Purify : All-In-One Tool For Managing Vulnerability Reports

June 12, 2020

The goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools.

Purify is designed to analyze the report of any tool, if the report is in JSON or XML format. This means you don’t need any special plug-ins to process reports from your selection of tools.

Purify is able to remove duplicate results among various vulnerability scanners or tools. In addition, it can combine several results of the same tool based on some fields and it is fully configurable (no coding required). Purify does all this work to reduce the headache of the analyst.

Collect all security findings in one place, review/validate/track them, collaborate, get notifications(Slack), export them into tracking systems(Jira) and so on.

Built With

Nest – The web framework used
Vuetify – Material Component Framework for Vue

Features

Currently, Purify supports Slack and Jira. Also, there is SMTP module, but it is not use at the moment.

List of packages used for these modules:

Deployment With Nginx and MongoDB

Overview
- This deployment is based on two docker images:
  - https://hub.docker.com/r/faloker/purify-api
  - https://hub.docker.com/r/faloker/purify-nginx
    - serve static files (vue frontend)
    - provide https
    - serve files over http2
- https://hub.docker.com/_/mongo (if you want local mongodb)
Local Setup : To start the Purify locally without certificates and other production things, you can do the following:
- Clone repository
- Run docker-compose -f docker-compose.tests.yml up --build

Also Read – Guardedbox : Online Client-Side Manager For Secure Storage & Secrets Sharing

Configuration

Docker-Compose : Before deployment you may want to configure a few things in docker-compose file

// ./docker-compose.yml
// if you want local mongodb

Mongo:
********
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example
// update local path to the .env file (see api/.env.example)

API:
*****
env_file:
-.env.custom
// update local paths to certificate and key files

Nginx:
*******
volumes:
– /path/to/cert:/etc/nginx/ssl/cert
– /path/to/key:/etc/nginx/ssl/key
– ./nginx.prod.conf:/etc/nginx/nginx.conf

Nginx

You can edit nginx config file to adjust it for your needs. There is a config example which is used by default, but in order to use it, you will need to change server_name options.

Start

docker-compose up -d

Built With

Nest – The web framework used
Vuetify – Material Component Framework for Vue

Download

Purify : All-In-One Tool For Managing Vulnerability Reports

APPLICATIONS

ImpulsiveDLLHijack : C# Based Tool Which Automates The Process Of Discovering And Exploiting DLL...

DrMITM : A Program Designed To Globally Log All Traffic Of A Website

Solarflare : SolarWinds Orion Account Audit / Password Dumping Utility

ODBParser : OSINT Tool To Search, Parse And Dump Only The Open Elasticsearch And...

HOT NEWS

PSMDATP : PowerShell Module For Managing Microsoft Defender Advanced Threat Protection

EVEN MORE NEWS

Bomber : Navigating Security Vulnerabilities In SBOMs

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In...

Exploit Street – Navigating The New Terrain Of Windows LPEs

POPULAR CATEGORY

Go_Parser : Yet Another Golang Binary Parser For IDAPro

FileGPS : A Tool That Help You To Guess How Your...

Parsec Cloud : Secure Cloud Framework