{"id":47879880,"url":"https://github.com/nunenuh/defense-kit","last_synced_at":"2026-04-04T01:42:32.214Z","repository":{"id":346304460,"uuid":"1186865795","full_name":"nunenuh/defense-kit","owner":"nunenuh","description":"Defensive security toolkit — scan, harden, and monitor your OS, code, repos, and infrastructure. Claude Code skill.","archived":false,"fork":false,"pushed_at":"2026-03-24T03:55:57.000Z","size":6962,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-24T04:47:33.757Z","etag":null,"topics":["claude-code","defense","docker","gitleaks","hardening","lynis","sast","sca","security","semgrep","trivy"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nunenuh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-20T04:22:51.000Z","updated_at":"2026-03-24T03:55:48.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/nunenuh/defense-kit","commit_stats":null,"previous_names":["nunenuh/defense-kit"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/nunenuh/defense-kit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nunenuh%2Fdefense-kit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nunenuh%2Fdefense-kit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nunenuh%2Fdefense-kit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nunenuh%2Fdefense-kit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nunenuh","download_url":"https://codeload.github.com/nunenuh/defense-kit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nunenuh%2Fdefense-kit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31384845,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T01:22:39.193Z","status":"ssl_error","status_checked_at":"2026-04-04T01:22:33.970Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["claude-code","defense","docker","gitleaks","hardening","lynis","sast","sca","security","semgrep","trivy"],"created_at":"2026-04-04T01:42:30.563Z","updated_at":"2026-04-04T01:42:32.176Z","avatar_url":"https://github.com/nunenuh.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# defense-kit\n\n[![CI](https://github.com/nunenuh/defense-kit/actions/workflows/ci.yml/badge.svg)](https://github.com/nunenuh/defense-kit/actions/workflows/ci.yml)\n[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n\nDefensive security toolkit for Linux. 42 scanners, 4 hardeners, local dashboard, threat intelligence, forensics timeline. Scan, harden, monitor, and comply — from your laptop to your servers.\n\n## Install\n\n```bash\ncurl -sSL https://get.nunenuh.me/defense-kit | bash\n```\n\nSkip external tools:\n```bash\ncurl -sSL https://get.nunenuh.me/defense-kit | bash -s -- --no-tools\n```\n\nOr clone:\n```bash\ngit clone https://github.com/nunenuh/defense-kit.git\ncd defense-kit \u0026\u0026 ./install.sh\n```\n\n## Quick Start\n\n```bash\ndefense-kit scan                          # full system audit (42 scanners)\ndefense-kit scan --profile workstation    # preset for laptops\ndefense-kit dashboard --port 8080 --open  # browser dashboard\ndefense-kit harden --dry-run              # preview security fixes\ndefense-kit schedule enable --interval 6h # auto-scan\ndefense-kit comply --framework cis        # CIS Benchmark report\n```\n\n## Commands\n\n| Command | What It Does |\n|---------|-------------|\n| `scan` | Read-only audit across 42 scanners |\n| `harden` | Fix issues with approval + rollback |\n| `monitor` | Quick scan + diff against baseline |\n| `dashboard` | Local web dashboard (SQLite + htmx) |\n| `comply` | Map findings to CIS/SOC2/OWASP |\n| `schedule` | Auto-scan via systemd timer or cron |\n| `baseline` | Track changes over time |\n| `tools check` | Show scanners + external tools |\n| `report html` | Generate HTML report |\n| `outputs` | Manage scan history |\n\n## What It Scans\n\n42 scanners across 10 groups:\n\n| Group | Scanners | What It Detects |\n|-------|----------|----------------|\n| **environment** | shell_rc, env_vars, ld_preload, pam | RC poisoning, PATH hijacking, library injection |\n| **persistence** | cron, systemd, scheduled, xdg_autostart | Malicious cron/services, backdoor timers, XDG autostart abuse |\n| **process** | processes, memory, clipboard | Reverse shells, miners, keyloggers |\n| **filesystem** | integrity, anomalies, timestomp, capabilities, swap, encryption | SUID abuse, anti-forensics, unencrypted disks |\n| **network** | ports, connections, dns, firewall, vpn, threat_intel | C2 connections, DNS exfiltration, known-bad IPs |\n| **auth** | ssh, users, browser | Weak SSH, UID 0 backdoors, saved passwords |\n| **system** | rootkit, boot, logs, package_manager, sysctl, services, mac, updates, auditd | Rootkits, log tampering, missing patches |\n| **code** | credentials, supply_chain, containers, git_hooks, docker_runtime | Leaked secrets, CVEs, malicious hooks |\n| **forensics** | ebpf, webshell | eBPF backdoors, webshell indicators |\n\n## What It Hardens\n\n| Hardener | Fixes |\n|----------|-------|\n| **SSH** | PermitRootLogin, PasswordAuth, EmptyPasswords, MaxAuthTries |\n| **OS** | 9 sysctl params (ip_forward, ASLR, SYN cookies, etc.) |\n| **Firewall** | UFW setup with SSH safety |\n| **Git** | Disable hooks, enable fsckobjects |\n\nEvery fix: requires approval, creates backup, generates rollback script.\n\n## External Tools\n\nInstalled by default. Enhance detection when available, graceful fallback when not.\n\nrkhunter, chkrootkit, lynis, ClamAV, gitleaks, trufflehog, trivy, grype, hadolint, dockle, ssh-audit, semgrep, bandit, nmap, aide, debsums\n\n## Dashboard\n\n```bash\ndefense-kit dashboard --port 8080 --open\n```\n\nLocal-only web UI with:\n- Security overview with severity cards\n- Filterable findings table\n- Scan history with trend charts\n- Scanner + tool status\n- Settings management\n- Background auto-scanning\n\n## Docker\n\n```bash\nmake docker-build\nTARGET_PATH=/path/to/code make docker-up\nmake docker-scan\n```\n\n## Structure\n\n```\ndefense-kit/\n├── defense-kit-cli/          # Go binary (all source code)\n│   ├── cmd/defense-kit/      # CLI entry point\n│   └── internal/             # Scanner, hardener, reporter, dashboard, etc.\n├── docker/                   # Dockerfile + docker-compose\n├── .claude/                  # Claude agents + skill definition\n├── policies/                 # Security baseline (YAML)\n├── tools/                    # REGISTRY.md + PIPELINES.md\n├── specs/                    # Design specs + gap analysis\n├── install.sh                # Local installer\n├── install-remote.sh         # curl-pipe installer\n└── Makefile                  # Build targets\n```\n\n## How It Differs From pentest-kit\n\n| | pentest-kit | defense-kit |\n|---|---|---|\n| Purpose | Find vulns in **others** | Protect **yourself** |\n| Mode | Offensive | Defensive |\n| Output | Pentest report | Compliance report + auto-fix |\n| Runs | Per engagement | Continuously / scheduled |\n\n## Credits\n\nPart of the [nunenuh](https://github.com/nunenuh) security toolkit family alongside [pentest-kit](https://github.com/nunenuh/pentest-kit).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnunenuh%2Fdefense-kit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnunenuh%2Fdefense-kit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnunenuh%2Fdefense-kit/lists"}