{"id":13599887,"url":"https://github.com/cea-sec/usbsas","last_synced_at":"2025-05-16T08:07:22.050Z","repository":{"id":37266026,"uuid":"498331044","full_name":"cea-sec/usbsas","owner":"cea-sec","description":"Tool and framework for securely reading untrusted USB mass storage devices.","archived":false,"fork":false,"pushed_at":"2025-05-06T08:01:18.000Z","size":22679,"stargazers_count":343,"open_issues_count":4,"forks_count":29,"subscribers_count":17,"default_branch":"main","last_synced_at":"2025-05-06T08:48:37.632Z","etag":null,"topics":["filesystem","rust","security","usb"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cea-sec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-05-31T12:41:40.000Z","updated_at":"2025-05-06T07:44:40.000Z","dependencies_parsed_at":"2023-02-18T16:01:30.067Z","dependency_job_id":"39fe45eb-e807-4665-aefd-75e5d2143e80","html_url":"https://github.com/cea-sec/usbsas","commit_stats":null,"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fusbsas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fusbsas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fusbsas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-sec%2Fusbsas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cea-sec","download_url":"https://codeload.github.com/cea-sec/usbsas/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254493385,"owners_count":22080127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["filesystem","rust","security","usb"],"created_at":"2024-08-01T17:01:15.953Z","updated_at":"2025-05-16T08:07:17.041Z","avatar_url":"https://github.com/cea-sec.png","language":"Rust","funding_links":[],"categories":["Rust"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cp\u003e\u003cimg src=\"./doc/usbsas-logo.svg\"/\u003e\u003c/p\u003e\n  \u003cp\u003e\n    \u003ca href=\"https://github.com/cea-sec/usbsas/actions/workflows/build_check_test.yml?branch=main\"\u003e\n      \u003cimg src=\"https://github.com/cea-sec/usbsas/actions/workflows/build_check_test.yml/badge.svg?branch=main\" alt=\"Build and Test\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://www.gnu.org/licenses/gpl-3.0\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/License-GPLv3-blue.svg\"\u003e\n    \u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\nusbsas is a free and open source (GPLv3) tool and framework for securely reading\nuntrusted USB mass storage devices.\n\n\n## Description\n\nFollowing the concept of defense in depth and the principle of least privilege,\nusbsas's goal is to reduce the attack surface of the USB stack. To achieve this,\nmost of the USB related tasks (parsing USB packets, SCSI commands, file systems\netc.) usually executed in (privileged) kernel space has been moved to user space\nand separated in different processes (microkernel style), each being executed in\nits own restricted [secure computing\nmode](https://en.wikipedia.org/wiki/Seccomp).\n\nThe main purpose of this project is to be deployed as a kiosk / [sheep\ndip](https://en.wikipedia.org/wiki/Sheep_dip_(computing)) station to securely\ntransfer files from an untrusted USB device to a trusted one.\n\nIt works on GNU/Linux and is written in Rust.\n\n## Features\n\nusbsas can:\n\n- read files from an untrusted USB device (without using kernel modules like\n  `uas`, `usb_storage` and the file system ones). Supported file systems are\n  `FAT`, `exFat`, `ext4`, `NTFS` and `ISO9660`\n- analyze files with a remote antivirus\n- copy files on a new file system to a trusted USB device. Supported file\n  systems are `FAT`, `exFAT` and `NTFS`\n- upload files to a remote server\n- make an image of a USB device\n- wipe a USB device\n\n## Applications\n\nApplications built on top of usbsas:\n\n- **Web client / server**: This is the main application of usbsas, for deploying\n  a secure USB to USB file transfer kiosk.\n- **[Fuse](https://en.wikipedia.org/wiki/Filesystem_in_Userspace)\n  implementation**: mount USB devices (read-only) with usbsas.\n- **Python**: usbsas can also be used with Python\n\n## Documentation\n\n- [Architecture and technical](doc/architecture.md) documentation\n- [Build and usage](doc/build_usage.md) documentation\n- [Kiosk deployment](doc/kiosk.md) documentation\n- [Live ISO](doc/live-iso.md) documentation\n- Developer documentation can be generated with `$ cargo doc`\n\n## Contributing\n\nAny contribution is welcome, be it code, bug report, packaging, documentation or\ntranslation.\n\n## License\n\nDependencies included in this project:\n- `ntfs3g` is  GPLv2 (see ntfs3g/src/ntfs-3g/COPYING).\n- `FatFs` has a custom BSD-style license (see ff/src/ff/LICENSE.txt)\n- `fontawesome` is CC BY 4.0 (icons), SIL OFL 1.1 (fonts) and MIT (code) (see\n  client/web/static/fontawesome/LICENSE.txt)\n- `bootstrap` is MIT (see client/web/static/bs/LICENSE)\n\nusbsas is free software: you can redistribute it and/or modify it under the\nterms of the GNU General Public License as published by the Free Software\nFoundation, either version 3 of the License, or (at your option) any later\nversion.\n\nusbsas is distributed in the hope that it will be useful, but WITHOUT ANY\nWARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A\nPARTICULAR PURPOSE. See the GNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License [along with\nusbsas](LICENSE). If not, see [the gnu.org web\nsite](http://www.gnu.org/licenses/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcea-sec%2Fusbsas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcea-sec%2Fusbsas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcea-sec%2Fusbsas/lists"}