GithubHelp home page GithubHelp logo

markgacoka / cysuite Goto Github PK

View Code? Open in Web Editor NEW
0.0 2.0 1.0 44.68 MB

CySuite is an all-in-one security testing tool that automates bug hunting checklists on web targets. It hosts additional tools such as request manipulators, wordlist generators and decoders.

Home Page: https://cysuite.io

CSS 13.96% JavaScript 76.51% HTML 4.36% Python 5.15% Dockerfile 0.01% Procfile 0.01%
vulnerability-assessment bug-hunting-checklist automation security-tools vulnerability-scanners

cysuite's Introduction

CySuite logo

CySuite

As security researchers ourselves, our mission is to make security analysis more efficient and accessible by providing powerful tools, all in one central place.

CySuite is a web-security automation tool designed to ease recon and vulnerability assessment in web targets. This tool is suited for bug bounty hunters, penetration testers and cybersecurity enthusiasts with interest in security automation.

CySuite is designed to scan and test for all classic vulnerabilities in the OWASP Top 10 list. It starts with passive and active reconnaissance, stores the result to a database, then scans for attack vectors in which a potential vulnerability might lie. It also offers a myriad of tools for vulnerability assessment such as request manipulators, wordlist generators, code injectors and various encoders/decoders.

Please make sure to read the CONTRIBUTING and CODE OF CONDUCT pages before joining the community or contributing.

VALUES: Lean, Fast, Organized

Features

Subdomain Enumeration

The subdomain enumeration section of Cysuite scans for subdomains both passively and actively.

Bruteforce

A dataset/wordlist of your choice can be provided to bruteforce possible subdomains. - The number of threads and requests/second can be changed. - The results are saved to the local database for future reference, future intergration and efficient rescans. - Comes with all.txt, commonspeak2 and Seclist's subdomains-top1million-110000.txt wordlists built-in.

Passive archives

  • Rapid7 FDNS dataset
  • The Wayback Machine
  • CommonCrawl

Search engines

  • Google
  • Bing
  • Ask
  • Baidu
  • Netcraft
  • Yahoo
  • DNSDumpster

Certificate Authorities

  • Certspotter
  • Google transparency logs
  • Entrust certificates
  • Crt.sh

DNS infrastructure

  • DNSDB
  • DNSTrails
  • PassiveDNS

Threat detection APIs

  • OpenThreat
  • PassiveTotal
  • VirusTotal
  • Threatcrowd
  • Censys
  • Shodan
  • F-Secure Riddler
  • HackerTarget

Output: subdomains, related IP addresses (IPv4), status codes, Web Application Firewall (WAF), Server Type, homepage screenshot (if possible).

For more information on the database models used, check the API Docs page

Containerization Technique

DIRECTORY:
\---cysuite
    |   asgi.py
    |   settings.py
    |   celery.py
    |   urls.py
    |   wsgi.py
    |   __init__.py
\---main
    \---migrations
    |   __init__.py
    |   admin.py
    |   apps.py
    |   models.py
    |   tasks.py
    |   subdomains.py
    |   tests.py
    |   views.py
    |   __init__.py
\---cyauth
    |   __init__.py
    |   admin.py
    |   apps.py
    |   models.py
    |   tests.py
    |   views.py
    |   __init__.py
| manage.py      

### Setup ###
# Ensure database was created
docker-compose exec db psql --username=docker --dbname=cysuite_db
\l
\c cysuite_db
\dt

### Quick Run ###
# RUN
docker-compose build
docker-compose -f docker-compose.yml up --no-start
docker-compose -f docker-compose.yml start
docker-compose up

# Test if container runs (one-time deployment)
docker-compose run django

# Deploy/start server again
docker-compose up

# Stop running container
docker-compose stop

### Stop Service ###
# Stop and remove docker containers
docker-compose down
docker container stop $(docker container ls -aq)
sudo killall -9 python celery redis redis-server
sudo kill -9 $(sudo lsof -t -i:5432)
sudo kill -9 $(sudo lsof -t -i:6379)
docker stop $(docker ps -a -q)
docker rm -f $(docker ps -a -q)
sudo service postgresql stop

### DANGER ZONE !! ###
# Delete all images
sudo docker rmi -f $(docker images -q)

# Stop Docker
sudo systemctl stop docker

# Removing a container
docker ps -a
docker stop [container_name]
docker rm -f [container_name]

### Misc ###
# Build image defined in the Dockerfile
docker build .

# Send packages with versions to requirements.txt
pipenv lock -r > requirements.txt

# Running bash on Docker
docker exec -it dev-postgres bash

# Start the postgresql server
sudo service postgresql start

Running the program locally

Windows:

git clone https://github.com/markgacoka/CySuite
cd CySuite

pip install virtualenv
virtualenv --python C:\Users\Username\AppData\Local\Programs\Python\Python[Version]\python.exe venv
.\venv\Scripts\activate

pip install -r requirements.txt
[boto3 celery-progress celery cfscrape django-allauth django-celery-results django-heroku django-storages djangorestframework gunicorn jsonfield pillow puremagic pypng python-dotenv redis yarl]

# Migrate the database and create a superuser
python manage.py makemigrations
python manage.py migrate
python manage.py createsuperuser
python manage.py changepassword [email protected]

# Run redis, celery worker and Django server
redis-server
celery -A cysuite worker -P threads -l INFO --concurrency=8
python manage.py runserver

Remove all pycache files

find . -type d -name __pycache__ -exec rm -r {} \+

cysuite's People

Contributors

markgacoka avatar

Watchers

Kostas Georgiou avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.