• This repository has been archived on 14/Apr/2023
  • Stars
    star
    1,191
  • Rank 39,271 (Top 0.8 %)
  • Language
    Python
  • License
    Other
  • Created over 8 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber

Join us for a WALKOFF community virtual event on September 23rd!

https://www.eventbrite.com/e/walkoff-consortium-automating-at-the-speed-of-operations-registration-118693482401

Check out the WALKOFF community subreddit!

https://www.reddit.com/r/walkoffcommunity/

Welcome to WALKOFF's documentation!

This documentation is intended as a reference for app and workflow developers as well as project contributors and operators. Here you will find walkthroughs, tutorials and other useful information about applications that are shipped with Walkoff, our changelog, and how to interact with Walkoff using its RESTful API.

What is WALKOFF?

WALKOFF is a flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down,

WHAT WE OFFER

  • Easy-to-use: Drag-and-drop workflow editor. Sharable apps and workflows.
  • Flexibility: Deployable on Windows or Linux.
  • Modular: Plug and play integration of almost anything with easy-to-develop applications.
  • Visual Analytics: Send workflow data to custom dashboards (and soon, Elasticsearch & Kibana!)

Documentation

https://walkoff.readthedocs.io/en/latest/

Pre-requisites

Ensure that Docker, Docker Compose 3+, and git are installed!

If you do not already have a Docker Swarm initialized or joined, run the following command to create one:

docker swarm init

Note: If you have multiple NICs you will need to use --advertise-addr to pick an address from which the swarm will be accessible.

Deploying WALKOFF in a Unix environment

  1. Open a terminal and clone WALKOFF:

    git clone https://github.com/nsacyber/WALKOFF.git
    
  2. Move into the WALKOFF directory:

    cd WALKOFF
    
  3. Build WALKOFF's bootloader container, which handles management of the WALKOFF stack:

    ./build_bootloader.sh
    

    The bootloader performs the following tasks:

    • Creating Docker secrets, configs, networks, volumes, etc.
    • Building and pushing component images to WALKOFF's internal registry.
    • Deploying and removing the Docker Stack.
  4. Launch WALKOFF with the bootloader, building components as well:

    ./walkoff.sh up --build
    
    # If verbose output is desired:
    ./walkoff.sh up --build --debug
    
  5. Navigate to the default IP and port. The default IP and the port can be changed by altering the port NGINX is exposed on (the right-hand port) in the top-level docker-compose.yml. Note that you should use HTTPS, and allow the self-signed certificate when prompted.

    https://127.0.0.1:8080
    
  6. The default username is "admin" and password is "admin." These can and should be changed upon initial login.

  7. To stop WALKOFF, use the bootloader:

    ./walkoff.sh down
    
    # If removing encryption key (and persistent data), stored images, and verbose output is desired:
    ./walkoff.sh down --key --registry --debug
    

Deploying WALKOFF in a Windows environment

  1. Open PowerShell and clone WALKOFF:

    git clone https://github.com/nsacyber/WALKOFF.git
    
  2. Move into the WALKOFF directory:

    cd WALKOFF
    
  3. Use the provided walkoff.ps1 script to initialize Walkoff's required components:

    # Create Docker volumes, secrets
    .\walkoff.ps1 init
    
    # Build and Push WALKOFF component images
    .\walkoff.ps1 build
    
  4. Launch WALKOFF with walkoff.ps1:

    # Deploy WALKOFF stack
    .\walkoff.ps1 up
    
    # Check WALKOFF stack services
    .\walkoff.ps1 status
    
  5. Navigate to the default IP and port. The default IP and the port can be changed by altering the port NGINX is exposed on (the right-hand port) in the top-level docker-compose.yml. Note that you should use HTTPS, and allow the self-signed certificate when prompted.

    https://127.0.0.1:8080
    
  6. The default username is "admin" and password is "admin." These can and should be changed upon initial login.

  7. To stop WALKOFF, use the bootloader:

    .\walkoff.ps1 stop
    
    # If removing encryption key, persistent data, stored images is desired:
    .\walkoff.ps1 down
    

More Repositories

1

Windows-Secure-Host-Baseline

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
HTML
1,538
star
2

goSecure

An easy to use and portable Virtual Private Network (VPN) system built with Linux and a Raspberry Pi. #nsacyber
Python
971
star
3

Mitigating-Web-Shells

Guidance for mitigation web shells. #nsacyber
YARA
951
star
4

GRASSMARLIN

Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber
Java
910
star
5

Event-Forwarding-Guidance

Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding. #nsacyber
PowerShell
840
star
6

Hardware-and-Firmware-Security-Guidance

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber
C
748
star
7

ELITEWOLF

OT security monitoring #nsacyber
560
star
8

Windows-Event-Log-Messages

Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber
C#
392
star
9

Mitigating-Obsolete-TLS

Guidance for mitigating obsolete Transport Layer Security configurations. #nsacyber
PowerShell
269
star
10

nsacyber.github.io

NSA Cybersecurity. Formerly known as NSA Information Assurance and the Information Assurance Directorate
PowerShell
257
star
11

AppLocker-Guidance

Configuration guidance for implementing application whitelisting with AppLocker. #nsacyber
PowerShell
204
star
12

Pass-the-Hash-Guidance

Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber
PowerShell
196
star
13

HIRS

Trusted Computing based services supporting TPM provisioning and supply chain validation concepts. #nsacyber
Java
171
star
14

simon-speck

The SIMON and SPECK families of lightweight block ciphers. #nsacyber
167
star
15

unfetter

Identifies defensive gaps in security posture by leveraging Mitre's ATT&CK framework. #nsacyber
163
star
16

Control-Flow-Integrity

A proposed hardware-based method for stopping known memory corruption exploitation techniques. #nsacyber
C
152
star
17

BAM

The Binary Analysis Metadata tool gathers information about Windows binaries to aid in their analysis. #nsacyber
Python
146
star
18

WALKOFF-Apps

WALKOFF-enabled applications. #nsacyber
YARA
141
star
19

Maplesyrup

Assesses CPU security of embedded devices. #nsacyber
C
140
star
20

RandPassGenerator

A command-line utility for generating random passwords, passphrases, and raw keys. #nsacyber
Java
118
star
21

BitLocker-Guidance

Configuration guidance for implementing BitLocker. #nsacyber
HTML
113
star
22

Certificate-Authority-Situational-Awareness

Identifies unexpected and prohibited certificate authority certificates on Windows systems. #nsacyber
PowerShell
107
star
23

netfil

A kernel network manager with monitoring and limiting capabilities for macOS. #nsacyber
C
103
star
24

LOCKLEVEL

A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber
JavaScript
99
star
25

HTTP-Connectivity-Tester

Aids in discovering HTTP and HTTPS connectivity issues. #nsacyber
PowerShell
96
star
26

Splunk-Assessment-of-Mitigation-Implementations

Automatically scores how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber
Python
72
star
27

netman

A userland network manager with monitoring and limiting capabilities for macOS. #nsacyber
C
71
star
28

serial2pcap

Converts serial IP data, typically collected from Industrial Control System devices, to the more commonly used Packet Capture (PCAP) format. #nsacyber
Python
65
star
29

PRUNE

Logs key Windows process performance metrics. #nsacyber
C#
62
star
30

paccor

The Platform Attribute Certificate Creator can gather component details, create, sign, and validate the TCG-defined Platform Credential. #nsacyber
Java
53
star
31

Blocking-Outdated-Web-Technologies

Guidance for blocking outdated web technologies. #nsacyber
PowerShell
51
star
32

Detect-CVE-2017-15361-TPM

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber
PowerShell
49
star
33

Driver-Collider

Blocks drivers from loading by using a name collision technique. #nsacyber
C
45
star
34

simon-speck-supercop

Fast implementations of the SIMON and SPECK lightweight block ciphers for the SUPERCOP benchmark toolkit. #nsacyber
C
43
star
35

Cyber-Challenge

Supporting files for cyber challenge exercises. #nsacyber
Jupyter Notebook
39
star
36

Chinese-State-Sponsored-Cyber-Operations-Observed-TTPs

Supporting files for the Chinese State-Sponsored Cyber Operations: Observed TTPs Cybersecurity Advisory. #nsacyber
34
star
37

AtomicWatch

Intel Atom C2000 series discovery tool that parses log files and returns results if a positive match is found. #nsacyber
Python
25
star
38

CodeGov

Creates a code.gov code inventory JSON file based on GitHub repository information. #nsacyber
PowerShell
22
star