5cbe90a136
更新0层逻辑视图 Signed-off-by: xujian <xujian@kylinos.cn> |
||
---|---|---|
data | ||
docs | ||
image | ||
src | ||
.DS_Store | ||
.gitignore | ||
LICENSE | ||
Makefile | ||
README.en.md | ||
README.md |
README.en.md
genmai
Introduction
Genmai is an open-source security scanning framework. It has host vulnerability scanning, network vulnerability scanning, and baseline scanning. For more information, please refer to openKylin SecurityGovernance SIG.
The operating principle of the Genmai framework can divide into three steps. Firstly, it creates a sandbox, and the vulnerability POC/EXP detected is parsed on the sandbox using the YAML and JSON parsers. Then, it stores all of the vulnerabilities in the cache. At last, Genmai can detect vulnerabilities through remote or local evaluations to generate analysis reports. The details referred to the following figure:
Name Source
Genmai comes from the Chinese medical term: feel the pulse, with the phonetic symbol "[dʒen'maɪ]”. Feeling the pulse involves touching a patient's artery with the fingers to understand the internal changes in the condition.
Software Architecture
amd64
Catalog Description
* data : Directory of some data files
* docs : Document directory, including design documents and explanatory documents
* examples : Using the example directory
* image : Images directory
* misc : Others
* utils : Utility/Script Directory
* tools: Auxiliary tools
* z-container : Temporary storage directory
* z-testsuit : Test program directory
* z-trash : Dustbin directory
Framework Advantages
- Possess a UI interface for easy operation and use.
- Using Sandbox for system/kernel vulnerability detection avoids some destructive POC/EXP attacks on physical hosts.
- We create a collaboration pool and a request pool. And we synchronize PoC/EXP requests, detection, and authentication through collaboration scheduling, accelerating the efficiency of vulnerability authentication.
- For kernel and system modules, PWN modules are used for detection to make the detection more accurate.
- Genmai equips with a remote evaluation function so that hosts can perform detection simultaneously.
- It can conveniently generate security reports for manual auditing.
Function Model
Genmai mainly contains six function models:
- Vulnerability detection: Genmai's vulnerability detection mainly involves detecting system and kernel vulnerabilities. It roughly uses some publicly available CVE/CNVD and publicly available internal mining vulnerabilities as tools. It includes detecting RCE without login, weak passwords (SSH, MYSQL, FTP, etc.), and unauthorized vulnerabilities for web vulnerabilities.
- Fuzzing: Fuzzing focuses on the kernel and service interfaces.
- Security baseline detection: Security baseline detection involves suspicious processes, files, logs, OS configurations, network configurations, and application configurations.
- Evaluation: It has two methods: local evaluation and remote evaluation. Local evaluation mainly involves the remote detection of hosts by SSH and SCP.
- Patch information: It provides repair suggestions and patch information for users.
- Tool updates Users can directly use 'update' to obtain the latest version of the tool.
development mechanism
- We already complete the development of the main framework, which mainly includes the sandbox, request pool, co-program pool, cache, JSON parser, YAML parser, interpreter, and remote check.
- In the first stage, we will complete the development of the kernel module at first, so that Genmai can detect vulnerabilities in the kernel.
- In the second stage, we will complete the development of security baseline detection and make Genmai able to use baseline scanning.
- In the third stage, we will complete the system vulnerability module development and make Genmai able to detect system vulnerabilities.
- In the fourth stage, we will complete the development of the web vulnerability module and make Genmai able to detect web vulnerabilities.
- In the fifth stage, we will complete the development of automatic update function.
- In the sixth stage, we will complete the UI interface development.
- In the seventh stage, we will complete the development of patch information import function.
- In the eighth stage, we will complete the development of fuzzing so that Genmai can use fuzzing detection function.
Compilation Instructions
# make
or
# make build
Cleaning Function
# make clean
or
# make realclean
Participate in Contributions
- Fork this repository
- Create a new branch: Feat_ Xxx
- Submit Code
- Create a new Pull Request