Skip to content
This repository has been archived by the owner on Jul 30, 2020. It is now read-only.
/ crossfeed-web Public archive

Continuous external monitoring and vulnerability scanning for organization assets

License

Notifications You must be signed in to change notification settings

Code-dot-mil/crossfeed-web

Repository files navigation

This repository has been archived. Please see https://github.com/deptofdefense/Crossfeed for the new, redesigned version of Crossfeed.

Crossfeed

External monitoring for organization assets

Crossfeed is a tool that blends external asset information with known vulnerabilities from the VDP in order to better secure DoD systems. Crossfeed continually scans for public facing assets using a number of OSINT and minimally invasive techniques. This information is then used in scans to discover indicators of vulnerabilities.

Current features:

  • Continually tracked database of DoD assets
  • Database of vulnerability reports from VDP
  • Passive scans for open ports utilizing Rapid7's Project Sonar
  • Host fingerprinting using Wappalyzer
  • Recurring vulnerability scans based on past vulnerabilities
  • Slack notifications when new ports and vulnerabilities found

Infrastructure

Crossfeed Web (this repository) sits as the user-facing end of Crossfeed. This displays all information and allows scheduling scans.

Crossfeed Agent is the backend scanner, which launches and coordinates scans.

Scans are queued via Amazon SQS and dispatched by crossfeed agent. This is designed for a multi-host environment, where backend scanners process incoming scan requests asynchronously.

Development

To get started, first copy relevent config files:

  1. Run cp .env.example .env
  2. Run cp config/config.example.json config/config.json
  3. In the agent, run cp config.example.json config.json

Install and configure Docker

Configure the Postgres database information in .env on web and config.json for the agent. Likewise, configure the SQS information in .env for web and config.json for the agent.

Obtain API Keys

Crossfeed integrates with several APIs. Configure the following API keys to make full use of the tool:

  • SONAR_API_KEY (agent) - The Rapid7 Project Sonar API key, used to download port scan data
  • SLACK_WEBHOOK_URL (agent) - A Slack incoming webhook url, used to post alerts to Slack
  • BD_API_KEY (web, optional) - A BitDiscovery API key, optionally used for importing data

Quick start

  1. Run docker-compose up

About

Continuous external monitoring and vulnerability scanning for organization assets

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages