check whether some binaries were compiled with\nstack protection. While this check will not have false-positives, it may report\na false-negative if the analysed binary was compiled with `-fstack-protector`\n(not `-fstack-protector-all`) and gcc decides that none of the functions\ncontained buffers that require protection.\n\n\nModule development\n------------------\n\nWhile developing new modules, please keep the following in mind:\n\n- ensure the code style matches (partially enforced by flake8 already)\n- new modules should come with unittests for them\n- new modules should not do direct IO operations; files or processes should be\n opened by either general abstractions in `reconbf.utils`, or local helpers in\n separate functions - this is to help writing small tests\n\n\nLicense\n-------\nreconbf is released under Apache 2.0 license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHewlettPackard%2Freconbf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FHewlettPackard%2Freconbf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHewlettPackard%2Freconbf/lists"}