Skip to main content

Modular system security auditing toolkit

Project description

Sysvex

Modular system security auditing toolkit.

Platform Support

Linux - Full support
Windows - Full support

The app automatically detects your platform and adjusts its security checks accordingly.

Features

  • Cross-platform security auditing for Windows and Linux
  • Multiple output formats: JSON, HTML, CSV, and console
  • Automated report organization in Documents folder
  • Modular architecture with extensible security modules
  • Professional reports with severity classification and recommendations

Installation

Install from PyPI (recommended)

pip install sysvex

Install from source (for development)

git clone https://github.com/PuRiToX/sysvex.git
cd sysvex
pip install -e .

Usage

Basic Usage

# Run all default modules (filesystem, network, processes) - console output
sysvex

# Run specific modules
sysvex --modules filesystem,network

# Run single module
sysvex --modules processes

Output Formats

# Save to JSON (auto-saved to Documents/Sysvex Auditing/)
sysvex --format json

# Save to HTML report with visual dashboard
sysvex --format html

# Save to CSV for spreadsheet analysis
sysvex --format csv

# Console output (default)
sysvex --format console

Custom Output Paths

# Custom filename in default directory
sysvex --format json --output security_audit.json

# Full custom path
sysvex --format html --output /path/to/report.html

# Windows example
sysvex --format csv --output C:\Reports\security.csv

# Quiet mode (no console output)
sysvex --format json --quiet

Module Options

Filesystem Module

  • World-writable files: Detects files writable by others
  • SUID/SGID executables: Identifies files with elevated privileges (Unix only)
  • Sensitive file permissions: Checks /etc/passwd, /etc/shadow, /etc/sudoers (Unix) or SAM database (Windows)
  • Hidden files: Flags hidden files and temporary files
  • Recently modified files: Tracks changes within 7 days

Network Module

  • Listening ports: Detects services listening on all interfaces (0.0.0.0)
  • Public services: Identifies known services (SSH, HTTP, FTP, etc.)
  • Suspicious connections: Flags connections to known malicious ports
  • Outbound connections: Monitors unusual outbound patterns
  • IP classification: Distinguishes between private and public IP connections

Process Module

  • Suspicious binaries: Detects processes from unexpected locations
  • Command-line patterns: Identifies reverse shells, download tools, persistence mechanisms
  • Privilege anomalies: Monitors privilege escalation attempts
  • System processes: Flags non-system processes running with elevated privileges
  • Memory-only processes: Detects processes without executable paths

Platform-Specific Features

Windows

  • Sensitive files: SAM database, hosts file, network configurations
  • Suspicious processes: PowerShell encoded commands, rundll32, certutil
  • Temp directories: %TEMP%, %TMP%, System32 temp
  • Legitimate paths: Program Files, System32, ProgramData

Linux

  • Sensitive files: /etc/passwd, /etc/shadow, /etc/sudoers
  • SUID/SGID detection: Unix permission escalation vectors
  • Unix permissions: World-readable/writable file detection
  • Standard paths: /usr/bin, /bin, /sbin

Output Format Examples

JSON Output

{
  "scan_info": {
    "timestamp": "2024-01-15T10:30:00",
    "total_findings": 42,
    "severity_breakdown": {
      "CRITICAL": 2,
      "HIGH": 8,
      "MEDIUM": 15,
      "LOW": 17
    }
  },
  "findings": [
    {
      "id": "FS-001",
      "title": "World-writable file",
      "severity": "HIGH",
      "description": "File is writable by others",
      "evidence": "/tmp/suspicious_file",
      "recommendation": "Restrict permissions: chmod o-w /tmp/suspicious_file",
      "source_module": "filesystem"
    }
  ]
}

HTML Report

  • Visual dashboard with color-coded severity levels
  • Summary statistics and charts
  • Expandable finding details
  • Professional appearance for sharing

CSV Output

  • Spreadsheet-compatible format
  • All finding details in tabular format
  • Easy for data analysis and filtering

Report Organization

Reports are automatically saved to:

  • Linux: ~/Documents/Sysvex Auditing/
  • Windows: C:\Users\{Username}\Documents\Sysvex Auditing/

Files are automatically timestamped: sysvex_report_YYYYMMDD_HHMMSS.format

Severity Levels

  • CRITICAL: Immediate security risk
  • HIGH: Serious security concern
  • MEDIUM: Potential security issue
  • LOW: Informational/monitoring

Examples

# Quick security scan with HTML report
sysvex --format html

# Detailed analysis with JSON for automation
sysvex --format json --modules all

# Silent background scan
sysvex --format csv --quiet --output security_scan.csv

# Custom filename
sysvex --format html --output "security_audit_$(date +%Y%m%d).html"

# Scan specific module with custom output
sysvex --modules filesystem --format json --output filesystem_audit.json

PyPI Information

Package: sysvex
Version: 0.1.1
Status: Published and ready for installation

Development

# Run with development setup
export PYTHONPATH=src
python -m sysvex.cli

# Test individual modules
python -c "
from sysvex.modules.filesystem import Module
module = Module()
findings = module.run({'scan_path': '/tmp'})
print(f'Found {len(findings)} issues')
"

License

MIT License - see LICENSE file for details.

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests if applicable
  5. Submit a pull request

Support

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sysvex-0.1.2.tar.gz (16.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sysvex-0.1.2-py3-none-any.whl (17.3 kB view details)

Uploaded Python 3

File details

Details for the file sysvex-0.1.2.tar.gz.

File metadata

  • Download URL: sysvex-0.1.2.tar.gz
  • Upload date:
  • Size: 16.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for sysvex-0.1.2.tar.gz
Algorithm Hash digest
SHA256 f3f9e12493c5a2317ab3b82bfa998de18fc4e9130fe6a5a6a94043f923db54c5
MD5 7a7bf5d915f029f2589a2046eb8d6b2b
BLAKE2b-256 a7051fb0fb8ca733642203461ccd1708cb75f2f23deeebc7fd86cd667b265d41

See more details on using hashes here.

File details

Details for the file sysvex-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: sysvex-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 17.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for sysvex-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 e8e63cf66c1807abb65cb2b98467d7e91751c72b974ffe338913ca7edf461c96
MD5 1950ea1e054ca32abc1b76fa4b010016
BLAKE2b-256 e8750b465d3b9b0c1d26d1e8e5a09f1c43dce6c453eb38d673634751072500ba

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page