flipkart-incubator/watchdog flipkart-incubator/watchdog

  • Stars
    star
    410
  • Rank 104,887 (Top 3 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated about 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
flipkart-incubator/watchdog
github

flipkart-incubator

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.

Watchdog  Tweet

Watchdog

Github Release Version Python Version License Github Release Version Follow Watchdog on Twitter

Tool Description

Watchog is an integration of open source security tools aimed to provide a holistic security view for a given domain/IP. The way Watchdog is built, it can be used by product security teams, red teams and also by bug bounty hunters to get a 360° view of any Internet property it scans. Given a list of domains/IP's it has the capability to perform a network scan, feed the output to open source web app scanners like Google's skip-fish and wapiti, perform tech stack analysis and determine if the stack has any known CVE’s.

Watchdog is designed considering the use case necessary to know all open services and its corresponding technologies for the endpoints you own, exposed over the Internet. As a company grows, it’s foot-prints grow on the World Wide Web leaving it's product security team with herculean task of maintaining an inventory of all the services and technologies exposed. This becomes further crucial at the event of a zero-day outbreak for a particular protocol or a third party product which might affect public endpoints of the company

WatchDog has the ability to scan all endpoints and perform technology version analysis on the services it detects and map this information with it’s rich CVE database maintained and updated locally.

Scan Engine:

  • Nmap
  • Skipfish
  • Wapiti
  • BuiltWith
  • Phantalyzer
  • Wappalyzer

Databases and collections:

Watchdog installs a local copy of CVE database which is a collection of following DB's :

  • cves (Common Vulnerabilities and Exposure items) - source NVD NIST
  • cpe (Common Platform Enumeration items) - source NVD NIST
  • cwe (Common Weakness Enumeration items) - source NVD NIST
  • capec (Common Attack Pattern Enumeration and Classification) - source NVD NIST
  • ranking (ranking rules per group) - local cve-search
  • d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) - source d2sec.com
  • MITRE Reference Key/Maps - source MITRE reference Key/Maps
  • ms - (Microsoft Bulletin (Security Vulnerabilities and Bulletin)) - source Microsoft
  • exploitdb (Offensive Security - Exploit Database) - source offensive security
  • info (metadata of each collection like last-modified) - local cve-search
  • via4 VIA4CVE cross-references.

What happens when you run watchdog:

Test domain: www.scanthis.com

Watchdog will perform following task on this domain:

a. Scan the domain to find visible open ports.

{e.g. output}
* 80  [Apache httpd 2.4.7 ((Debian))]
* 443 [Apache httpd 2.4.7 ((Debian))]
* 22  [OpenSSH 5.8p1_hpn13v10 (FreeBSD 20110102; protocol 2.0)]
* 21  [ProFTPD 1.3.3e]
* 993 [Plesk Courier imapd]

b. Perform tech-stack fingerprinting and identify all front-end and service level technologies running.

* jquery [1.8.1]
* php [5.5.9]
* twitter bootstrap [2.3]
* font awesome [**]
* google analytics [**]
* piwik []

c. Map the tech-stack versions with known vulnerabilities found in the master CVE database.

* [e.g. jquery 1.8.1 version has multiple CVE's - CVE-2012-6708, CVE-2015-9251]
* [e.g. php 5.5.9 version has multiple CVE's - CVE-2016-4073, CVE-2015-8835]
* [e.g. apache 2.4.7 version has multiple CVE's - CVE-2017-7679, CVE-2014-0226]

d. If step 1 detects any http services running [80/443] it will go ahead and perform a web application security scanning with wapiti and Skipfish.

f. Once the scan is complete the data will get populated on Watchdog’s UI which can be found at http://localhost/index.php

Installing Watchdog:

Quick Installation Video Link

Prerequisites & Softwares

- Ubuntu 16.04+

Install PyV8:

Incase of any issues while installing, follow the below steps (workaround for Ubuntu 16+)

$ export LC_ALL=C
$ cd /tmp
$ pip install -e git://github.com/brokenseal/PyV8-OS-X#egg=pyv8
$ git clone https://github.com/emmetio/pyv8-binaries.git
$ unzip pyv8-binaries/pyv8-linux64.zip (or unzip appropriate zip file based on kernel version)
$ mv *PyV8* src/pyv8/pyv8/.

Clone Watchdog repository

$ git clone https://github.com/flipkart-incubator/watchdog.git
$ cd watchdog

Update the subdomains.txt file with your target subdomains

scanme.nmap.org
testphp.vulnweb.com

Run the installation script below

$ sudo chmod +x install.sh
$ sudo ./install.sh
* During installation, script prompts for web root directory. 
  Default directory /var/www/html will be taken automatically if not provided explicitly with-in 10 secs

Scanning with Watchdog:

  • Watchdog can be run using following command:
$ sudo python run.py

root@projectWatchdog:/watchdog# python run.py
usage: run.py [-h] [-c] [-iA INVENTORY_APPEND] [-iR INVENTORY_REPLACE]
              [-u {install,map,update}] [-s]

optional arguments:
  -h, --help            show this help message and exit
  -c, --config          to configure db structure
  -iA INVENTORY_APPEND, --inventory-append INVENTORY_APPEND
                        to append target to IP Inventory
  -iR INVENTORY_REPLACE, --inventory-replace INVENTORY_REPLACE
                        to replace targets in IP Inventory
  -u {install,map,update}, --updateCVEs {install,map,update}
                        to configure or update CVE database
  -s, --start           to start scanning engine

Configuring CVE-DB

a. Install cve-db using below command (Required to run at least once)

$sudo python run.py -u install

b. Map cves with cpes using below command [Required to run at-least once. The first run generally takes around 30~45 mins for the entire db to get populated. Recommended time: minimum 30mins]

$sudo python run.py -u map

c. Update the DB by using below command (optional / can run this once a month)

$sudo python run.py -u update

Adding new domains to the scan database:

Update the scan database with subdomains.txt file with new domains/IP's and run below commands

$ sudo python run.py -iA subdomains.txt (for appending targets to existing inventory)

$ sudo python run.py -iR subdomains.txt (for replacing targets in existing inventory)

Start Scanning:

$ sudo python run.py -s

Frontend can be accessed from http://localhost/index.php (or replace localhost with your web server address)

Dashboard Screenshots

alt text

alt text

alt text

alt text

Future Enhancements

  • The next release of watchdog will also support code scanning. Given a organisation's github link it will perform vulnerability analysis mapping with CVE database.
  • More tools to get added to the external scanning engine.

Contribution:

Lead Developer

Project Lead

Project Team

Credits

More Repositories

1

Astra

Automated Security Testing For REST API's
Python
2,484
star
2

proteus

Proteus : A JSON based LayoutInflater for Android
Java
1,302
star
3

zjsonpatch

This is an implementation of RFC 6902 JSON Patch written in Java
Java
522
star
4

RTA

Red team Arsenal - An intelligent scanner to detect security vulnerabilities in company's layer 7 assets.
Python
409
star
5

springy-heads

Chat heads library for android
Java
370
star
6

android-inline-youtube-view

Utility library around using YouTube inside your android app.
Java
323
star
7

fk-visual-search

Flipkart's visual search and recommendation system
Python
172
star
8

Lois

Golang like channels for java
Java
108
star
9

flux

Highly scalable Event-driven, Reactive system for building Stateful apps and Workflow services.
Java
107
star
10

optimus

Train, evaluate and deploy Deep Learning based text classifiers. Currently supports CNN
Python
105
star
11

okhttp-stats

OkHttp Analytical library to get stats like average network speed. Also get global callbacks for network errors and successes. Can be used for logging errors to Fabric or Firebase analytical tools
Java
95
star
12

phrontend

A Framework to build rich UIs
JavaScript
88
star
13

ContentSheet

A simple control that enables presenting any view controller or navigation controller or any other object that can provide a view like an ActionSheet
Swift
82
star
14

hbase-orm

A production-grade HBase ORM library that makes accessing HBase clean, fast and fun (Can also be used as Bigtable ORM)
Java
78
star
15

madman-android

Madman (Media ads manager) is a high performance alternative to Google's standard IMA android SDK. If you have your own VAST server and want to render video ads and have full control over the UI, then this library is for you.
Kotlin
69
star
16

dkv

Distributed KV data store with tunable consistency, synchronous replication
Go
62
star
17

fk-ios-chatheads

Objective-C
58
star
18

batchman

This library for Android will take any set of events and batch them up before sending it to the server. It also supports persisting the events on disk so that no event gets lost because of an app crash. Typically used for developing any in-house analytics sdk where you have to make a single api call to push events to the server but you want to optimize the calls so that the api call happens only once per x events, or say once per x minutes. It also supports exponential backoff in case of network failures
Java
55
star
19

priority-kafka-client

Library to support priority queuing in Kafka
Java
54
star
20

animation-wrapper-view

Declarative animations with imperative controls for RN/RNW.
TypeScript
52
star
21

phantom

Phantom is a high performance proxy for accessing distributed services. It is an RPC system with support for different transports and protocols. Phantom is inspired by Twitter Finagle clients and builds on the capabilities of technologies like Netty, Unix Domain Sockets, Netflix Hystrix and Spring. Phantom proxies have been used to serve several hundred million API calls in production deployments at Flipkart.
Java
49
star
22

spark-transformers

Spark-Transformers: Library for exporting Apache Spark MLLIB models to use them in any Java application with no other dependencies.
Java
40
star
23

kafka-filtering

Very fast & efficient grep for Kafka stream
Java
38
star
24

databuilderframework

A data driven execution engine
Java
33
star
25

circular-image

Creates circular image drawable.
Java
30
star
26

android-studio-proteus-plugin

Plugin for Android studio which helps you to convert XML resources to JSON which can be used by proteus.
Java
29
star
27

storm-mysql

Storm Spout that reads off MySql Bin Logs
Java
29
star
28

ranger

Feature rich service discovery on ZooKeeper
Java
27
star
29

android-video-player

Kotlin
26
star
30

varadhi

Java
24
star
31

Poseidon

Platform to build API applications that have to aggregate data from distributed services in an efficient way.
Java
21
star
32

ios-inline-youtube-view

Utility library around using YouTube inside your iOS app.
Objective-C
20
star
33

grpc-jexpress

Developer friendly container for writing gRPC services using grpc-java
Java
17
star
34

hbase-k8s-operator

Hbase operator for kubernetes
Go
15
star
35

diligent

Run performance experiments on MySQL compatible databases
Go
15
star
36

StockPile

Provides in-memory and database based caching
Objective-C
14
star
37

Hunch

Hunch allows users to turn arbitrary machine learning models built using Python into a scalable, hosted service.
Python
14
star
38

scroll-coordinator-ios

ScrollCoordinator allows you to attach gestures to scrollviews and perform behaviours like Hiding the navigation bar, hiding the bottom bar and anchoring your scroll on these gestures.
Swift
13
star
39

gojira

Gojira is a record and replay framework for Java apps meant for regression testing. It provides complete recording capability within a single request-response scope, by recording request, response and any external interactions(outside of the jvm), thereby circumventing the need to provide a mock service.
Java
12
star
40

kubric

Android's co-ordinator layout ported to work on react native (Android, iOS and on the web)
TypeScript
11
star
41

babel-plugin-pseudolocalize-react-native

Babel plugin to transform React Native Text nodes with a custom language map for Pseudo-localization
JavaScript
11
star
42

pulsar-weighted-consumer

Pulsar consumer clients offering priority consumption
Java
10
star
43

phrontend-webpack

A webpack config maker for phrontend apps
JavaScript
10
star
44

kafka-balancer

Balance partitions among brokers with minimal data movement. Supports re-replication of under replicated partitions and setting replication as well.
Java
9
star
45

hbase-compactor

Trigger major compaction in Hbase
Java
9
star
46

BlueShift

Hadoop Data Mover Project
Java
8
star
47

android-RDX

Redux for Android.
Java
8
star
48

lenna

Go
8
star
49

Krystal

Java
7
star
50

Lyrics

Java
7
star
51

Iris-BufferQueue

A fast, in-process, persisted queue for buffering data on local host.
Java
7
star
52

hbase-sep

HBase side-effect-processor to stream changes from WAL to kafka sink.
Java
6
star
53

Cuppa

Caffe as a service and KNN as a service
Python
5
star
54

chronosq

⏱ A Scalable Distributed Scheduler
Java
5
star
55

hydra

A JVM based DispatcherComposer Engine
Java
5
star
56

mongodb-replicator

Mongodb Replicator java library for both sharded & non-sharded mongo setup.
Java
4
star
57

CTDrive

A tool which uses Google drive APIs internally and allows users to easily navigate through their files. This tool allows to maintain all organisation documents at one place similar to Confluence
TypeScript
4
star
58

polyglot

Tiered data store for use by on-line applications
Java
4
star
59

nexus

Sync replication using RAFT consensus onto pluggable backends
Go
4
star
60

dropwizard-one

Dropwizard One is a wrapper around Dropwizard that enables writing web services with minimal boilerplate code and good testability.
Java
4
star
61

Service-Worker-Tools

HTML
4
star
62

dropwizard-multitenancy

Java
4
star
63

bifrost

A remote execution framework over RabbitMQ.
Java
3
star
64

vbroker

high throughput PUSH based messaging
Java
3
star
65

wolverine

Master elected daemon, which heals itself
Java
3
star
66

prognos

Scala
3
star
67

truss

Javascript Framework
JavaScript
3
star
68

Lego

Library to build any entity (web/api response) in a scatter-gather fashion
Java
3
star
69

protobuf-util

Utility library for protobuf
Java
3
star
70

simpleJobScheduler

Java
3
star
71

ultra-docs

Documentation for Project Ultra : Flipkart's App-in-App experience
3
star
72

dsp

Java
2
star
73

tef

Java
2
star
74

molecule

ML platform with seamless experiment tracking and sharing. Supports multiple languages and platforms, meta-learning constructs and MLOps.
CSS
2
star
75

rediscast

Rediscast is an In-memory data grid, that synchronizes Entity changes in Redis server with all cluster nodes (JVM instances) within a short SLA. It uses Redis Streams for change data propagation.
Java
2
star
76

polyguice

A set of useful extensions to Google Guice and better integration with popular frameworks for creation of highly concurrent micro-services.
Java
2
star
77

portkey

Portkey is a Java model abstraction of persistence that works across multiple data stores and supports sharding. Entities can be persisted to more than one data store based on a set of rules.
Java
2
star
78

Swagger-publish

Java
2
star
79

ottoscalr

Ottoscalr provides a drop-in component for autonomous management of HPAs
Go
2
star
80

Regnator

Rule based decision engine. RESTful service where one could define the facts/variables and configures rules for the evaluation on the facts/variables and eventually choose one of the configured decision/result.
1
star
81

CoreDataLite

Lightweight core data library for iOS
Objective-C
1
star
82

statreduce

A library which to write Hadoop MapReduce jobs with map step in Java and reduce step in R for statistical computations
Java
1
star
83

homebrew-taps

Ruby
1
star
84

light-house

JavaScript
1
star
85

jupyterlab-extensions

Jupyterlab extensions
TypeScript
1
star
86

continuum

Lambda Architecture is not enough! Continuum is more fundamental
1
star
87

storm-sidelining

Java
1
star
88

turbo-relayer

Java
1
star
89

foxtrot-client

A service discovery client for foxtrot.
Java
1
star