Say hello!
Project description
♥ Free Software, requires only free accounts to third part services ♥
Lack of knowledge ... that is the problem.
SARENKA is Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface.
The main goal is to gathering infromation from search engines for Internet-connected devices (https://censys.io/, https://www.shodan.io/). It scraps data about Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and also has database where CVEs are mapped to CWE.
It returns data about local machine - local installed softwares (from Windows Registry), local network information (python libraries, popular cmd commads).
For now application has also simple tools like hash calcualtor, shannon entropy calculator and very simple port scanner. More cryptography-math tools and reconnaissance scripts are planned.
Look
https://www.facebook.com/ncybersec/posts/1671427243027993
Realtion beetwen CWE and CVE - sarenka data feeder
Generating this file takes a long time e.g: 702.5641514
all CWE Ids with description
https://raw.githubusercontent.com/pawlaczyk/sarenka_tools/master/cwe_all.json
all CVE Ids with description
In progress
get all CVE Ids by CWE Id
In progress
Installation
Description in progress
Getting started
Description in progress Sarenka is local web application for Windows.
Config
Rirst release gathers data from two search engines. example sarenka/backend/connectors/credentials.json
{
"censys": {
"base_url": "https://censys.io/",
"API_ID": "<my_user>",
"Secret": "<my_api_key>",
"API_URL": "https://censys.io/api/v1"
},
"shodan": {
"base_url": "https://www.shodan.io/",
"user": "<my_user>",
"api_key": "<my_api_key>"
}
}
Features
- gets data from https://censys.io/ by ip
- get data from https://www.shodan.io/ by ip
- get DNS data
- get WHOIS data
- banner grabbing
- find CVEs by CWE
- generatre pdf report
You can also:
- calculate hashes based on user string
- calculate shannon entropy based on user string
- check is port open|closed (instead always use nmap if you can - it's slow)
Suggestions are welcome
- Whant some feature, other tool, library functionality?
- Have any idea or question?
- Don't hesitate to contact
.
Database
This is tricki part, because we have 863 sqlite3 database files: default, CWE-NONE (some CVE hasn't cwe_id eg.: CVE-2013-3621) and 861 individual for CWEs
Tech
Description in progress.
SARENKA uses a number of open source projects to work properly on:
- Renderforest - logo generator
- gawk - python manage.py migrate --database CWE_ID
- chocolatey
- PyCharm - Community Edition
- Technology - description
- Technology - description
- Technology - description
- Technology - description
- Technology - description
- Technology - description
- Technology - description
- Technology - description
- Technology - description
- Technology - description
And of course SARENKA itself is open source with a public repository on GitHub.
Planned features
- Rewrite documentation in English (end of 2021)
- trello/ github instead of Jira
- Cover 100% code by tests
- typing backend
- document all functions and class
- Docker
- online demo
- Jenkins
- GraphQL
- Selenium Scrapers
- More pentesting tools
- Google Dorks
- Abstract Algebra calculator
- Number Theory calculator
- Server certificate validator
- tests on Linux
- NLP
- d3js visualizations
- alterntive pure version in command lineS
CI/CD Tools
Tests
- Tested on Windows 10
Documentation
Till end of March, 2021 documentation will be available only in Polish! The documentation is availabe here.
Authors
Installation
Run the following to install:
pip install sarenka
Usage
from abstract_algebra import say_hello
# Generate "Hello, World!"
say_hello()
# Generate "Hello, Everybody!"
say_hello("Everybody")
Developing sarenka
To install sarenka, along with the tools you need to develop and run tests, run the following in your virtualenv:
$ pip install -e .[dev]
Contact
License
SARENKA is licensed under the MIT License.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
