doytsujin / j1nuclei Goto Github PK

J1Nuclei is a CLI tool demonstrating how JupiterOne platform can automate and learn from other tools. It automates everyday security tasks of scanning endpoints for vulnerabilities. Once scans are complete, the tool returns findings to our JupiterOne knowledge graph. Results can be reviewed, prioritized, and measured using Jupiterone console and insight dashboards.

The tool can be installed by simply cloning the repository and starting the module.

1. Get Started - If you're not already using JupiterOne, it's free (no credit card).
2. Install nuclei
   pip install nuclei
3. Install j1nuclei
   
   • PIP pip install j1nuclei
   • From source git clone [email protected]:JupiterOne/j1nuclei.git
4. Get JupiterOne API token
   Follow instructions from Create User and Account API Keys kb article.

Findings are mapped back into our graph using the following schema

More information about J1QL is available from Introduction to JupiterOne Query Language The J1QL and knowledge graph can answer many questions, here's a few from the data set produced by J1Nuclei

FIND nuclei_finding as f
RETURN count(f) as value

FIND *
WITH tag.Production = true AND classification = 'critical' AS asset
THAT HAS >> nuclei_finding
RETURN COUNT(asset)

FIND UNIQUE * as asset
THAT HAS >> nuclei_finding
RETURN count(asset) as value

FIND nuclei_finding as f
WHERE f._type = 'nuclei_finding'
RETURN f.severity as x, count(f) as y

FIND *
THAT HAS >> nuclei_finding
THAT IS >> nuclei_vulnerability
RETURN TREE

You can also create dashboards using our console Insights. For starters, you can use the one we provided as part of this tool nuclei_portal_schema.json. Steps to create, edit, and upload your own dashboard are available from Getting started with insights-dashboards. We also shared many dashboards in our open-source repository from https://github.com/JupiterOne/insights-dashboards.

Because getting a comprehensive view may require several queries, j1nuclei use a JSON file target_query.json to define all queries to run. The file is populated with common queries by default and is extensible with any J1QL queries. For more information on our J1QL language is available from our support site and other questions implementation is available from JupiterOne Questions library.