Modular system security auditing toolkit
Project description
Sysvex
Modular system security auditing toolkit.
Platform Support
✅ Linux - Full support
✅ Windows - Full support
The app automatically detects your platform and adjusts its security checks accordingly.
Features
- Cross-platform security auditing for Windows and Linux
- Multiple output formats: JSON, HTML, CSV, and console
- Automated report organization in Documents folder
- Modular architecture with extensible security modules
- Professional reports with severity classification and recommendations
Installation
Install from PyPI (recommended)
pip install sysvex
Install from source (for development)
git clone https://github.com/PuRiToX/sysvex.git
cd sysvex
pip install -e .
Usage
Basic Usage
# Run all default modules (filesystem, network, processes) - console output
sysvex
# Run specific modules
sysvex --modules filesystem,network
# Run single module
sysvex --modules processes
Output Formats
# Save to JSON (auto-saved to Documents/Sysvex Auditing/)
sysvex --format json
# Save to HTML report with visual dashboard
sysvex --format html
# Save to CSV for spreadsheet analysis
sysvex --format csv
# Console output (default)
sysvex --format console
Custom Output Paths
# Custom filename in default directory
sysvex --format json --output security_audit.json
# Full custom path
sysvex --format html --output /path/to/report.html
# Windows example
sysvex --format csv --output C:\Reports\security.csv
# Quiet mode (no console output)
sysvex --format json --quiet
Module Options
Filesystem Module
- World-writable files: Detects files writable by others
- SUID/SGID executables: Identifies files with elevated privileges (Unix only)
- Sensitive file permissions: Checks
/etc/passwd,/etc/shadow,/etc/sudoers(Unix) or SAM database (Windows) - Hidden files: Flags hidden files and temporary files
- Recently modified files: Tracks changes within 7 days
Network Module
- Listening ports: Detects services listening on all interfaces (0.0.0.0)
- Public services: Identifies known services (SSH, HTTP, FTP, etc.)
- Suspicious connections: Flags connections to known malicious ports
- Outbound connections: Monitors unusual outbound patterns
- IP classification: Distinguishes between private and public IP connections
Process Module
- Suspicious binaries: Detects processes from unexpected locations
- Command-line patterns: Identifies reverse shells, download tools, persistence mechanisms
- Privilege anomalies: Monitors privilege escalation attempts
- System processes: Flags non-system processes running with elevated privileges
- Memory-only processes: Detects processes without executable paths
Platform-Specific Features
Windows
- Sensitive files: SAM database, hosts file, network configurations
- Suspicious processes: PowerShell encoded commands, rundll32, certutil
- Temp directories:
%TEMP%,%TMP%, System32 temp - Legitimate paths: Program Files, System32, ProgramData
Linux
- Sensitive files:
/etc/passwd,/etc/shadow,/etc/sudoers - SUID/SGID detection: Unix permission escalation vectors
- Unix permissions: World-readable/writable file detection
- Standard paths:
/usr/bin,/bin,/sbin
Output Format Examples
JSON Output
{
"scan_info": {
"timestamp": "2024-01-15T10:30:00",
"total_findings": 42,
"severity_breakdown": {
"CRITICAL": 2,
"HIGH": 8,
"MEDIUM": 15,
"LOW": 17
}
},
"findings": [
{
"id": "FS-001",
"title": "World-writable file",
"severity": "HIGH",
"description": "File is writable by others",
"evidence": "/tmp/suspicious_file",
"recommendation": "Restrict permissions: chmod o-w /tmp/suspicious_file",
"source_module": "filesystem"
}
]
}
HTML Report
- Visual dashboard with color-coded severity levels
- Summary statistics and charts
- Expandable finding details
- Professional appearance for sharing
CSV Output
- Spreadsheet-compatible format
- All finding details in tabular format
- Easy for data analysis and filtering
Report Organization
Reports are automatically saved to:
- Linux:
~/Documents/Sysvex Auditing/ - Windows:
C:\Users\{Username}\Documents\Sysvex Auditing/
Files are automatically timestamped: sysvex_report_YYYYMMDD_HHMMSS.format
Severity Levels
- CRITICAL: Immediate security risk
- HIGH: Serious security concern
- MEDIUM: Potential security issue
- LOW: Informational/monitoring
Examples
# Quick security scan with HTML report
sysvex --format html
# Detailed analysis with JSON for automation
sysvex --format json --modules all
# Silent background scan
sysvex --format csv --quiet --output security_scan.csv
# Custom filename
sysvex --format html --output "security_audit_$(date +%Y%m%d).html"
# Scan specific module with custom output
sysvex --modules filesystem --format json --output filesystem_audit.json
PyPI Information
Package: sysvex
Version: 0.1.1
Status: Published and ready for installation
Development
# Run with development setup
export PYTHONPATH=src
python -m sysvex.cli
# Test individual modules
python -c "
from sysvex.modules.filesystem import Module
module = Module()
findings = module.run({'scan_path': '/tmp'})
print(f'Found {len(findings)} issues')
"
License
MIT License - see LICENSE file for details.
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
Support
- Issues: GitHub Issues
- Documentation: GitHub Wiki
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sysvex-0.1.2.tar.gz.
File metadata
- Download URL: sysvex-0.1.2.tar.gz
- Upload date:
- Size: 16.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f3f9e12493c5a2317ab3b82bfa998de18fc4e9130fe6a5a6a94043f923db54c5
|
|
| MD5 |
7a7bf5d915f029f2589a2046eb8d6b2b
|
|
| BLAKE2b-256 |
a7051fb0fb8ca733642203461ccd1708cb75f2f23deeebc7fd86cd667b265d41
|
File details
Details for the file sysvex-0.1.2-py3-none-any.whl.
File metadata
- Download URL: sysvex-0.1.2-py3-none-any.whl
- Upload date:
- Size: 17.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e8e63cf66c1807abb65cb2b98467d7e91751c72b974ffe338913ca7edf461c96
|
|
| MD5 |
1950ea1e054ca32abc1b76fa4b010016
|
|
| BLAKE2b-256 |
e8750b465d3b9b0c1d26d1e8e5a09f1c43dce6c453eb38d673634751072500ba
|