Ruggedy Limited is a New Zealand-based company founded by Francois Marais and Gareth Lawson. Our passion can be summed up as "automation through technology that helps people in their day-to-day jobs and lives". Francois is an Information Security specialist and Gareth is a Software Developer. Each have more than 15 years of experience in their areas of expertise and have embarked on a journey to see how they can bring these two specialities together to create a "security as code" solution. You can read more on our website: www.ruggedy.io.
Ruggedy VMA (Vulnerability Management App) is an open source web application built by Ruggedy Limited in PHP, using the Laravel framework as a foundation.
It is built to assist pen testers, information security consultants, CISOs (Chief Information Security Officers), and anyone who is using tools like Burp, Nessus and Nexpose, to do network and server security testing.
In the simplest terms, the application does the following:
- Consumes XML scan output files generated by Burp, Nessus or Nexpose security scanners.
- Provides an approachable, consistent user interface (UI) for analysing the data found in these files.
- Allows you to add your own manual findings of vulnerabilities using the Ruggedy App, named after the company that built this software.
- Allows you to group Vulnerabilities into "Folders".
- Enables collaboration through "comments" on vulnerability records.
- Makes it easy to send vulnerability information directly into Jira as a "Bug" issue.
- Docker
- A running MySQL server with an empty database to use when installing the application
- Run git clone https://github.com/Ruggedy-Limited/ruggedy-vma-docker.git
- It is REQUIRED that you open the /Files/.env file in an editor of your choice and configure your database connection: DB_HOST, DB_PORT, DB_DATABASE, DB_USERNAME, DB_PASSWORD.
- It is recommended that you customise the following options in the .env file: APP_ENV (local/development/production), APP_DEBUG (true/false), APP_URL (e.g. http://localhost).
- If you want the password reset functionality to send emails, configure your SMTP server in the .env file: MAIL_HOST, MAIL_PORT, MAIL_USERNAME, MAIL_PASSWORD, MAIL_ENCRYPTION, MAIL_FROM_NAME, MAIL_FROM_ADDRESS.
Now run the following commands from your shell while in the directory where the git repository was cloned:
- Run
sudo docker build -t ruggedy/ruggedy . - Run
sudo docker run -it -p80:80 ruggedy/ruggedy
If all of the above commands succeed, then the application should be installed, working and accessible via http://ip_address:80.
A default admin user is installed with the following credentials:
Username: admin@localhost
Password: password
It is highly recommended that you amend these details by logging in and making the relevant changes by clicking the "Profile" menu option on the main menu that can be accessed by clicking the hamburger menu icon at the top-left of the screen.
This still needs to be clearly defined, but the immediate plans are to make some improvements to the XML parser and to create a single command setup process in the next couple of months.
Thank you for considering contributing to Ruggedy VMA! Feel free to submit a pull request against the master branch, but if you do, all we ask is that you first check out a topic branch from master before making any commits, e.g.
git checkout master && git checkout -b my-new-topic
Alternatively you can send an email to hello@ruggedy.io if you want to discuss specific contributions.
If you discover security vulnerabilities in the application please send an email with a detailed description and proof of concept to hello@ruggedy.io.
The Ruggedy application is open-sourced software licensed under the MIT license.