My name is Julian Fonticoba, a.k.a syn-4ck, and I'm an Application Security Engineer focused on DevSecOps and security automatization.
My webpage โข fafnir-sec โข pynipper-ng
Configuration security analyzer for network devices. Pynipper-ng is an evolution of nipper-ng, updated and translated to python. [ALPHA version]
Home Page: https://pynipper-ng.readthedocs.io/
License: GNU General Public License v3.0
My webpage โข fafnir-sec โข pynipper-ng
Version number
Version number: 1.0.0
Description
First complete beta version of pynipper-ng, for Cisco devices.
Release date
Release date: 06/08/2023
Reduced changelog
It is necessary yo have a workflow that allows yo check if pynipper can be build successfully. Also, it is necessary yo check the modules with unit tests.
So:
Is your feature request related to a problem? Please describe.
We want to include labels with important information (like CIS ID, CWE...)
Describe the solution you'd like
A field in the reports
Describe alternatives you've considered
N/A
Pynipper-ng should be documentated in:
Describe the bug
The SonarQube workflow doesn't works un PRs.
To Reproduce
Create a PR with base branch main ir Develop.
Expected behavior
A SonarQube scan executed with a open PR.
CLI (please complete the following information):
Tracking issue for:
Is your feature request related to a problem? Please describe.
Improve readthedocs and web page documentation
Is your feature request related to a problem? Please describe.
We want to improve the Code Quality. The plugins should be more flexible and easy, and the impact/exploit/recommendations should be stored out of the plugin (like a DB)
Describe the solution you'd like
A more clear-concept in plugins.
Describe alternatives you've considered
Messages stored.
Easy plugin architecture.
Is your feature request related to a problem? Please describe.
Create a field in the reports to improve the UX when a network admin wants to remediate it.
Describe the solution you'd like
Introduce a Line number
in reports.
Describe alternatives you've considered
N/A
Additional context
N/A
Closes GHSA-r4pr-h9r8-jj5p
A new important enhancement for v0.1.0 BETA is include the checks of nipper-ng in the pynipper-ng modules. The translation of this checks (C++ to Python) allows user to have the same level of detection that in nipper-ng.
Category | Complete? |
---|---|
Local Authentication, Authorization and Accounting (AAA) | No |
Access rules | No |
Banner rules | Yes |
Password rules | Yes |
SNMP rules | No |
Login enhancements | No |
Setup SSH | Yes (need enhancements) |
Logging rules | No |
NTP rules | No |
Loopback rules | No |
Routing rules | Yes |
Border routing filtered | No |
Neighbour Auth | No |
OSPF Auth | No |
RIPv2 Auth | No |
BGP Auth | No |
Based on https://www.cisecurity.org/cis-benchmarks (CIS CISCO IOS 17.x Benchmark)
Is requied to make the requirements file.
We should clean the code-smells and bugs reported in SonarCloud.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.