This is a repository for apps to be used in Gsoc2
PS: These apps should be valid with WALKOFF, but the SDK is different, meaning you have to change the FIRST line in each Dockerfile (FROM gsoc2/gsoc2:app_sdk).
App creation can be done with the Gsoc2 App Creator (exports as OpenAPI) or Python, which makes it possible to connect literally any tool. Always prioritize using the App Creator when applicable.
We have defined eight (8) "major" categories of tools that are necessary to any cybersecurity threat. Most security-related tools can fit into one of these eight.
- Communication - Any way to chat; WhatsApp, SMS, Email etc.
- Case Management - The central hub for operation teams.
- SIEM - Search engine for logs in an enterprise. Used to find evil.
- Assets - Discover endpoint information. Vulnerabilities, owners, departments etc.
- IAM - Access Management. Active Directory, Google Workspaces, Single Sign-on etc.
- Intelligence - Typically a vendor explaining what you should be looking for.
- Network - Anything BETWEEN your connected devices. Firewalls, WAF, Switches, Bluetooth...
- Eradication - Control machines directly to eradicate evil. Hard and undefined (EDR & AV)
Apps in this repository are mostly manually made. Gsoc2 is striving for standardization and accessability, and our effort is focused on OpenAPI rather than manual work. With this in mind, most app creation that supports REST API's will be continued here.
All apps, workflows and modular parts of Gsoc2 including our App SDK is under licensed under MIT, meaning you can freely use it anywhere in any way you want.
Contributing guidelines for outlined here.