Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trimstray/otseca

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
https://github.com/trimstray/otseca

auditing cybersecurity dump html-report information-gathering linux pentesting reporting security-audit security-tools system system-analysis system-config system-information

Last synced: about 19 hours ago
JSON representation

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Host: GitHub
URL: https://github.com/trimstray/otseca
Owner: trimstray
License: gpl-3.0
Created: 2018-05-30T12:18:59.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2020-03-24T10:25:05.000Z (over 4 years ago)
Last Synced: 2024-08-02T09:29:05.517Z (3 months ago)
Topics: auditing, cybersecurity, dump, html-report, information-gathering, linux, pentesting, reporting, security-audit, security-tools, system, system-analysis, system-config, system-information
Language: Shell
Homepage:
Size: 6.39 MB
Stars: 479
Watchers: 15
Forks: 78
Open Issues: 3
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: .github/CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

Open source security auditing tool to search and dump system configuration.

_{Created by

trimstray and

contributors}

***

## Introduction

### The main goal

The main assumption of creating this tool was **easier** and **faster** delivery of **commands sets** to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time.

### For whom

**Otseca** facilitates collection of many important information about a given system.

It is useful for:

    :ballot_box_with_check: system administrators

    :ballot_box_with_check: security researchers

    :ballot_box_with_check: security professionals

    :ballot_box_with_check: pentesters

    :ballot_box_with_check: hackers

### How To Use

It's simple:

```bash
# Clone this repository
git clone https://github.com/trimstray/otseca

# Go into the repository
cd otseca

# Install
./setup.sh install

# Run the app
otseca --ignore-failed --tasks system,network --output /tmp/report
```

> * symlink to `bin/otseca` is placed in `/usr/local/bin`
> * man page is placed in `/usr/local/man/man8`

> **Hint 1**
> If you do not want the script to be stopped after encountering errors add `--ignore-failed` script param.

> **Hint 2**
> Only selected tasks using the `--tasks ` script param.

## Description

**Otseca** is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in **HTML** or **RAW-HTML** formats.

The basic goal is to get as much information about the scanned system as possible for later analysis. **Otseca** contains many predefined commands, however, nothing prevents you from creating your own according to your needs. In addition, it automates the entire information gathering process.

After the scan finishes, a report is generated to examine specific nooks of the system.

## Requirements

This tool working with:

- **GNU/Linux** (testing on Debian and CentOS)
- **Bash** (testing on 4.4.19)

Also you will need **root access**.

## Output

An exemplary result of the process of collecting information from the local system:

Master

## Parameters

Below is a list of available options:

```bash
Usage:
otseca

Examples:
otseca --help
otseca --format html
otseca --format html --ignore-failed
otseca --format raw-html --tasks system,network

Options:
--help show this message
-f|--format set output format (key: html/raw-html)
-t|--tasks set specific task to do
(key: system, kernel, permissions, services, network, distro, external)
-o|--output set path to output directory report
--show-errors show stderr to output
--ignore-failed do not exit with nonzero on commands failed
```

## Reports

**Otseca** generates reports in html (js, css and other) or raw-html (pure html) formats.

> Default path for reports is `{project}/data/output` directory. If you want to change it, add the `--output ` option to call the script.

### Main page (index.html)

It's the main file which contains a list of reports such as system or network.

Master

### Tasks reports

The report that can be performed consists of the following sections (stacks):

- **system** - dump info from system commands (output file: system.all.log.html)
- **kernel** - dump info about kernel params (output file: kernel.all.log.html)
- **permissions** - dump info about permissions (output file: permissions.all.log.html)
- **services** - dump info about system services (output file: services.all.log.html)
- **network** - dump info from network layer (output file: network.all.log.html)
- **distro** - dump info about specific distribution (output file: distro.all.log.html)
- **external** - all external, also user tasks or included from `etc/` directory (output file: external.all.log.html)

HTML reports consist of the following blocks (example):

Master

## How it works

### Tasks

**Otseca** divides his work into **tasks**. Each sets of tasks performs defined commands (eg. from the file `etc/otseca.conf`). By default six tasks are available: **system**, **kernel**, **permissions**, **services**, **network**, **distro** and **external**.

By default, all tasks are performed but you can specify them with the `--tasks` parameter giving one or many tasks as an argument. For example:

```bash
otseca --ignore-failed --tasks system,kernel
```

### Commands

They are actual **commands** executed from the configuration file grouped into tasks.

Here is an example of a network task containing several built-in commands:

```bash
NETWORK_STACK=(\

"_exec hostname -f" \
"_exec ifconfig -a" \
"_exec iwconfig" \
"_exec netstat -tunap" \
"_exec netstat -rn" \
"_exec iptables -nL -v" \
"_exec iptables -nL -v -t nat" \
"_exec iptables -S" \
"_exec lsof -ni" \

)
```

### Submodules

**Submodules** are built-in functions that perform the commands described above. Here is submodules list:

- **_exec** - init standard commands, eg. `_exec ls -l /etc/rsyslog.conf`
- **_grep** - is responsible for searching for strings in files, eg. `_grep max_log_file /etc/audit/auditd.conf`
- **_stat** - collects information about files, eg. `_stat /etc/ssh/sshd_config`
- **_sysctl** - compares the values of the kernel parameters, eg. `_sysctl fs.suid_dumpable 1`
- **_systemctl** - checks the operation of services, eg. `_systemctl httpd`

### Output states

**Otseca** supports three output (response) states:

- **DONE** - informs that the command was executed correctly, most often it says that you did not find what you are looking for which is good information. The report is marked in **_green_**:

* from console output:

Master

* from report output:

Master

- **WARN** - informs that the command was not executed correctly (syntax error, no command, file not found etc.). The report is marked in **_yellow_**:

* from console output:

Master

* from report output:

Master

- **TRUE** - informs that the command was executed correctly and found what we were looking for, e.g. too wide permissions for the file `/etc/sudoers`. The report is marked in **_red_**:

* from console output:

Master

* from report output:

Master

## Other

### Contributing

See **[this](.github/CONTRIBUTING.md)**.

### Project architecture

See **[this](https://github.com/trimstray/otseca/wiki/Project-architecture)**.

## License

GPLv3 :

**Free software, Yeah!**