https://github.com/c-sh0/santacruz

Elasticsearch and Kibana setup for Penetration testing and reconnaissance.
https://github.com/c-sh0/santacruz

bash docker docker-compose elasticsearch elk httpx kibana lua nmap nmap-scripts nuclei penetration-testing projectdiscovery python reconnaissance security security-tools

Last synced: about 1 month ago
JSON representation

Elasticsearch and Kibana setup for Penetration testing and reconnaissance.

• Host: GitHub
• URL: https://github.com/c-sh0/santacruz
• Owner: c-sh0
• Created: 2022-04-12T18:02:44.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-01-26T18:02:06.000Z (over 1 year ago)
• Last Synced: 2024-06-06T20:03:29.958Z (3 months ago)
• Topics: bash, docker, docker-compose, elasticsearch, elk, httpx, kibana, lua, nmap, nmap-scripts, nuclei, penetration-testing, projectdiscovery, python, reconnaissance, security, security-tools
• Language: Python
• Homepage:
• Size: 371 KB
• Stars: 4
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-hacking-lists - c-sh0/santacruz - Elasticsearch and Kibana setup for Penetration testing and reconnaissance. (Python)

README

        
# Santacruz

**Status**: *In Development*

Elasticsearch and Kibana setup for Penetration testing and reconnaissance.

* An Original Idea? Nope.

* My own version? Yep.

## Description

Having to write custom shell scripts to parse and keep track of all the data from many different security tools is time consuming and often results in a mountain of text files. Other solutions to this problem often include yet more tools, often times a license, and features that are never used. I needed something simple, lightweight, customisable, portable, and easy to deploy without all the "feature" bloat.

#### TL;DR

* Normalize useful tool output

* Team Collaboration

# Getting Started

1. Clone


   ```git clone https://github.com/c-sh0/santacruz.git```

2. Increase virtual memory for Elasticsearch


   ```sysctl -w vm.max_map_count=262144```


   ```echo 'vm.max_map_count=262144' >> /etc/sysctl.conf```

3. Setup the persistent storage volumes. Permissions need to match the elasticsearch and kibana container users, 1000:1000)


   ```mkdir -p ./data/elasticsearch ./data/kibana```


   ```chown 1000:1000 ./data/elasticsearch ./data/kibana```

## Start Elasticsearch and Kibana containers

The easiest approach when setting passwords is by following the steps below otherwise, your going to end up mucking with the containers and/or composer files later.

1. Start Elasticsearch container (&& watch logs to make sure it starts)


   ```docker-compose up -d elasticsearch && docker logs elasticsearch --follow```

2. Change the default passwords for all built-in users, make note of the output.


   ```docker exec elasticsearch /bin/bash -c "bin/elasticsearch-setup-passwords auto --batch"```

3. Since this is a `single-node` cluster, for all newly created indexes, create an index template that will set `number_of_replicas` to `0`

      ```sh

      curl -X PUT 'http://localhost:9200/_template/template_1' \

      -H 'Content-Type: application/json' \

      -d '{"index_patterns":["*"],"order":0,"settings":{"number_of_shards":1,"number_of_replicas": 0}}' \

      -u elastic:

      ```

      Refer to the documentation for more information and settings.


      https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-templates-v1.html

4. Update the Kibana and Santacruz configuration files with generated password from #2


   ```conf/kibana.yml```


   ```conf/cli.yml```

5. Start Kibana container. It will take a min or two to fully start (&& watch logs to make sure it starts)


   ```docker-compose up -d kibana && docker logs kibana --follow```

6. Login into the Kibana dashboard (user: elastic, password from #2)


   ```http://your.ip:5601/```

7. (Optional) Add additional users: **Stack Management** -> **Users**

### Optional

By default, containers will not automaticaly start on system boot. The following commands will start the containers when docker starts

   ```sh

      docker update --restart=always elasticsearch

      docker update --restart=always kibana

   ```

See: https://docs.docker.com/config/containers/start-containers-automatically/

## Documentation

doc/README.md

## Todo

   * Documentation

   * Rename this project

   * Single CLI tool

   * Logstash/Filebeat? (Doubtful, no need for it here)

   * Other

## References

Marco Lancini's writeup: Offensive ELK: Elasticsearch for Offensive Security


Elasticsearch: https://github.com/elastic/elasticsearch


Kibana: https://github.com/elastic/kibana


Nmap: https://nmap.org/


Project Discovery: https://github.com/projectdiscovery