vulnreport: Open-source pentesting management and automation platform – Penetration Testing

Vulnreport

Pentesting management and automation platform

Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer’s time. The platform is built to support automation at every stage of the process and allow customization for whatever other systems you use as part of your pentesting process.

Vulnreport was built by the Salesforce Product Security team as a way to get rid of the time we spent writing, formatting, and proofing reports for penetration tests. Our goal was and continues to be to build great security tools that let pentesters and security engineers focus on finding and fixing vulns.

For full documentation, see http://ift.tt/2amMYe2

Deployment

Vulnreport is a Ruby web application (Sinatra/Rack stack) backed by a PostgreSQL database with a Redis cache layer.

Vulnreport can be installed on a local VM or server behind something like nginx, or can be deployed to Heroku.

Local Deploy / Your own server

To deploy locally, you’ll need to make sure you have installed the dependencies:

Ruby >= 2.1

PostgreSQL

Redis

Rollbar

Bundler

Clone the repo and open up the .env file, updating it as necessary. The run bundle install. You’ll probably want to modify start.sh to make it work for your environment – the one included in the repo is intended to be used for local use during debugging/development.

You should also create a .env file based on .env.example, or set the same ENV variables defined in .env in your environment.

Installation

To handle the initial configuration for Vulnreport, run the SEED.rb script. If you are deploying on Heroku, run this via heroku run ./SEED.rb.

If you used the automated ‘Deploy to Heroku’ feature, this step should have been handled for you automatically.

Running ./SEED.rb on ⬢ vulnreport-test… up, run.8035

Vulnreport 3.0.0.alpha seed script
WARNING: This script should be run ONCE immediately after deploying and then DELETED

Setting up Vulnreport now…

Setting up the PostgreSQL database…
Done

Seeding the database…
Done

User ID 1 created for you

ALL DONE!
Login to Vulnreport now and go through the rest of the settings!

Download & Tutorial

The post vulnreport: Open-source pentesting management and automation platform appeared first on Penetration Testing.

http://ift.tt/2vAdWWw http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s