{"id":26010151,"url":"https://github.com/jblukach/lunkerzero","last_synced_at":"2025-03-05T22:39:42.279Z","repository":{"id":246016695,"uuid":"818993403","full_name":"jblukach/lunkerzero","owner":"jblukach","description":"Lunker Zero, a.k.a. LZ, performs Threat Surface monitoring with ChatOps to detect Internet-accessible network risk and Open Source Intelligence reputation.","archived":false,"fork":false,"pushed_at":"2025-01-08T01:03:41.000Z","size":1776,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-08T02:18:54.224Z","etag":null,"topics":["attack","aws","cdk","docker","exposure","osint","port","python","surface","threat"],"latest_commit_sha":null,"homepage":"https://search.censys.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jblukach.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-23T13:21:27.000Z","updated_at":"2025-01-08T01:03:44.000Z","dependencies_parsed_at":"2024-07-16T05:42:16.017Z","dependency_job_id":"f1707a01-0ec1-4472-8a2e-356a2f07c6ce","html_url":"https://github.com/jblukach/lunkerzero","commit_stats":null,"previous_names":["jblukach/lunkerzero"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jblukach%2Flunkerzero","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jblukach%2Flunkerzero/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jblukach%2Flunkerzero/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jblukach%2Flunkerzero/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jblukach","download_url":"https://codeload.github.com/jblukach/lunkerzero/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242117656,"owners_count":20074433,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","aws","cdk","docker","exposure","osint","port","python","surface","threat"],"created_at":"2025-03-05T22:39:41.089Z","updated_at":"2025-03-05T22:39:42.228Z","avatar_url":"https://github.com/jblukach.png","language":"Python","readme":"# lunkerzero\n\nLunker Zero, a.k.a. LZ, performs Threat Surface monitoring with ChatOps to detect Internet-accessible network risk and Open Source Intelligence reputation.\n\nThe application has three environments for developing new detections that can be promoted once ready.\n\n - Development\n - Guinea Pigs\n - Production\n\nThreat Surface monitoring results get separated by deploying new **code names** for each Amazon Web Services (AWS) cloud investigation.\n\n - Walleye\n - Perch\n - Northern\n\nSlack notifications are received when a monitored DNS, IPv4, or IPv6 is added/removed from checked OSINT threat feeds.\n\nCensys Search also provides Slack notifications when ports are opened/closed from the Autonomous System (AS) number query results.\n\nhttps://search.censys.io\n\nLastly, the Webrecorder project archives websites for inspection using Amazon GuardDuty \u0026 Macie for malicious and sensitive content detection.\n\nhttps://github.com/webrecorder\n\n## AWS Chatbot for Slack\n\n![Input Diagram](images/input-diagram.png)\n\n### Add Artifact\n\n```\n@aws invoke walleye --payload {\"add”: “4n6ir.com”}\n```\n\n```\n@aws invoke walleye --payload {\"add”: “127.0.0.1”}\n```\n\n```\n@aws invoke walleye --payload {\"add”: “::1”}\n```\n\n### List Artifacts\n\n```\n@aws invoke walleye --payload {\"list”: “all”}\n```\n\n```\n@aws invoke walleye --payload {\"list”: “dns”}\n```\n\n```\n@aws invoke walleye --payload {\"list”: “ipv4”}\n```\n\n```\n@aws invoke walleye --payload {\"list”: “ipv6”}\n```\n\n### Remove Artifact\n\n```\n@aws invoke walleye --payload {\"remove”: “4n6ir.com”}\n```\n\n```\n@aws invoke walleye --payload {\"remove”: “127.0.0.1”}\n```\n\n```\n@aws invoke walleye --payload {\"remove”: “::1”}\n```\n\n### Delete Artifacts\n\n```\n@aws invoke walleye --payload {\"delete”: “all”}\n```\n\n```\n@aws invoke walleye --payload {\"delete”: “dns”}\n```\n\n```\n@aws invoke walleye --payload {\"delete”: “ipv4”}\n```\n\n```\n@aws invoke walleye --payload {\"delete”: “ipv6”}\n```\n\n### Autonomous System\n\n```\n@aws invoke walleye --payload {\"as”:”AS65535”}\n```\n\n```\n@aws invoke walleye --payload {\"handle”:”FAKE-1”}\n```\n\n```\n@aws invoke walleye --payload {\"list”: “as”}\n```\n\n```\n@aws invoke walleye --payload {\"delete”: “as”}\n```\n\n### Classless Inter-Domain Routing\n\n```\n@aws invoke walleye --payload {\"cidr”:”127.0.0.1/24”}\n```\n\n```\n@aws invoke walleye --payload {\"list”: “cidr”}\n```\n\n```\n@aws invoke walleye --payload {\"delete”: “cidr”}\n```\n\n## Amazon EventBridge Rules\n\n![Output Diagram](images/output-diagram.png)\n\n### Censys Search\n\n```\n{\"censys”: “search”}\n```\n\n### Open Source Intelligence\n\n```\n{\"osint”: “dns”}\n```\n\n```\n{\"osint”: “ipv4”}\n```\n\n```\n{\"osint”: “ipv6”}\n```\n\n## Amazon GuardDuty \u0026 Macie\n\n![Inspect Diagram](images/inspect-diagram.png)\n\n### Website Inspection\n\n```\n@aws invoke walleye --payload {\"inspect”: “https://4n6ir.com”}\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjblukach%2Flunkerzero","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjblukach%2Flunkerzero","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjblukach%2Flunkerzero/lists"}