Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration
Switch branches/tags
Nothing to show
Clone or download
Latest commit 9a28afe Oct 18, 2017
Permalink
Failed to load latest commit information.
docs jira and opsgenie screenshots added Jun 22, 2017
.gitignore Initial commit Jun 9, 2017
LICENSE Update LICENSE Jun 27, 2017
README.md Update README.md Oct 17, 2017
requirements.txt opsgenie added Jun 22, 2017
salt-scanner.py fixes #2 Oct 18, 2017

README.md

salt-scanner

A linux vulnerability scanner based on Vulners Audit API and Salt Open, with Slack notifications and JIRA integration.

Features

  • Slack notification and report upload
  • JIRA integration
  • OpsGenie integration

Requirements

  • Salt Open 2016.11.x (salt-master, salt-minion)¹
  • Python 2.7
  • salt (you may need to install gcc, gcc-c++, python dev)
  • slackclient
  • jira
  • opsgenie-sdk

Note: Salt Master and Minion versions should match. Salt-Scanner supports Salt version 2016.11.x. if you are using version 2017.7.x, replace "expr_form" with "tgt_type" in salt-scanner.py.

Usage

$ ./salt-scanner.py -h

 ==========================================================
  Vulnerability scanner based on Vulners API and Salt Open
 _____       _ _     _____                                 
/  ___|     | | |   /  ___|                               
\ `--.  __ _| | |_  \ `--.  ___ __ _ _ __  _ __   ___ _ __ 
 `--. \/ _` | | __|  `--. \/ __/ _` | '_ \| '_ \ / _ \ '__|
/\__/ / (_| | | |_  /\__/ / (_| (_| | | | | | | |  __/ |   
\____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_|   

               Salt-Scanner 0.1 / by 0x4D31               
 ==========================================================

usage: salt-scanner.py [-h] [-t TARGET_HOSTS] [-tF {glob,list,grain}]
                       [-oN OS_NAME] [-oV OS_VERSION]

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET_HOSTS, --target-hosts TARGET_HOSTS
  -tF {glob,list,grain}, --target-form {glob,list,grain}
  -oN OS_NAME, --os-name OS_NAME
  -oV OS_VERSION, --os-version OS_VERSION

$ sudo SLACK_API_TOKEN="EXAMPLETOKEN" ./salt-scanner.py -t "*"

 ==========================================================
  Vulnerability scanner based on Vulners API and Salt Open
 _____       _ _     _____                                 
/  ___|     | | |   /  ___|                               
\ `--.  __ _| | |_  \ `--.  ___ __ _ _ __  _ __   ___ _ __ 
 `--. \/ _` | | __|  `--. \/ __/ _` | '_ \| '_ \ / _ \ '__|
/\__/ / (_| | | |_  /\__/ / (_| (_| | | | | | | |  __/ |   
\____/ \__,_|_|\__| \____/ \___\__,_|_| |_|_| |_|\___|_|   

               Salt-Scanner 0.1 / by 0x4D31               
 ==========================================================

+ No default OS is configured. Detecting OS...
+ Detected Operating Systems:
   - OS Name: centos, OS Version: 7
+ Getting the Installed Packages...
+ Started Scanning '10.10.10.55'...
   - Total Packages: 357
   - 6 Vulnerable Packages Found - Severity: Low
+ Started Scanning '10.10.10.56'...
   - Total Packages: 392
   - 6 Vulnerable Packages Found - Severity: Critical

+ Finished scanning 2 host (target hosts: '*').
2 Hosts are vulnerable!

+ Output file created: 20170622-093138_232826a7-983f-499b-ad96-7b8f1a75c1d7.txt
+ Full report uploaded to Slack
+ JIRA Issue created: VM-16
+ OpsGenie alert created

You can also use Salt Grains such as ec2_tags in target_hosts:

$ sudo ./salt-scanner.py --target-hosts "ec2_tags:Role:webapp" --target-form grain

Slack Alert

Salt-Scanner

TODO

  • Clean up the code and add some error handling
  • Use Salt Grains for getting the OS info and installed packages

[1] Salt in 10 Minutes: https://docs.saltstack.com/en/latest/topics/tutorials/walkthrough.html