Skip to main content

Modular system security auditing toolkit

Project description

Sysvex

Modular system security auditing toolkit.

Platform Support

Linux - Full support
Windows - Full support

The app automatically detects your platform and adjusts its security checks accordingly.

Features

  • Cross-platform security auditing for Windows and Linux
  • Multiple output formats: JSON, HTML, CSV, and console
  • Automated report organization in Documents folder
  • Modular architecture with extensible security modules
  • Professional reports with severity classification and recommendations

Installation

Install from PyPI (recommended)

pip install sysvex

Install from source (for development)

git clone https://github.com/PuRiToX/sysvex.git
cd sysvex
pip install -e .

Usage

Basic Usage

# Run all default modules (filesystem, network, processes) - console output
sysvex

# Run specific modules
sysvex --modules filesystem,network

# Run single module
sysvex --modules processes

Output Formats

# Save to JSON (auto-saved to Documents/Sysvex Auditing/)
sysvex --format json

# Save to HTML report with visual dashboard
sysvex --format html

# Save to CSV for spreadsheet analysis
sysvex --format csv

# Console output (default)
sysvex --format console

Custom Output Paths

# Custom filename in default directory
sysvex --format json --output security_audit.json

# Full custom path
sysvex --format html --output /path/to/report.html

# Windows example
sysvex --format csv --output C:\Reports\security.csv

# Quiet mode (no console output)
sysvex --format json --quiet

Module Options

Filesystem Module

  • World-writable files: Detects files writable by others
  • SUID/SGID executables: Identifies files with elevated privileges (Unix only)
  • Sensitive file permissions: Checks /etc/passwd, /etc/shadow, /etc/sudoers (Unix) or SAM database (Windows)
  • Hidden files: Flags hidden files and temporary files
  • Recently modified files: Tracks changes within 7 days

Network Module

  • Listening ports: Detects services listening on all interfaces (0.0.0.0)
  • Public services: Identifies known services (SSH, HTTP, FTP, etc.)
  • Suspicious connections: Flags connections to known malicious ports
  • Outbound connections: Monitors unusual outbound patterns
  • IP classification: Distinguishes between private and public IP connections

Process Module

  • Suspicious binaries: Detects processes from unexpected locations
  • Command-line patterns: Identifies reverse shells, download tools, persistence mechanisms
  • Privilege anomalies: Monitors privilege escalation attempts
  • System processes: Flags non-system processes running with elevated privileges
  • Memory-only processes: Detects processes without executable paths

Platform-Specific Features

Windows

  • Sensitive files: SAM database, hosts file, network configurations
  • Suspicious processes: PowerShell encoded commands, rundll32, certutil
  • Temp directories: %TEMP%, %TMP%, System32 temp
  • Legitimate paths: Program Files, System32, ProgramData

Linux

  • Sensitive files: /etc/passwd, /etc/shadow, /etc/sudoers
  • SUID/SGID detection: Unix permission escalation vectors
  • Unix permissions: World-readable/writable file detection
  • Standard paths: /usr/bin, /bin, /sbin

Output Format Examples

JSON Output

{
  "scan_info": {
    "timestamp": "2024-01-15T10:30:00",
    "total_findings": 42,
    "severity_breakdown": {
      "CRITICAL": 2,
      "HIGH": 8,
      "MEDIUM": 15,
      "LOW": 17
    }
  },
  "findings": [
    {
      "id": "FS-001",
      "title": "World-writable file",
      "severity": "HIGH",
      "description": "File is writable by others",
      "evidence": "/tmp/suspicious_file",
      "recommendation": "Restrict permissions: chmod o-w /tmp/suspicious_file",
      "source_module": "filesystem"
    }
  ]
}

HTML Report

  • Visual dashboard with color-coded severity levels
  • Summary statistics and charts
  • Expandable finding details
  • Professional appearance for sharing

CSV Output

  • Spreadsheet-compatible format
  • All finding details in tabular format
  • Easy for data analysis and filtering

Report Organization

Reports are automatically saved to:

  • Linux: ~/Documents/Sysvex Auditing/
  • Windows: C:\Users\{Username}\Documents\Sysvex Auditing/

Files are automatically timestamped: sysvex_report_YYYYMMDD_HHMMSS.format

Severity Levels

  • CRITICAL: Immediate security risk
  • HIGH: Serious security concern
  • MEDIUM: Potential security issue
  • LOW: Informational/monitoring

Examples

# Quick security scan with HTML report
sysvex --format html

# Detailed analysis with JSON for automation
sysvex --format json --modules all

# Silent background scan
sysvex --format csv --quiet --output security_scan.csv

# Custom filename
sysvex --format html --output "security_audit_$(date +%Y%m%d).html"

# Scan specific module with custom output
sysvex --modules filesystem --format json --output filesystem_audit.json

PyPI Information

Package: sysvex
Version: 0.1.1
Status: Published and ready for installation

Development

# Run with development setup
export PYTHONPATH=src
python -m sysvex.cli

# Test individual modules
python -c "
from sysvex.modules.filesystem import Module
module = Module()
findings = module.run({'scan_path': '/tmp'})
print(f'Found {len(findings)} issues')
"

License

MIT License - see LICENSE file for details.

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests if applicable
  5. Submit a pull request

Support

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sysvex-0.1.3.tar.gz (20.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sysvex-0.1.3-py3-none-any.whl (22.6 kB view details)

Uploaded Python 3

File details

Details for the file sysvex-0.1.3.tar.gz.

File metadata

  • Download URL: sysvex-0.1.3.tar.gz
  • Upload date:
  • Size: 20.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for sysvex-0.1.3.tar.gz
Algorithm Hash digest
SHA256 864b7f5f5811d13be64f9dd5a54e8a521859f2699f8030acbd8c67b7f81742fe
MD5 f9906834aa8a0b5834fd77014fb91757
BLAKE2b-256 32e57a06909a7eb1f1d9ac5e7e3439c8b8610c5b631f2874fe355c03a60c2a9d

See more details on using hashes here.

File details

Details for the file sysvex-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: sysvex-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 22.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for sysvex-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 d02456871bb6ccc992ce4ab2b8dbe54982ef9b65245eb608b639a6b368b5e4aa
MD5 2abb73db6100a44fd6813a2745551ed6
BLAKE2b-256 11f412e3ede81573164f06ef6901ab530b4ebde5518520737cce887793d5e4f0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page