initial

PaytmLabs · Sep 17, 2020 · 655e8e8 · 655e8e8
commit 655e8e8
Show file tree

Hide file tree

Showing 2,568 changed files with 332,430 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+venv/
+dump.rdb
+**/__pycache__
+.DS_Store
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,43 @@
+FROM centos:7
+
+ARG TARGET_FOLDER=/opt/nerve
+
+RUN yum install epel-release -y && \
+    yum update -y && \
+    yum install -y gcc && \
+    yum install -y redis && \
+    yum install -y python3 && \
+    yum install -y python3-pip && \
+    yum install -y python3-devel && \
+    yum install -y wget && \
+    yum clean all
+
+
+RUN wget https://nmap.org/dist/nmap-7.80-1.x86_64.rpm
+RUN rpm -ivh nmap-7.80-1.x86_64.rpm
+
+RUN mkdir /opt/nerve
+
+ADD bin $TARGET_FOLDER/bin
+ADD core $TARGET_FOLDER/core
+ADD db $TARGET_FOLDER/db
+ADD install $TARGET_FOLDER/install
+ADD logs $TARGET_FOLDER/logs
+ADD reports $TARGET_FOLDER/reports
+ADD rules $TARGET_FOLDER/rules
+ADD static $TARGET_FOLDER/static
+ADD templates $TARGET_FOLDER/templates
+COPY config.py $TARGET_FOLDER
+COPY main.py $TARGET_FOLDER
+COPY requirements.txt $TARGET_FOLDER
+COPY start.sh $TARGET_FOLDER
+
+WORKDIR $TARGET_FOLDER/
+
+RUN pip3 install --user -r requirements.txt
+RUN chmod 755 main.py
+RUN chmod 755 start.sh
+ENTRYPOINT ["/opt/nerve/start.sh"]
+
+EXPOSE 8080/tcp
+
diff --git a/LICENSE.md b/LICENSE.md
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Exposed Atoms
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,33 @@
+# About
+NERVE is a vulnerability scanner tailored to find vulnerabilities in specific application configurations, network services, and unpatched services.
+
+# Installation using Docker
+## Clone the repository
+`git clone [email protected]:PaytmLabs/nerve.git && cd nerve`
+
+## Build the Docker image
+`docker build -t nerve .`
+
+## Create a container from the image
+`docker run -e username="YOUR_USER" -e password="YOUR_PASSWORD" -d -p 80:8080 nerve`
+
+Navigate in your browser to http://ip.add.re.ss:80
+
+# Installation on bare bone server (CentOS 7.x and Ubuntu 18.x)
+## Navigate to /opt
+`cd /opt/`
+
+## Clone the repository
+`git clone [email protected]:PaytmLabs/nerve.git && cd nerve`
+
+## Run Installer (requires root)
+`bash install/setup.sh`
+
+## Check NERVE is running
+`systemctl status nerve`
+
+Navigate in your browser to http://ip.add.re.ss:8080
+
+# Screenshots
+## Login Screen
+![Login](https://github.com/PaytmLabs/nerve/blob/master/1.png?raw=true)
diff --git a/bin/attacker.py b/bin/attacker.py
@@ -0,0 +1,47 @@
+import time
+import threading
+
+from core.manager   import rule_manager
+from core.parser    import ConfParser
+from core.logging   import logger
+from core.redis     import rds
+
+def run_rules(conf):
+  data = rds.get_scan_data()
+
+  if not data:
+    return
+
+  for ip, values in data.items():
+    rules = rule_manager(role='attacker')
+    if 'ports' in values and len(values['ports']) > 0:  
+      for port in values['ports']:
+        logger.info('Attacking Asset: {} on port: {}'.format(ip, port))
+        for rule in rules.values():
+          if conf['config']['allow_aggressive'] >= rule.intensity:
+            thread = threading.Thread(target=rule.check_rule, args=(ip, port, values, conf))
+            thread.name = 'rule_{}_{}_{}'.format(rule.rule, ip, port)
+            thread.start()
+
+def attacker():
+  count = 0
+  logger.info('Attacker process started')
+
+  while True:
+    conf = rds.get_scan_config()
+
+    if not conf:
+      time.sleep(10)
+      continue
+
+    run_rules(conf)
+    count += 1
+
+    if count == conf['config']['scan_opts']['parallel_attack']:
+      time.sleep(30)
+      count = 0
+
+      if threading.active_count() > 50:
+        logger.debug('Sleeping for 30 seconds to control threads (Threads: {})'.format(threading.active_count()))  
+        time.sleep(30)
+
diff --git a/bin/scanner.py b/bin/scanner.py
@@ -0,0 +1,44 @@
+import time
+
+from core.redis   import rds
+from core.utils   import Utils
+from core.logging import logger
+from core.port_scanner import Scanner
+
+def scanner():
+  utils = Utils()
+  scanner = Scanner()
+
+  logger.info('Scanner process started')
+
+  while True:
+    if not rds.is_session_active():
+      time.sleep(10)
+      continue
+
+    conf  = rds.get_scan_config()
+
+    if not conf:
+      time.sleep(10)
+      continue
+
+    hosts = rds.get_ips_to_scan(limit = conf['config']['scan_opts']['parallel_scan'])
+
+    if hosts:
+      conf = rds.get_scan_config()
+      scan_data = scanner.scan(hosts, 
+                          ports = conf['config']['scan_opts']['max_ports'],
+                          interface = conf['config']['scan_opts']['interface'])
+
+      if scan_data:
+        for host, values in scan_data.items():
+          if 'ports' in values and values['ports']:
+            logger.info('Discovered Asset: {}'.format(host))
+            logger.debug('Host: {}, Open Ports: {}'.format(host, values['ports']))
+            rds.store_topology(host)
+            rds.store_sca(host, values)
+            rds.store_inv(host, values)
+          else:
+            if values['status_reason'] == 'echo-reply':
+              logger.info('Discovered Asset: {}'.format(host))
+              rds.store_topology(host)
diff --git a/bin/scheduler.py b/bin/scheduler.py
@@ -0,0 +1,137 @@
+import json
+import time
+import ipaddress
+import requests
+
+from core.redis   import rds
+from core.utils   import Network, Integration
+from core.logging import logger
+from core.parser  import ConfParser
+from core.mailer  import send_email
+
+def schedule_ips(networks, excluded_networks):
+  for network in networks: 
+    net = ipaddress.ip_network(network, strict=False)
+    for ip_address in net:
+      ip_addr = str(ip_address)
+
+      if not isinstance(ip_addr, str):
+        continue
+
+      if excluded_networks:
+        skip = False
+        for excluded_network in excluded_networks: 
+          if ipaddress.ip_address(ip_addr) in ipaddress.ip_network(excluded_network):
+            skip = True
+
+        if not skip:
+          rds.store_sch(ip_addr)
+
+      else: 
+        rds.store_sch(ip_addr)
+
+def schedule_domains(domains):
+  for domain in domains:
+    rds.store_sch(domain)
+
+def scheduler():
+  logger.info('Scheduler process started')
+  net_utils = Network()
+  int_utils = Integration()
+
+  while True:
+    time.sleep(10)
+    session_state = rds.get_session_state()
+
+    if not session_state or session_state != 'created':
+      continue
+
+    config = rds.get_scan_config()
+
+    if not config:
+      continue
+
+    conf = ConfParser(config)
+
+    networks = conf.get_cfg_networks()
+    domains  = conf.get_cfg_domains()
+    excluded_networks = conf.get_cfg_exc_networks()
+    excluded_networks.append(net_utils.get_primary_ip() + '/32')
+    frequency = conf.get_cfg_frequency()
+
+    if frequency == 'once':
+      rds.start_session()
+
+      if networks:
+        schedule_ips(networks, excluded_networks)
+
+      if domains:
+        schedule_domains(domains)
+
+      checks = 0
+
+      while True:
+        if rds.is_session_active():
+          checks = 0
+        else:
+          checks += 1 
+
+        if checks == 10:
+          logger.info('Session is about to end...')
+          webhook = conf.get_cfg_webhook()
+          email_settings = rds.get_email_settings()
+          slack_settings = rds.get_slack_settings()
+          vuln_data = rds.get_vuln_data()
+
+          logger.info('Post assessment actions will now be taken...')
+          if webhook:
+            int_utils.submit_webhook(webhook, 
+                                     cfg  = conf.get_raw_cfg(), 
+                                     data = vuln_data)
+
+          if email_settings:
+            logger.info('Sending email...')
+            email_settings['action'] = 'send'
+            send_email(email_settings, vuln_data)
+
+          if slack_settings:
+            int_utils.submit_slack(hook = slack_settings, 
+                                   data = vuln_data)
+
+          rds.end_session()  
+          break  
+
+        time.sleep(20)
+
+    elif frequency == 'continuous':
+      rds.start_session()
+
+      if networks:
+        schedule_ips(networks, excluded_networks)
+
+      if domains:
+        schedule_domains(domains)
+
+      checks = 0
+
+      while True:
+        if rds.is_session_active():
+          checks = 0
+        else:
+          checks += 1 
+
+        if checks == 10:
+          logger.info('Session is about to end...')
+          webhook = conf.get_cfg_webhook()
+          vuln_data = rds.get_vuln_data()
+
+          logger.info('Post assessment actions will now be taken...')
+          if webhook:
+            int_utils.submit_webhook(webhook, 
+                                     cfg = conf.get_raw_cfg(), 
+                                     data = vuln_data)
+
+          rds.create_session()
+          break
+
+        time.sleep(20)