https://github.com/depthsecurity/armory
Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information.
https://github.com/depthsecurity/armory
hacktoberfest
Last synced: 6 months ago
JSON representation
Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information.
- Host: GitHub
- URL: https://github.com/depthsecurity/armory
- Owner: depthsecurity
- License: gpl-3.0
- Created: 2018-05-03T22:17:46.000Z (about 8 years ago)
- Default Branch: docker
- Last Pushed: 2026-01-16T20:39:57.000Z (6 months ago)
- Last Synced: 2026-01-17T09:17:32.333Z (6 months ago)
- Topics: hacktoberfest
- Language: Python
- Homepage:
- Size: 3.71 MB
- Stars: 422
- Watchers: 18
- Forks: 72
- Open Issues: 6
-
Metadata Files:
- Readme: Readme.md
- License: LICENSE
Awesome Lists containing this project
README
```
_
dM.
,MMb
d'YM. ___ __ ___ __ __ _____ ___ __ ____ ___
,P `Mb `MM 6MM `MM 6MMb 6MMb 6MMMMMb `MM 6MM `MM( )M'
d' YM. MM69 " MM69 `MM69 `Mb 6M' `Mb MM69 " `Mb d'
___,P____Mb___MM______MM____MM____MM_MM_____MM_MM_______YM.__,P___
d' YM. MM MM MM MM MM MM MM MM M \
__,MMMMMMMMb__MM______MM____MM____MM_MM_____MM_MM________`Mbd'_____\
d' YM. MM MM MM MM YM. ,M9 MM YMP
_dM_ _dMM_MM_ _MM_ _MM_ _MM_ YMMMMM9 _MM_ M
d'
(8),P
YMM
```
# Description
_This is somewhat stable now, but is still evolving. The original 'master' branch is now armory1_
Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information. It isn't meant to replace any specific tool. It is meant to take the output from various tools, and use it to feed other tools.
Additionally, it is meant to be easily extendable. Don't see a module for your favorite tool? Write one up! Want to export data in just the right format for your reporting? Create a new report!
# Prerequisites
While Armory can operate fine without Docker, you will need it if you don't want to install all of the tools the modules use on the host.
# Installation
Installation is easy using pipx.
`pipx install depth-armory`
# Configuration
On first run, configuration files will be created in `~/.armory/`. To generate them, just type `armory`.
There are two types of files:
- `settings.py`: This contains the basic settings for Armory itself. This contains project paths, custom module paths, etc.
- `toolname.ini`: These files are for hardcoding settings for various modules. They are autogenerated with all of the options the tools have available.
The default configuration will store your database and data in `~/armory_project`.
Optionally, edit *settings.py* and modify the **base_path** option. This should point to the root path you are using *for your current project*. You probably should change this with every project, so you will always be using a clean database. If you don't want to change the **base_path** with every new project, you could also simply delete or rename the *db.sqlite3* file from your **base_path**. All files generated by modules will be created in here, as well as the sqlite3 database. **By default it will be within the current directory-`.`** For additional information on *setings.py*, see [documentation here](SettingsConfigs.md).
Finally, run `armory-init` to create the database.
# Docker files
You can install docker images for most of the modules in Armory. To do so, use the command `armory-docker`:
```
-> % armory-docker -h
usage: manage build_docker [-h] [-s] [-a ACTION] [-m MODULES] [-r] [--version] [-v {0,1,2,3}]
[--settings SETTINGS] [--pythonpath PYTHONPATH] [--traceback] [--no-color]
[--force-color] [--skip-checks]
Build docker images
options:
-h, --help show this help message and exit
-s, --smart Smart build. If a binary is installed, the docker image won't be built.
-a, --action ACTION Action to perform. `build` to build reports, `pull` to pull from Dockerhub, and
`both` (Default: both)
-m, --modules MODULES
Module to build the docker image for, or 'all' for every image. (default: all)
-r, --rebuild Rebuild docker image without cache
```
By default, the command will pull/build dockerfiles for all discovered modules. Using `-s` will avoid building dockerfiles for tools that are discovered within the PATH.
# Usage
Usage is split into **modules**, **reports** and **webapps**.
## Modules
Modules run tools, ingest output, and write it to the database. To see a list of available modules, type:
`armory -lm`
To see a list of module options, type:
`armory -m -M`
## Reports
Reports are similar to modules, except they are meant to pull data from the database, and display it in a usable format. To view all of the available reports:
`armory -lr`
To view available report options:
`armory -r -R`
## Web Apps
Armory has a web app engine, with a couple of provided web apps. This can be launched with:
`armory-web` which will listen on http://127.0.0.1:8099, or `armory-manage runserver 0.0.0.0:8099` if you'd like to modify the bind IP address and/or port.
## Interactive Shell
There is also an interactive shell which uses [IPython](https://ipython.org/) as the base and will allow you to run commands or change database values. It can be launched with: `armory-shell`.
By default, the following will be available: `Domain, BaseDomain, IPAddress, CIDR, User, Cred, Vulnerability, Port, Url`.