In0ri : Defacement Detection With Deep Learning

In0ri is a defacement detection system utilizing a image-classification convolutional neural network.

Introduction

When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize the image before passing it onto the classifier. The core of the classifier is a convolutional neural network that is trained to detect the defacement of a website. If the monitored website is indeed, defaced, In0ri will send out warnings via email to the user.

Requirement

  • Python3 (version >=3.6)
  • Docker
  • Docker-compose

Installation

Cloning the repository

git clone https://github.com/J4FSec/In0ri.git
cd In0ri

Configuring email credentials to send notifications and agent keys from

Edit the file FlaskApp/sendEmail.py

EMAIL_ADDRESS = “foo@gmail.com”
EMAIL_PASSWORD = “$uper$ecurePa$$word”

Configure Telegram notification

Edit the file chatbot.py

CHAT_ID= ‘foo’ # Channel ID to send notifications to
TOKEN = ‘bar’ # Bot token retrieved from @BotFather

Starting In0ri

docker-compose up -d

Usage

There’s two ways to deploy and using In0ri:

  • Running off crontab by periodically visiting the url.
  • Internal agent running off the web server

First Method: URL Check

Visit the WebUI on https://<serverIP>:8080/ and click on “Register” then fill in the form and submit it.

Second Method: Internal Agent

Visit the WebUI on https://<serverIP>:8080/ and click on “Register” then fill in the form and submit it.

Click on “Create Agent” then fill in the form and check your email for the Agent’s key.

On the web server that you wants to be monitored by In0ri, download the Agent folder from Github repository

Installing the required packages for the internal Agent

python3 -m pip install watchdog
python3 -m pip install requests

Edit the file config.json in the same folder as agent

nano config.json

key is sent to your email after registering the Agent on the WebUI rootPath is the root directory of the web application that you want to be monitored exludePath are the subfolders that you wants excluded from the scans apiServer is the URL to the API server of In0ri serverIP is the IP of the API server of In0ri.

{
“id”:”01″,
“key”:”123123123″,
“rootPath”:”/var/www/html”,
“excludePath”:””,
“apiServer”:”http://:8088/checkdeface”
}

And run the Agent:

python3 agent.py

Download
R K

Share
Published by
R K
Tags: Deep LearningDefacementdetectionIn0ri
3 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago