Skip to content

danielmichaels/OnPicket

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.github/workflows
.github/workflows
 
 
assets
assets
 
 
cmd/app
cmd/app
 
 
data
data
 
 
internal
internal
 
 
pkg/api
pkg/api
 
 
spec
spec
 
 
.air.toml
.air.toml
 
 
.env.sample
.env.sample
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Taskfile.yml
Taskfile.yml
 
 
captain-definition
captain-definition
 
 
docker-compose.yml
docker-compose.yml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
index.js
index.js
 
 
package.json
package.json
 
 
tailwind.config.js
tailwind.config.js
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

On Picket

External Attack Surface Management

On Picket is an open source project useful for assessing your external attack surface.

This project is in pre-alpha - the API could break at any time during this phase. In this phase the only supported scanner is nmap.

Overview

On Picket is primarily an API to interact with several other open source applications used in threat modelling.

By providing an API it is possible to create your own ways, means and methodologies for scheduling these tools. No terminal or interactive TTY's are needed, only curl. A user interface may be added in the future.

Hosted

A hosted version of this project is live at onpicket.com. It is available for use today however, until we reach a stable version expect braking changes and possible data loss!

The documentation can be found at onpicket.com/docs.

To get a glimpse of the previous responses, run this command:

# tip: pipe to `jq` for better results.
curl --request GET \
  --url 'https://onpicket.com/api/scans?page=1&page_size=1' \
  --header 'Accept: application/json'

Self-Host

This application can be self-hosted easily.

The following services are needed to run On Picket:

The easiest way to get started is to run the docker-compose.yml file locally. This has basic defaults and should not be deployed as is to a production server.

NOTE: until the first release, you will need to compile the binary by running go build manually. Likewise for the docker images.

Once the API is stable releases and docker images will be published and more details provided for a better self-hosted experience.

Local Development

To run the server:

air
# OR
# task dev

Requirements

  • MongoDB
  • NATS

Run locally

Two options:

Docker and hot-reloading locally (recommended)

The server needs an active NATS and MongoDB server. To create these containers run task mongo and task nats. Once they are up run task dev.

You can now develop with hot-reloading.

Docker compose (no hot-reload)

Simply run docker compose up

Assets setup

The CSS and JS requires some manual building occasionally.

A Makefile helper exists to do both of the following in a single command. task assets will regenerate new bundles.

The assets are compiled as needed, meaning when adding new Tailwind classes the assets will need to be re-compiled.

A shortcut for this is to use entr. Here's my snippet, which also uses fd:

fd . 'assets/templates' | entr -s -c 'task assets'

This will re-compile the js and css files anytime a file within assets/templates is changed. air will then hot-reload the application because the files in the directory have changed.

Contributing

Please contribute by raising issues, opening discussions or reaching out to be directly.

A contribution guide will come in due time.

About

EASM

onpicket.com

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages