Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/trimstray/otseca

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
https://github.com/trimstray/otseca

auditing cybersecurity dump html-report information-gathering linux pentesting reporting security-audit security-tools system system-analysis system-config system-information

Last synced: 2 months ago
JSON representation

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Lists

README 

        


  

    Master

  




Open source security auditing tool to search and dump system configuration.









  

    Travis-CI

  

  

    Version

  

  

    Commands

  

  

    License

  






   Introduction  |  

   Description  |  

   Requirements  |  

   Output  |  

   Parameters  |  

   Reports  |  

   How it works  |  

   Other










  Created by

  trimstray and

  contributors










***



## Introduction



### The main goal



The main assumption of creating this tool was **easier** and **faster** delivery of **commands sets** to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time.



### For whom



**Otseca** facilitates collection of many important information about a given system.



It is useful for:





    :ballot_box_with_check: system administrators


    :ballot_box_with_check: security researchers


    :ballot_box_with_check: security professionals


    :ballot_box_with_check: pentesters


    :ballot_box_with_check: hackers





### How To Use



It's simple:



```bash

# Clone this repository

git clone https://github.com/trimstray/otseca



# Go into the repository

cd otseca



# Install

./setup.sh install



# Run the app

otseca --ignore-failed --tasks system,network --output /tmp/report

```



> * symlink to `bin/otseca` is placed in `/usr/local/bin`

> * man page is placed in `/usr/local/man/man8`



> **Hint 1**

> If you do not want the script to be stopped after encountering errors add `--ignore-failed` script param.



> **Hint 2**

> Only selected tasks using the `--tasks ` script param.



## Description



**Otseca** is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in **HTML** or **RAW-HTML** formats.



The basic goal is to get as much information about the scanned system as possible for later analysis. **Otseca** contains many predefined commands, however, nothing prevents you from creating your own according to your needs. In addition, it automates the entire information gathering process.



After the scan finishes, a report is generated to examine specific nooks of the system.



## Requirements



This tool working with:



- **GNU/Linux** (testing on Debian and CentOS)

- **Bash** (testing on 4.4.19)



Also you will need **root access**.



## Output



An exemplary result of the process of collecting information from the local system:





  Master




## Parameters



Below is a list of available options:



```bash

  Usage:

    otseca 



  Examples:

    otseca --help

    otseca --format html

    otseca --format html --ignore-failed

    otseca --format raw-html --tasks system,network



  Options:

        --help                      show this message

     -f|--format               set output format (key: html/raw-html)

     -t|--tasks                set specific task to do

                                    (key: system, kernel, permissions, services, network, distro, external)

     -o|--output              set path to output directory report

        --show-errors               show stderr to output

        --ignore-failed             do not exit with nonzero on commands failed

```



## Reports



**Otseca** generates reports in html (js, css and other) or raw-html (pure html) formats.



> Default path for reports is `{project}/data/output` directory. If you want to change it, add the `--output ` option to call the script.



### Main page (index.html)



It's the main file which contains a list of reports such as system or network.





  Master




### Tasks reports



The report that can be performed consists of the following sections (stacks):



- **system** - dump info from system commands (output file: system.all.log.html)

- **kernel** - dump info about kernel params (output file: kernel.all.log.html)

- **permissions**  - dump info about permissions (output file: permissions.all.log.html)

- **services** - dump info about system services (output file: services.all.log.html)

- **network** - dump info from network layer (output file: network.all.log.html)

- **distro** - dump info about specific distribution (output file: distro.all.log.html)

- **external** - all external, also user tasks or included from `etc/` directory (output file: external.all.log.html)



HTML reports consist of the following blocks (example):





  Master




## How it works



### Tasks



**Otseca** divides his work into **tasks**. Each sets of tasks performs defined commands (eg. from the file `etc/otseca.conf`). By default six tasks are available: **system**, **kernel**, **permissions**, **services**, **network**, **distro** and **external**.



By default, all tasks are performed but you can specify them with the `--tasks` parameter giving one or many tasks as an argument. For example:



```bash

otseca --ignore-failed --tasks system,kernel

```



### Commands



They are actual **commands** executed from the configuration file grouped into tasks.



Here is an example of a network task containing several built-in commands:



```bash

NETWORK_STACK=(\



  "_exec hostname -f" \

  "_exec ifconfig -a" \

  "_exec iwconfig" \

  "_exec netstat -tunap" \

  "_exec netstat -rn" \

  "_exec iptables -nL -v" \

  "_exec iptables -nL -v -t nat" \

  "_exec iptables -S" \

  "_exec lsof -ni" \



)

```



### Submodules



**Submodules** are built-in functions that perform the commands described above. Here is submodules list:



- **_exec** - init standard commands, eg. `_exec ls -l /etc/rsyslog.conf`

- **_grep** - is responsible for searching for strings in files, eg. `_grep max_log_file /etc/audit/auditd.conf`

- **_stat** - collects information about files, eg. `_stat /etc/ssh/sshd_config`

- **_sysctl** - compares the values of the kernel parameters, eg. `_sysctl fs.suid_dumpable 1`

- **_systemctl** - checks the operation of services, eg. `_systemctl httpd`



### Output states



**Otseca** supports three output (response) states:



- **DONE** - informs that the command was executed correctly, most often it says that you did not find what you are looking for which is good information. The report is marked in **_green_**:



  * from console output:


    Master


  * from report output:


    Master



- **WARN** - informs that the command was not executed correctly (syntax error, no command, file not found etc.). The report is marked in **_yellow_**:



  * from console output:


    Master


  * from report output:


    Master



- **TRUE** - informs that the command was executed correctly and found what we were looking for, e.g. too wide permissions for the file `/etc/sudoers`. The report is marked in **_red_**:



  * from console output:


    Master


  * from report output:


    Master



## Other



### Contributing



See **[this](.github/CONTRIBUTING.md)**.



### Project architecture



See **[this](https://github.com/trimstray/otseca/wiki/Project-architecture)**.



## License



GPLv3 : 



**Free software, Yeah!**