Modular system security auditing toolkit.
✅ Linux - Full support
✅ Windows - Full support
The app automatically detects your platform and adjusts its security checks accordingly.
- Cross-platform security auditing for Windows and Linux
- Multiple output formats: JSON, HTML, CSV, and console
- Automated report organization in Documents folder
- Modular architecture with extensible security modules
- Professional reports with severity classification and recommendations
pip install sysvexgit clone https://github.com/PuRiToX/sysvex.git
cd sysvex
pip install -e .# Run all default modules (filesystem, network, processes) - console output
sysvex
# Run specific modules
sysvex --modules filesystem,network
# Run single module
sysvex --modules processes# Save to JSON (auto-saved to Documents/Sysvex Auditing/)
sysvex --format json
# Save to HTML report with visual dashboard
sysvex --format html
# Save to CSV for spreadsheet analysis
sysvex --format csv
# Console output (default)
sysvex --format console# Custom filename in default directory
sysvex --format json --output security_audit.json
# Full custom path
sysvex --format html --output /path/to/report.html
# Windows example
sysvex --format csv --output C:\Reports\security.csv
# Quiet mode (no console output)
sysvex --format json --quiet- World-writable files: Detects files writable by others
- SUID/SGID executables: Identifies files with elevated privileges (Unix only)
- Sensitive file permissions: Checks
/etc/passwd,/etc/shadow,/etc/sudoers(Unix) or SAM database (Windows) - Hidden files: Flags hidden files and temporary files
- Recently modified files: Tracks changes within 7 days
- Listening ports: Detects services listening on all interfaces (0.0.0.0)
- Public services: Identifies known services (SSH, HTTP, FTP, etc.)
- Suspicious connections: Flags connections to known malicious ports
- Outbound connections: Monitors unusual outbound patterns
- IP classification: Distinguishes between private and public IP connections
- Suspicious binaries: Detects processes from unexpected locations
- Command-line patterns: Identifies reverse shells, download tools, persistence mechanisms
- Privilege anomalies: Monitors privilege escalation attempts
- System processes: Flags non-system processes running with elevated privileges
- Memory-only processes: Detects processes without executable paths
- Sensitive files: SAM database, hosts file, network configurations
- Suspicious processes: PowerShell encoded commands, rundll32, certutil
- Temp directories:
%TEMP%,%TMP%, System32 temp - Legitimate paths: Program Files, System32, ProgramData
- Sensitive files:
/etc/passwd,/etc/shadow,/etc/sudoers - SUID/SGID detection: Unix permission escalation vectors
- Unix permissions: World-readable/writable file detection
- Standard paths:
/usr/bin,/bin,/sbin
{
"scan_info": {
"timestamp": "2024-01-15T10:30:00",
"total_findings": 42,
"severity_breakdown": {
"CRITICAL": 2,
"HIGH": 8,
"MEDIUM": 15,
"LOW": 17
}
},
"findings": [
{
"id": "FS-001",
"title": "World-writable file",
"severity": "HIGH",
"description": "File is writable by others",
"evidence": "/tmp/suspicious_file",
"recommendation": "Restrict permissions: chmod o-w /tmp/suspicious_file",
"source_module": "filesystem"
}
]
}- Visual dashboard with color-coded severity levels
- Summary statistics and charts
- Expandable finding details
- Professional appearance for sharing
- Spreadsheet-compatible format
- All finding details in tabular format
- Easy for data analysis and filtering
Reports are automatically saved to:
- Linux:
~/Documents/Sysvex Auditing/ - Windows:
C:\Users\{Username}\Documents\Sysvex Auditing/
Files are automatically timestamped: sysvex_report_YYYYMMDD_HHMMSS.format
- CRITICAL: Immediate security risk
- HIGH: Serious security concern
- MEDIUM: Potential security issue
- LOW: Informational/monitoring
# Quick security scan with HTML report
sysvex --format html
# Detailed analysis with JSON for automation
sysvex --format json --modules all
# Silent background scan
sysvex --format csv --quiet --output security_scan.csv
# Custom filename
sysvex --format html --output "security_audit_$(date +%Y%m%d).html"
# Scan specific module with custom output
sysvex --modules filesystem --format json --output filesystem_audit.jsonPackage: sysvex
Version: 0.1.1
Status: Published and ready for installation
# Run with development setup
export PYTHONPATH=src
python -m sysvex.cli
# Test individual modules
python -c "
from sysvex.modules.filesystem import Module
module = Module()
findings = module.run({'scan_path': '/tmp'})
print(f'Found {len(findings)} issues')
"MIT License - see LICENSE file for details.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
- Issues: GitHub Issues
- Documentation: GitHub Wiki