Hacking, patrowl tutorial, Threat Intelligence

PatrOwl – Smart and Scalable Security Operations Orchestration Platform

PatrOwl is an advanced platform for orchestrating Security Operations like Penetration testing, Vulnerability Assessment, Code review, Compliance checks, Cyber-Threat Intelligence / Hunting and SOC & DFIR Operations.

PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations (scans, searches, API calls, …), aggregating the results, relaying alerts on third parties (ex: Incident Response platform like TheHive, Splunk, …) and providing the reports and dashboards. Operations are performed by the PatrowlEngines instances.

Some of the use cases with this platform is:

  • Monitoring Internet-faced systems Scan continuously websites, public IP, domains and subdomains for vulnerabilities, misconfigurations.
  • Data leaks Monitor code leaks on GitHub, sharing platforms (Pasties), emails in dump leaks, open AWS buckets, …
  • Phishing / APT scenario preparation Monitor early signs of targeted attacks: new domain registration, suspicious Tweets, paste, VirusTotal submissions, phishing reports, …
  • Vulnerability and remediation tracking Identify vulnerabilities, send a full report to ticketing system (TheHive, JIRA, …) and rescan to check for remediation
  • Regulation and Compliance Evaluate compliance gaps using provided scan templates
  • Vulnerability assessment of internal systems Orchestrate regular scans on a fixed perimeter, check changes (asset, vulnerability, criticality)
  • Penetration tests Perform the reconnaissance steps, the full-stack vulnerability assessment and the remediation checks
  • Attacker assets monitoring Ensure readiness of teams by identifying attackers’ assets and tracking changes of their IP, domaines, WEB applications
  • Continuous Integration / Continuous Delivery Automation of static code analysis, external resources assessment and web application vulnerability scans

Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery.

Architecture

The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).

To try PatrOwl, install it by reading the Installation Guide and the User Guide.

Source : Haxf4rall

Previous ArticleNext Article

Send this to a friend