SARENKA is an Open Source Intelligence (OSINT) tool which helps you obtaining and understanding Attack Surface.
The main goal is to gathering infromation from search engines for Internet-connected devices (https://censys.io/, https://www.shodan.io/). It scraps data about Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE) and also has database where CVEs are mapped to CWE.
It returns data about local machine – local installed softwares (from Windows Registry), local network information (python libraries, popular cmd commads).
For now application has also simple tools like hash calcualtor, shannon entropy calculator and very simple port scanner. More cryptography-math tools and reconnaissance scripts are planned.
Look
https://raw.githubusercontent.com/pawlaczyk/sarenka_tools/master/cwe_all.json
In progress
In progress
Installation
Description in progress Sarenka is local web application for Windows.
Rirst release gathers data from two search engines. example sarenka/backend/connectors/credentials.json
{ "censys": { "base_url": "https://censys.io/", "API_ID": "<my_user>", "Secret": "<my_api_key>", "API_URL": "https://censys.io/api/v1" }, "shodan": { "base_url": "https://www.shodan.io/", "user": "<my_user>", "api_key": "<my_api_key>" } }
Features
Database
This is tricki part, because we have 863 sqlite3 database files: default, CWE-NONE (some CVE hasn’t cwe_id eg.: CVE-2013-3621) and 861 individual for CWEs
Tech
It uses a number of open source projects to work properly on:
And of course SARENKA itself is open source with a public repository on GitHub.
Planned Features
CI/CD Tools
Tests
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…