Skip to main content

A simple vulnerability scanner

Project description

Ludvig security scanner

Ludvig scan

Want to use Ludvig with your CI pipeline? Mosey on over to the Ludvig Action :)
Or contribute to Ludvig's YARA rules?

Named after Kjell Aukrust's character Ludvig who thinks everything is dangerous and is scared of the dark during the day.

Why yet another scanner?

Mostly because I thought it was a fun way to use YARA rules for something in addition to malware hunting and to learn how these kind of tools are made.

Anyway! Ludvig can, by means of Yara, detect secrets and what-nots in binaries as well as text files.
Is it not that we are most worried about? Our secrets leaking into our artifacts that are pushed onto the world?

Installation

Either clone this repository or install using python -m pip install ludvig

Quick start

ludvig fs scan --path /my_awesome_app -otable

Usage

The general usage of the tool can be found by running python -m ludvig --help

Adding your own rules

Ludvig happily accepts YARA rules from anywhere you choose - the only requirement is that they are packaged up neatly in a .tar.gz format. You can add your custom rule package using ludvig rules add repo --name my_rules --category my_worries --url http://localhost/my_rules.tar.gz

Container scan

Scan container: python -m ludvig image scan --repository <repository>

ludvig image scan --help

Command
    ludvig image scan : Scans a container image.

Arguments
    --repository [Required] : Container image to scan (ex: myimage:1.1).
    --deobfuscated          : Returns any secrets found in plaintext. Default: False.
    --include-first-layer   : Scan first layer (base image) as well - may affect speed. Default:
                              False.
    --max-file-size         : Max file size for scanning (in bytes).  Default: 10000.
    --output-sarif          : Generates SARIF report if filename is specified.
    --severity-level        : Set severity level for reporting.  Allowed values: CRITICAL, HIGH,
                              LOW, MEDIUM, UNKNOWN.  Default: MEDIUM.

Filesystem scan

Scan the filesystem: python -m ludvig fs scan --path <path>

ludvig fs scan --help

Command
    ludvig fs scan : Scans a filesystem path.

Arguments
    --path  [Required] : Path to scan.
    --deobfuscated     : Returns any secrets found in plaintext. Default: False.
    --max-file-size    : Max file size for scanning (in bytes).  Default: 10000.
    --output-sarif     : Generates SARIF report if filename is specified.
    --severity-level   : Set severity level for reporting.  Allowed values: CRITICAL, HIGH, LOW,
                         MEDIUM, UNKNOWN.  Default: MEDIUM.

Git repository scan

Ludvig can scan the entire history of a Git repository - so, be prepared for a long scan.

Scanning large repositories will be slow (unless someone can figure out a better way and submit a PR 😊 ).
But it will be able to recreate files that was deleted or modified and scan them.

Scan a Git repository (or a path containing multiple repositories): python -m ludvig git scan --path <path>

ludvig git scan --help

Command
    ludvig git scan : Scans the history of a Git repository.

Arguments
    --path  [Required] : Path to Git repository.
    --deobfuscated     : Returns any secrets found in plaintext. Default: False.
    --max-file-size    : Max file size for scanning (in bytes).  Default: 10000.
    --output-sarif     : Generates SARIF report if filename is specified.
    --severity-level   : Set severity level for reporting.  Allowed values: CRITICAL, HIGH, LOW,
                         MEDIUM, UNKNOWN.  Default: MEDIUM.

Adding files/directories to ignore list

Create a .ludvignore file such as:

*.yar
debug/

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ludvig-0.4.0.tar.gz (91.8 kB view details)

Uploaded Source

Built Distribution

ludvig-0.4.0-py3-none-any.whl (29.9 kB view details)

Uploaded Python 3

File details

Details for the file ludvig-0.4.0.tar.gz.

File metadata

  • Download URL: ludvig-0.4.0.tar.gz
  • Upload date:
  • Size: 91.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for ludvig-0.4.0.tar.gz
Algorithm Hash digest
SHA256 5653b58797f9cfe74f0e2e723d4dbb5632f39aaf9e58f8bf1952d4ca0d4fac1c
MD5 7f2c1938f0b4e267214a5049372a050e
BLAKE2b-256 fbfedad6ed6a0e08f96ede3a1150c5ea298506f2da87d1450f500462b69a48c9

See more details on using hashes here.

File details

Details for the file ludvig-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: ludvig-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 29.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for ludvig-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 20560511a60868156c7c213ab86bced11d09cae4b9df39ead082f4a3db5cb293
MD5 be8f1303caa510a9510012126cddd660
BLAKE2b-256 f6453fac9acd63c803c6a256ea7669b95dc19ce9c20bb5af13c7abee336bc73b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page