Skip to content
CSI Stable / Official has moved to 0dayinc/csi:
Branch: master
Clone or download
Pull request Compare This branch is 88 commits behind 0dayInc:master.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin csi_web_cache_deception - rubocop fix Apr 29, 2019
documentation Packer & Vagrant - numerous enhancements Jul 20, 2017
etc Systemd openvas.service - Ensure greenbone starts _after_ apache2 Jan 14, 2019
lib csi_web_cache_deception - rubocop fix Apr 29, 2019
packer Packer preeny.sh provisioner - add package dependency Apr 29, 2019
spec CSI::SCAPM::PrivateKey - Initial commit Apr 2, 2019
third_party CSI::Plugins::BurpSuite plugin - bugfix in #invoke_active_scan method Nov 13, 2018
vagrant/provisioners Gemfile - bump nokogiri version to 1.8.5 Oct 5, 2018
.gitignore Packer Update deploy script to reflect latest version of Kali Rolling… Sep 28, 2018
.rubocop.yml Rubocop - add configs to support a working build Oct 27, 2016
.rubocop_todo.yml Rubocop - regenerate TODOs Feb 5, 2019
.ruby-gemset Initial Public Commit Aug 2, 2016
.ruby-version .ruby-version & Gemfile - Bump to ruby-2.6.3 && bump nokogiri to 1.10.3 Apr 26, 2019
.travis.yml Migrate csi_autoinc_version to .travis.yml #rollback Jan 25, 2019
CODE_OF_CONDUCT.md CODE_OF_CONDUCT.md - minor revision to contact email Aug 31, 2017
CONTRIBUTING.md Create CONTRIBUTING.md Aug 31, 2017
Gemfile .ruby-version & Gemfile - Bump to ruby-2.6.3 && bump nokogiri to 1.10.3 Apr 26, 2019
LICENSE.txt Initial Public Commit Aug 2, 2016
README.md csi_web_cache_deception - rubocop fix Apr 29, 2019
Rakefile Rubocop - address minor offenses Mar 28, 2017
Vagrantfile Vagrantfile - dont forward any SSH addr over localhost #direct_connect Feb 4, 2019
build_csi_gem.sh Gemfile & build_csi_gem.sh - reintroduce bundler-audit Jan 21, 2019
csi.gemspec Begin transition of stable from ninp0/csi to 0dayinc/csi Jan 21, 2019
git_commit_test_reinit_gem.sh Migrate csi_autoinc_version to .travis.yml #rollback Jan 25, 2019
install.sh Packer Qemu / KVM - minor tweaks Jan 14, 2019
reinstall_csi_gemset.sh .travis.yml update rvm before doing stuff Jan 11, 2019
upgrade_ruby.sh upgrade_ruby.sh - Upgrade rvm prior to upgrading ruby Jan 11, 2019
vagrant_rsync_userland_configs.lst New Userland Implementation - reconng #no_plugin Sep 14, 2018

README.md

CSI

Table of Contents

Keep Us Caffeinated

If you've found this framework useful and you're either not in a position to donate or simply interested in us cranking out as many features as possible, we invite you to take a brief moment to keep us caffeinated:

Coffee

Call to Arms

If you're willing to provide access to commercial security tools (e.g. Rapid7's Nexpose, Tenable Nessus, QualysGuard, HP WebInspect, IBM Appscan, etc) please PM us as this will continue to promote CSIs interoperability w/ industry-recognized security tools moving forward. Additionally if you want to contribute to this framework's success, we've made it very easy to do.

Intro

What is CSI

CSI (Continuous Security Integration) is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation. Build your own custom automation drivers freely and easily using pre-built modules. If a picture is worth a thousand words, then a video must be worth at least a million...let's start out by planting a million seeds in your mind:

Creating an OWASP ZAP Scanning Driver Leveraging the csi Prototyper

Continuous Security Integration: Basics of Building Your Own Security Automation

Why CSI

It's easy to agree that while corporate automation is a collection of proprietary source code, the core modules used to produce automated solutions should be open for all eyes to continuously promote trust and innovation...broad collaboration is key to any automation framework's success, particularly in the cyber security arena.

How CSI Works

Leveraging various pre-built modules and the csi prototyper, you can mix-and-match modules to test, record, replay, and rollout your own custom security automation packages known as, "drivers."

The fastest way to get rolling w/ csi is to deploy a pre-built Kali Rolling box, available on Vagrant Cloud. This is a special deployment of Kali Rolling - WORKING rollouts of AFL w/ QEMU instrumentation ready-to-go, PEDA (Python Exploit Development Assistance for GDB), OpenVAS, latest clone of Metasploit, Arachni, Jenkins (w/ pre-canned jobs and the ability to create your own prior to deployment aka User-Land!), etc. These are just some of the numerous security and CI/CD tools made available for your convenience...updated on a daily basis.

An instance of DefectDojo is stood up on the box to facilitate common security tools integration, resulting in a centralized place to manage scan results, track the lifecycle of vulnerabilities, and analyze trends via metrics and reporting! CSI driver integration is made to be seamless w/ OS dependencies already installed. This is all made available for architectures such as AWS, Docker, VirtualBox, and/or VMware. See the Deploy section for more details.

CSI Modules Can be Mixed and Matched to Produce Your Own Tools

Also known as, "Drivers" CSI can produce all sorts of useful tools by mixing and matching modules. CSI

Clone CSI

Certain Constraints Mandate CSI be Installed in /csi: $ sudo git clone https://github.com/0dayinc/csi.git /csi

Deploy

Basic Installation Dependencies

Deploy in AWS EC2

AWS EC2 Quick-Start

Deploy in Docker Container

Docker Quick-Start

Deploy in VirtualBox

VirtualBox Quick-Start

Deploy in VMware

VMware Quick-Start

General Usage

General Usage Quick-Start

It's wise to rebuild csi often as this repo has numerous releases/week (unless you're in the Kali box, then it's handled for you daily in the Jenkins job called, "selfupdate-csi":

$ /csi/vagrant/provisioners/csi.sh && csi
csi[v0.3.592]:001 >>> CSI.help

Driver Documentation

For a list of existing drivers and their usage

I hope you enjoy CSI and remember...ensure you always have permission prior to carrying out any sort of hacktivities. Now - go hackomate all the things!

Merchandise

Coffee Mug

Womens Off the Air Hoodie

Red Fingerprint

0day Inc.

Mens Black Fingerprint Hoodie

You can’t perform that action at this time.