Go to file
xujian bc0ffe11b5
!406 add strip compare in pedt
Merge pull request !406 from xujian/master
2024-06-17 07:34:11 +00:00
data add strip comapre in pedt 2024-06-17 15:33:30 +08:00
docs update docs/架构设计/开发视图设计.md. 2024-02-28 06:40:14 +00:00
image 更新0层逻辑视图 2024-02-28 02:41:13 +00:00
src 更新需求收集表open状态及会议纪要 2024-01-05 09:43:34 +08:00
.DS_Store 更新需求收集表open状态及会议纪要 2024-01-05 09:43:34 +08:00
.gitignore 完成简单的漏洞报告功能 2022-12-07 15:17:34 +08:00
LICENSE 完成简单的漏洞报告功能 2022-12-07 15:17:34 +08:00
Makefile 完成简单的漏洞报告功能 2022-12-07 15:17:34 +08:00
README.en.md 新增英文版mod 2023-05-23 15:46:01 +08:00
README.md 更新需求文档 2024-01-16 16:49:15 +08:00

README.en.md

genmai

Introduction

Genmai is an open-source security scanning framework. It has host vulnerability scanning, network vulnerability scanning, and baseline scanning. For more information, please refer to openKylin SecurityGovernance SIG.

The operating principle of the Genmai framework can divide into three steps. Firstly, it creates a sandbox, and the vulnerability POC/EXP detected is parsed on the sandbox using the YAML and JSON parsers. Then, it stores all of the vulnerabilities in the cache. At last, Genmai can detect vulnerabilities through remote or local evaluations to generate analysis reports. The details referred to the following figure:

Name Source

Genmai comes from the Chinese medical term: feel the pulse, with the phonetic symbol "[dʒen'maɪ]”. Feeling the pulse involves touching a patient's artery with the fingers to understand the internal changes in the condition.

Software Architecture

amd64

Catalog Description

* data : Directory of some data files
* docs : Document directory, including design documents and explanatory documents
* examples : Using the example directory
* image : Images directory
* misc : Others
* utils : Utility/Script Directory
* tools: Auxiliary tools
* z-container : Temporary storage directory
* z-testsuit : Test program directory
* z-trash : Dustbin directory

Framework Advantages

  1. Possess a UI interface for easy operation and use.
  2. Using Sandbox for system/kernel vulnerability detection avoids some destructive POC/EXP attacks on physical hosts.
  3. We create a collaboration pool and a request pool. And we synchronize PoC/EXP requests, detection, and authentication through collaboration scheduling, accelerating the efficiency of vulnerability authentication.
  4. For kernel and system modules, PWN modules are used for detection to make the detection more accurate.
  5. Genmai equips with a remote evaluation function so that hosts can perform detection simultaneously.
  6. It can conveniently generate security reports for manual auditing.

Function Model

Genmai mainly contains six function models:

  1. Vulnerability detection: Genmai's vulnerability detection mainly involves detecting system and kernel vulnerabilities. It roughly uses some publicly available CVE/CNVD and publicly available internal mining vulnerabilities as tools. It includes detecting RCE without login, weak passwords (SSH, MYSQL, FTP, etc.), and unauthorized vulnerabilities for web vulnerabilities.
  2. Fuzzing: Fuzzing focuses on the kernel and service interfaces.
  3. Security baseline detection: Security baseline detection involves suspicious processes, files, logs, OS configurations, network configurations, and application configurations.
  4. Evaluation: It has two methods: local evaluation and remote evaluation. Local evaluation mainly involves the remote detection of hosts by SSH and SCP.
  5. Patch information: It provides repair suggestions and patch information for users.
  6. Tool updates Users can directly use 'update' to obtain the latest version of the tool.

development mechanism

  1. We already complete the development of the main framework, which mainly includes the sandbox, request pool, co-program pool, cache, JSON parser, YAML parser, interpreter, and remote check.
  2. In the first stage, we will complete the development of the kernel module at first, so that Genmai can detect vulnerabilities in the kernel.
  3. In the second stage, we will complete the development of security baseline detection and make Genmai able to use baseline scanning.
  4. In the third stage, we will complete the system vulnerability module development and make Genmai able to detect system vulnerabilities.
  5. In the fourth stage, we will complete the development of the web vulnerability module and make Genmai able to detect web vulnerabilities.
  6. In the fifth stage, we will complete the development of automatic update function.
  7. In the sixth stage, we will complete the UI interface development.
  8. In the seventh stage, we will complete the development of patch information import function.
  9. In the eighth stage, we will complete the development of fuzzing so that Genmai can use fuzzing detection function.

Compilation Instructions

# make
or
# make build

Cleaning Function

# make clean
or
# make realclean

Participate in Contributions

  1. Fork this repository
  2. Create a new branch: Feat_ Xxx
  3. Submit Code
  4. Create a new Pull Request