Giter VIP home page Giter VIP logo

firebolt's Introduction

Firebolt

=====

Firebolt is a DevSecOps project that helps the community collect and enumerate different types of attacks to be used in the Continuous Delivery of software features. The project is intended to provide a library and catalog of attacks to help DevOps teams test and continuously measure baseline drift. Firebolt will provide functionality for cataloging attacks to be included within software to support automated evaluation of attack surface during the preparation and deployment of software. Like quality checks, attacks are intended to help DevOps teams evaluate their software implementation and detect issues quickly so that they can be fixed.

The DevSecOps community is currently focusing on developing the Firebolt platform by understanding the templates used in Gauntlt and AttackIQ. However, as we recieve feedback and contributions we expect the project to develop into a more robust attack sharing platform and intend for DevOps teams to add these checks to there software repositories.

Prerequisites

###NOTE: All firebolt gauntlt attacks use environment variables( thanks wickett!) to set the attack host. This allows for more flexibility than hardcoded targets and can be used to loop through multiple hosts looking for positive attacks. The variables user are:

  • TARGET_HOST for setting the host to attack
  • TARGET_PORT for setting the port as needed

Getting Started

  1. One very easy way to get started is to use Kali Linux. Kali already has the prerequisites installed and working in a nice and easy to use Debian based Linux distro. It's available at: https://www.kali.org/

  2. Clone the firebolt github repo:

git clone https://github.com/devsecops/firebolt.git
  1. Install Gauntlt:
gem install gauntlt

  1. Get familiar with Gauntlt and attack files: https://github.com/gauntlt/gauntlt

  2. Let's test local host with one of the example attacks:

export TARGET_HOST=127.0.0.1

cd firebolt/gauntlt/attacks

gauntlt open-rmiregistry-server.attack

If everything was set up correctly you should see that the test passes.

##TODO

  • Add a Metasploit Attack Adaptor to Gauntlt
  • Add more attacks for Gauntlt
  • Add initial attacks for AttackIQ

##How to Contribute

  1. Fork the repo
  2. Add some attacks
  3. Submit a Pull Request and we'll review

firebolt's People

Contributors

slietz avatar grahammthomas avatar iallison avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.