• Stars
    star
    482
  • Rank 91,212 (Top 2 %)
  • Language
    Shell
  • License
    GNU General Publi...
  • Created over 6 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

Master

Open source security auditing tool to search and dump system configuration.


Travis-CI Version Commands License

Introduction  |   Description  |   Requirements  |   Output  |   Parameters  |   Reports  |   How it works  |   Other

Created by trimstray and contributors


Introduction

The main goal

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time.

For whom

Otseca facilitates collection of many important information about a given system.

It is useful for:

    ☑️ system administrators
    ☑️ security researchers
    ☑️ security professionals
    ☑️ pentesters
    ☑️ hackers

How To Use

It's simple:

# Clone this repository
git clone https://github.com/trimstray/otseca

# Go into the repository
cd otseca

# Install
./setup.sh install

# Run the app
otseca --ignore-failed --tasks system,network --output /tmp/report
  • symlink to bin/otseca is placed in /usr/local/bin
  • man page is placed in /usr/local/man/man8

Hint 1 If you do not want the script to be stopped after encountering errors add --ignore-failed script param.

Hint 2 Only selected tasks using the --tasks <task_1,task_2,task_n> script param.

Description

Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.

The basic goal is to get as much information about the scanned system as possible for later analysis. Otseca contains many predefined commands, however, nothing prevents you from creating your own according to your needs. In addition, it automates the entire information gathering process.

After the scan finishes, a report is generated to examine specific nooks of the system.

Requirements

This tool working with:

  • GNU/Linux (testing on Debian and CentOS)
  • Bash (testing on 4.4.19)

Also you will need root access.

Output

An exemplary result of the process of collecting information from the local system:

Master

Parameters

Below is a list of available options:

  Usage:
    otseca <option|long-option>

  Examples:
    otseca --help
    otseca --format html
    otseca --format html --ignore-failed
    otseca --format raw-html --tasks system,network

  Options:
        --help                      show this message
     -f|--format <key>              set output format (key: html/raw-html)
     -t|--tasks <key>               set specific task to do
                                    (key: system, kernel, permissions, services, network, distro, external)
     -o|--output <path>             set path to output directory report
        --show-errors               show stderr to output
        --ignore-failed             do not exit with nonzero on commands failed

Reports

Otseca generates reports in html (js, css and other) or raw-html (pure html) formats.

Default path for reports is {project}/data/output directory. If you want to change it, add the --output <path> option to call the script.

Main page (index.html)

It's the main file which contains a list of reports such as system or network.

Master

Tasks reports

The report that can be performed consists of the following sections (stacks):

  • system - dump info from system commands (output file: system.all.log.html)
  • kernel - dump info about kernel params (output file: kernel.all.log.html)
  • permissions - dump info about permissions (output file: permissions.all.log.html)
  • services - dump info about system services (output file: services.all.log.html)
  • network - dump info from network layer (output file: network.all.log.html)
  • distro - dump info about specific distribution (output file: distro.all.log.html)
  • external - all external, also user tasks or included from etc/ directory (output file: external.all.log.html)

HTML reports consist of the following blocks (example):

Master

How it works

Tasks

Otseca divides his work into tasks. Each sets of tasks performs defined commands (eg. from the file etc/otseca.conf). By default six tasks are available: system, kernel, permissions, services, network, distro and external.

By default, all tasks are performed but you can specify them with the --tasks parameter giving one or many tasks as an argument. For example:

otseca --ignore-failed --tasks system,kernel

Commands

They are actual commands executed from the configuration file grouped into tasks.

Here is an example of a network task containing several built-in commands:

NETWORK_STACK=(\

  "_exec hostname -f" \
  "_exec ifconfig -a" \
  "_exec iwconfig" \
  "_exec netstat -tunap" \
  "_exec netstat -rn" \
  "_exec iptables -nL -v" \
  "_exec iptables -nL -v -t nat" \
  "_exec iptables -S" \
  "_exec lsof -ni" \

)

Submodules

Submodules are built-in functions that perform the commands described above. Here is submodules list:

  • _exec - init standard commands, eg. _exec ls -l /etc/rsyslog.conf
  • _grep - is responsible for searching for strings in files, eg. _grep max_log_file /etc/audit/auditd.conf
  • _stat - collects information about files, eg. _stat /etc/ssh/sshd_config
  • _sysctl - compares the values of the kernel parameters, eg. _sysctl fs.suid_dumpable 1
  • _systemctl - checks the operation of services, eg. _systemctl httpd

Output states

Otseca supports three output (response) states:

  • DONE - informs that the command was executed correctly, most often it says that you did not find what you are looking for which is good information. The report is marked in green:

    • from console output:

      Master

    • from report output:

      Master

  • WARN - informs that the command was not executed correctly (syntax error, no command, file not found etc.). The report is marked in yellow:

    • from console output:

      Master

    • from report output:

      Master

  • TRUE - informs that the command was executed correctly and found what we were looking for, e.g. too wide permissions for the file /etc/sudoers. The report is marked in red:

    • from console output:

      Master

    • from report output:

      Master

Other

Contributing

See this.

Project architecture

See this.

License

GPLv3 : http://www.gnu.org/licenses/

Free software, Yeah!

More Repositories

1

the-book-of-secret-knowledge

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
142,948
star
2

nginx-admins-handbook

How to improve NGINX performance, security, and other important things.
Shell
13,473
star
3

test-your-sysadmin-skills

A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.
10,637
star
4

the-practical-linux-hardening-guide

This guide details creating a secure Linux production system. OpenSCAP (C2S/CIS, STIG).
9,901
star
5

htrace.sh

My simple Swiss Army knife for http/https troubleshooting and profiling.
Shell
3,747
star
6

sandmap

Nmap on steroids. Simple CLI with the ability to run pure Nmap engine, 31 modules with 459 scan profiles.
Shell
1,564
star
7

linux-hardening-checklist

Simple checklist to help you deploying the most important areas of the GNU/Linux production systems - work in progress.
1,471
star
8

iptables-essentials

Iptables Essentials: Common Firewall Rules and Commands.
1,464
star
9

multitor

Create multiple TOR instances with a load-balancing.
Shell
1,044
star
10

technical-whitepapers

Collection of IT whitepapers, presentations, pdfs; hacking, web app security, db, reverse engineering and more; EN/PL.
472
star
11

mkchain

Open source tool to help you build a valid SSL certificate chain.
Shell
359
star
12

reload.sh

Wipe, reinstall or restore your system from running GNU/Linux distribution. Via SSH, without rebooting.
Shell
268
star
13

massh-enum

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).
Shell
145
star
14

trimstray.github.io

Personal blog [PL/EN].
HTML
37
star
15

trimstray

Something about me.
15
star