trimstray / otseca Goto Github PK

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

License: GNU General Public License v3.0

Shell 57.09% CSS 32.90% JavaScript 0.95% HTML 8.08% Roff 0.98%

linux system system-config system-information pentesting auditing information-gathering system-analysis security-audit security-tools dump cybersecurity reporting html-report

otseca's Introduction

Open source security auditing tool to search and dump system configuration.

_{Created by
trimstray and
contributors}

Introduction

The main goal

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time.

For whom

Otseca facilitates collection of many important information about a given system.

It is useful for:

    :ballot_box_with_check: system administrators
    :ballot_box_with_check: security researchers
    :ballot_box_with_check: security professionals
    :ballot_box_with_check: pentesters
    :ballot_box_with_check: hackers

How To Use

It's simple:

# Clone this repository
git clone https://github.com/trimstray/otseca

# Go into the repository
cd otseca

# Install
./setup.sh install

# Run the app
otseca --ignore-failed --tasks system,network --output /tmp/report

symlink to bin/otseca is placed in /usr/local/bin

man page is placed in /usr/local/man/man8

Hint 1 If you do not want the script to be stopped after encountering errors add --ignore-failed script param.

Hint 2 Only selected tasks using the --tasks <task_1,task_2,task_n> script param.

Description

Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

The basic goal is to get as much information about the scanned system as possible for later analysis. Otseca contains many predefined commands, however, nothing prevents you from creating your own according to your needs. In addition, it automates the entire information gathering process.

After the scan finishes, a report is generated to examine specific nooks of the system.

Requirements

This tool working with:

GNU/Linux (testing on Debian and CentOS)
Bash (testing on 4.4.19)

Also you will need root access.

Output

An exemplary result of the process of collecting information from the local system:

Parameters

Below is a list of available options:

  Usage:
    otseca <option|long-option>

  Examples:
    otseca --help
    otseca --format html
    otseca --format html --ignore-failed
    otseca --format raw-html --tasks system,network

  Options:
        --help                      show this message
     -f|--format <key>              set output format (key: html/raw-html)
     -t|--tasks <key>               set specific task to do
                                    (key: system, kernel, permissions, services, network, distro, external)
     -o|--output <path>             set path to output directory report
        --show-errors               show stderr to output
        --ignore-failed             do not exit with nonzero on commands failed

Reports

Otseca generates reports in html (js, css and other) or raw-html (pure html) formats.

Default path for reports is {project}/data/output directory. If you want to change it, add the --output <path> option to call the script.

Main page (index.html)

It's the main file which contains a list of reports such as system or network.

Tasks reports

The report that can be performed consists of the following sections (stacks):

system - dump info from system commands (output file: system.all.log.html)
kernel - dump info about kernel params (output file: kernel.all.log.html)
permissions - dump info about permissions (output file: permissions.all.log.html)
services - dump info about system services (output file: services.all.log.html)
network - dump info from network layer (output file: network.all.log.html)
distro - dump info about specific distribution (output file: distro.all.log.html)
external - all external, also user tasks or included from etc/ directory (output file: external.all.log.html)

HTML reports consist of the following blocks (example):

How it works

Tasks

Otseca divides his work into tasks. Each sets of tasks performs defined commands (eg. from the file etc/otseca.conf). By default six tasks are available: system, kernel, permissions, services, network, distro and external.

By default, all tasks are performed but you can specify them with the --tasks parameter giving one or many tasks as an argument. For example:

otseca --ignore-failed --tasks system,kernel

Commands

They are actual commands executed from the configuration file grouped into tasks.

Here is an example of a network task containing several built-in commands:

NETWORK_STACK=(\

  "_exec hostname -f" \
  "_exec ifconfig -a" \
  "_exec iwconfig" \
  "_exec netstat -tunap" \
  "_exec netstat -rn" \
  "_exec iptables -nL -v" \
  "_exec iptables -nL -v -t nat" \
  "_exec iptables -S" \
  "_exec lsof -ni" \

)

Submodules

Submodules are built-in functions that perform the commands described above. Here is submodules list:

_exec - init standard commands, eg. _exec ls -l /etc/rsyslog.conf
_grep - is responsible for searching for strings in files, eg. _grep max_log_file /etc/audit/auditd.conf
_stat - collects information about files, eg. _stat /etc/ssh/sshd_config
_sysctl - compares the values of the kernel parameters, eg. _sysctl fs.suid_dumpable 1
_systemctl - checks the operation of services, eg. _systemctl httpd

Output states

Otseca supports three output (response) states:

DONE - informs that the command was executed correctly, most often it says that you did not find what you are looking for which is good information. The report is marked in green:
- from console output:
- from report output:
WARN - informs that the command was not executed correctly (syntax error, no command, file not found etc.). The report is marked in yellow:
- from console output:
- from report output:
TRUE - informs that the command was executed correctly and found what we were looking for, e.g. too wide permissions for the file /etc/sudoers. The report is marked in red:
- from console output:
- from report output:

Other

Contributing

See this.

Project architecture

See this.

License

GPLv3 : http://www.gnu.org/licenses/

Free software, Yeah!

otseca's People

Contributors

Stargazers

Watchers

Forkers

zshell techlord-rce jack51706 hapazores crackercat fo0nikens olgermolla vaginessa fkhadra fuckup1337 jrodriguez556 leksa p0prxx m41doror johnjohnsp1 attacker34 chaitanyakrishna koollman theralfbrown nerrickt pianomanx orf53975 dc-avasilev psaschool sgachies hashbrown1013 adamnugraha star-bob hbxc0re marciopocebon xiaolushuo silverheartshafiq lapd-devops marcelopalacioabreu crudbug wellart johndoex1 securux sporiyano reviewthislater 0x6b7966 esraalinca xfixic testertester0123456789 projectzerodays arocse adityavs morristech 5l1v3r1 sanjaynitttr sandeepk17 arbal vichhaiyserey dwtcourses prongedfork juanrdzbaeza git04112019 sashka3076 commandline-be ekmixon sumodgeorge terrorizer1980 tnyyli polashneog alecscodehub onesorzer0es c0deur mohamedahmed2022 drakevonduck aleph-works juangarcia4ks dekoder pamamolf haiandaxia heimsec chriss-0x01 jessig2319

otseca's Issues

Error

Hello,
I'm getting this error while running the script.
Create symbolic link to /usr/local/bin
Create man page to /usr/local/man/man8

I tried creating symbolic link with below command ln -s /root/otseca /usr/local/bin
I'm getting error ln: failed to create symbolic link '/usr/local/bin/otseca': File exists

Incorrect sorting of report files.

For resolve this issue (--version-sort or -V option):

$ printf "prefix%d\n" $(seq 10 -3 1) | sort
prefix1
prefix10
prefix4
prefix7

$ printf "prefix%d\n" $(seq 10 -3 1) | sort --version-sort
prefix1
prefix4
prefix7
prefix10

Support for Archlinux

I tried porting this to archlinux with not much success. I skipped the weird setup script because it assumes that the otseca files live in someones home dir or similar which is not how you should install software.
I put together this PKGBUILD to install it which seems to work for now but a proper install method would be nice in the future. Maybe try a Makefile or something. It's really ieasy to do and people know how to use those.

# Maintainer: Ricardo (XenGi) Band <[email protected]>
pkgname=otseca
pkgver=1.0.5
pkgrel=1
pkgdesc="Open source security auditing tool to search and dump system configuration"
arch=('i686' 'x86_64')
url="https://github.com/trimstray/otseca"
license=('GPL')
source=("https://github.com/trimstray/otseca/archive/v${pkgver}.tar.gz")
sha256sums=('c04818c531bc8181f5e6603f237d1f6ca7a909c149f73ed7f9a54f94ce065df6')

package() {
  cd "${srcdir}/${pkgname}-${pkgver}"
  # ./setup.sh install -- not doing that weird thing of an install script

  install -Dm0755 bin/otseca ${pkgdir}/usr/share/otseca/bin/otseca
  install -d ${pkgdir}/usr/bin
  ln -sf /usr/share/otseca/bin/otseca ${pkgdir}/usr/bin/otseca

  install -d ${pkgdir}/usr/share/otseca
  cp -r doc ${pkgdir}/usr/share/otseca/
  gzip ${pkgdir}/usr/share/otseca/doc/man8/otseca.8
  install -d ${pkgdir}/usr/share/man/man8
  ln -sf /usr/share/otseca/doc/man8/otseca.8.gz ${pkgdir}/usr/share/man/man8/otseca.8.gz

  install -Dm0644 -t ${pkgdir}/etc/otseca/ etc/*
  ln -sf /etc/otseca ${pkgdir}/usr/share/otseca/etc

  install -Dm0644 -t ${pkgdir}/usr/share/otseca/lib lib/*
  install -Dm0644 -t ${pkgdir}/usr/share/otseca/src src/*
  cp -r templates ${pkgdir}/usr/share/otseca/templates
  install -Dm0644 README.md ${pkgdir}/usr/share/otseca/README.md

  install -d ${pkgdir}/var/log/otseca
  ln -sf /var/log/otseca ${pkgdir}/usr/share/otseca/log

  install -d ${pkgdir}/usr/share/otseca/data/output
}

Anyway after installing otseca and running it I get the following output:

$ sudo otseca --show-errors
      ┌─────────────────────────────────────────────────────────────┐
      │                                                             │
      │           Φ otseca v1.0.5 security audit script             │
      │                                                             │
      │        Project: https://github.com/trimstray/otseca         │
      │                                                             │
      │               Debian GNU/Linux, CentOS Linux                │
      │                                                             │
      └─────────────────────────────────────────────────────────────┘

      
   °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

  -- [ Init environment ] --

     • load otseca.conf
     • set dump directory: dump.1552473482
     • set log file: dump.log

   °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

  -- [ Dump system information ] --

     × task: SYSTEM
     ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
      • exec: uname -a  					 [ DONE ] 
      • exec: uptime    					 [ DONE ] 
      • exec: lsb_release -a    				 [ DONE ] 
      • exec: cat /proc/cpuinfo 				 [ DONE ] 
      • exec: ps -auxenf					 [ DONE ] 
      • grep: "^\s*linux" in /boot/grub/grub.*  		 [ TRUE ] 
         stderr:
sed: can't read /usr/share/otseca/bin/../data/output/dump.1552473482/err.log: No such file or directory

I'm not sure what the problem is. The directory /usr/share/otseca/bin/../data/output/dump.1552473482 has no err.log file but instead some dump.log.1552473482-system-* files.

This doesn't seem to be a archlinux specific problem. SO maybe I found a generic bug here?

More commands in tasks.

Adding new commands to tasks:

for specific distro
to etc/otseca.conf