Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
W
Warden Connectors
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
713
Warden
Warden Connectors
Commits
44bebb9e
Commit
44bebb9e
authored
5 years ago
by
Václav Bartoš
Browse files
Options
Downloads
Patches
Plain Diff
README added for Shodan and Censys connectors
parent
5a7bfc37
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
censys/README.txt
+68
-0
68 additions, 0 deletions
censys/README.txt
shodan/README.txt
+63
-0
63 additions, 0 deletions
shodan/README.txt
with
131 additions
and
0 deletions
censys/README.txt
0 → 100644
+
68
−
0
View file @
44bebb9e
=========================
Censys2warden connector
=========================
This connector uses the internet-wide scanning service Censys.io to search for
potentially vulnerable open services in given network (ASN) and reports them to
Warden (via Warden filer daemon).
The script sends a set of preconfigured queries to Censys API to search for all
matching IPs in given ASN. The queries correspond to various potentially
vulnerable hosts or other problems with open services.
Since Censys' free account has quite strict limits on number of queries and
results obtained, it is recommended to have at least the lowest tier of a paid
account.
Currently implemented queries:
- Publicly accessible IPMI protocol
- Publicly accessible SCADA (BACnet) system
- Publicly accessible printer via IPP protocol
- Open MongoDB database
- Publicly accessible PCAnywhere (an unsupported vulnerable remote-access SW)
- Open Elastic database
- Web page or other service with a "hacked by" message
- Web running on an old (unsupported) PHP version
Important: These rules may need to be changed according to needs, interests and
security policies of each organization.
For each host in given ASN found to be matching a query, a corresponding IDEA
message is created and put to an output directory. Messages from this directory
should be sent to Warden by a Warden filer daemon.
The script is assumed to be run periodically (e.g. once a day) by cron.
-------------------------
Installation:
1. create a directory for the script and resulting IDEA files, e.g.
`/data/censys2warden/` and `/data/censys2warden/warden_sender`
2. put the censys2warden.py script into the first directory
3. set up warden_filer daemon to read IDEA messages from
`/data/censys2warden/warden_sender` and send them to Warden
(see README of Warden filer)
4. set up cron to run the scirpt every day (use censys2warden.cron as an
example)
-------------------------
Configuration:
The script takes the following arguments:
-h, --help show this help message and exit
-i APIID, --apiid APIID
Censys API ID
-s APISECRET, --apisecret APISECRET
Censys API secret
-a ASN, --asn ASN ASN to query
-n NODE, --node NODE Node name to fill into IDEA messages
-d PATH, --destdir PATH
Path to destination directory (with 'incoming' and
'temp' subdirectories) (default: CWD)
-t, --test Add 'Test' category to IDEA messages.
-v, --verbose Print information about progress and results
This diff is collapsed.
Click to expand it.
shodan/README.txt
0 → 100644
+
63
−
0
View file @
44bebb9e
=========================
Shodan2warden connector
=========================
This connector uses the internet-wide scanning service Shodan to search for
potentially vulnerable open services in given network (ASN) and reports them to
Warden (via Warden filer daemon).
The script sends a set of preconfigured queries to Shodan API to search for all
matching IPs in given ASN. The queries correspond to various potentially
vulnerable hosts or other problems with open services.
Currently implemented queries:
- Publicly accessible IPMI protocol
- Publicly accessible SCADA (BACnet) system
- Publicly accessible printer via incesure PJL protocol
- Publicly accessible printer via IPP protocol
- Open MongoDB database
- Open Elastic database
- Open anonymous FTP
- Web page or other service with a "hacked by" message
- Web running on an old (unsupported) PHP version
Important: These rules may need to be changed according to needs, interests and
security policies of each organization.
For each host in given ASN found to be matching a query, a corresponding IDEA
message is created and put to an output directory. Messages from this directory
should be sent to Warden by a Warden filer daemon.
The script is assumed to be run periodically (e.g. once a day) by cron.
-------------------------
Installation:
1. create a directory for the script and resulting IDEA files, e.g.
`/data/shodan2warden/` and `/data/shodan2warden/warden_sender`
2. put the shodan2warden.py script into the first directory
3. set up warden_filer daemon to read IDEA messages from
`/data/shodan2warden/warden_sender` and send them to Warden
(see README of Warden filer)
4. set up cron to run the scirpt every day (use shodan2warden.cron as an
example)
-------------------------
Configuration:
The script takes the following arguments:
-h, --help show help message and exit
-k APIKEY, --apikey APIKEY
Shodan API key
-a ASN, --asn ASN ASN to query
-n NODE, --node NODE Node name to fill into IDEA messages
-d PATH, --destdir PATH
Path to destination directory (with 'incoming' and
'temp' subdirectories) (default: CWD)
-t, --test Add 'Test' category to IDEA messages.
-v, --verbose Print information about progress and results
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
