Code Monkey home page Code Monkey logo

czertainly-ip-discovery-provider's Introduction

CZERTAINLY Network Discovery Provider

This repository is part of the commercial open-source project CZERTAINLY. You can find more information about the project at CZERTAINLY repository, including the contribution guide.

Network Discovery provider implements the logic of discovering certificates that are distributed over the network.

Network Discovery Provider can discover certificates from:

  • Intranet - Scan the entire infrastructure inside an organization and discover the certificates from application and sites that are not exposed to the outside worked
  • Internet - If the provider has access to the internet, It can discover certificates from any publicly accessible URLs

The Connector provides various options during the certificate, including:

  • Single Host Scan
  • Multiple Host Scan
  • Single / Multi Subnet Scan
  • Single / All port Scan

Short Process Description

Connector discovers the certificates from the host without increasing the network traffic and congestion. When the connector receives the request to scan the host, it tries to connect to the ssl port (which can be left default to 443 or provided with custom value), captures the certificates and parses them. Once the certificates are successfully gathered, it is then sent back to the Core for storage and parsing. Core takes care of the rest.

To know more about Core, refer to CZERTAINLY Core.

Interfaces

Network discovery provider implements the Discovery Provider Interface from the CZERTAINLY Interfaces. To learn more about the interfaces and end points, refer to the CZERTAINLY Interfaces.

For more information regarding the Discovery, please refer to the CZERTAINLY documentation.

Docker container

Network Discovery Provider is provided as a Docker container. Use the harbor.3key.company/czertainly/czertainly-ip-discovery-provider:tagname to pull the required image from the repository. It can be configured using the following environment variables:

Variable Description Required Default value
JDBC_URL JDBC URL for database access N/A
JDBC_USERNAME Username to access the database N/A
JDBC_PASSWORD Password to access the database N/A
DB_SCHEMA Database schema to use network
PORT Port where the service is exposed 8080
JAVA_OPTS Customize Java system properties for running application N/A

czertainly-ip-discovery-provider's People

Contributors

3keypradeep avatar 3keyroman avatar lubomirw avatar

Watchers

avatar

czertainly-ip-discovery-provider's Issues

Implement discovery execution policy

Discovery execution policy represents a way how the scanning should be performed to not create overhead on the network or similar issue.

There is configuration of execution that can be specified or calculated:

  • batch size - define how many IP addresses or hostnames will be scanned in one batch. The batch size will be calculated based on the number of IP addresses or hostnames to scan
  • execution policy options:
    • sequential
    • parallel (how many parallel processes to create)
    • all at once

Support for IPv6

It looks like IP-Discovery-Provider does not support IPv6 protocol. I'm testing on version 2.7.1-0-develop and it finds nothing:
Screenshot at 2023-04-15 11-14-00

For testing you can use https://www.nebezi.cz/

Self-signed certificates are not discovered

When running discovery, only certificates that are trusted and with valid certificate chain are now discovered.
Implement changes to discovery process to discover all certificates.

Add support for IP ranges and importing its configuration from CSV

Add CSV import option to IP-Hostname kind with following structure:

  • IP address or hostname
  • comma separated ports. The delimiter in this case should be different than comma, for example pipe |

Add new kinds with following attributes and CSV import structure:

IP-Range

  • Starting IP address
  • Ending IP address
  • Comma separated ports
  • upload CSV option with the similar structure (ports delimited with pipe |)

IP-Subnet

  • Subnet, for example 192.168.1.0/24
  • Comma separated ports
  • upload CSV option with the similar structure (ports delimited with pipe |)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.