stig-cli - A CLI for perusing DISA STIG content Mac, Linux, and Windows Compatible

  •        38

This command line utility is intended to help technical folks more easily read through DISA STIG content. Every single solution that currently exists requires folks to use a UI such as the Java based STIG viewer from DISA or stigviewer.com which updates very slowly, neither are open source AFAIK. This CLI is simple, and while it's built with nodejs it DOES NOT require you to have nodejs on your system nor will it conflict with an pre-exisiting nodejs installed on your system. Unless you install directly with npm -g the bundle you install from will contain a prebuilt node binary which will be used to invoke the CLI (invisible to you, the end user).

https://github.com/defionscode/stig-cli

Dependencies:

@oclif/command : ^1.5.1
@oclif/config : ^1.7.6
@oclif/plugin-autocomplete : ^0.1.0
@oclif/plugin-help : ^2.1.2
@oclif/plugin-update : ^1.3.2
@oclif/plugin-warn-if-update-available : ^1.5.3
chalk : ^2.4.1
cheerio : ^1.0.0-rc.2
cli-ux : ^4.8.2
fast-xml-parser : ^3.12.5
he : ^1.1.1
lokijs : ^1.5.5
moment : ^2.22.2
node-fetch : ^2.2.0
table : ^4.0.3
unzipper : ^0.9.3
wordwrap : ^1.0.0

Tags
Implementation
License
Platform

   




Related Projects

vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

  •    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

scap-security-guide - Baseline compliance content in SCAP formats

  •    Python

The purpose of this project is to create security policy content for various platforms -- Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, and others. Our aim is to make it as easy as possible to write new and maintain existing security content in all the commonly used formats. "SCAP content" refers to documents in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by different organizations to meet their security automation and technical implementation needs. For general use we recommend Source DataStreams because they contain all the data you need to evaluate and put machines into compliance. The datastreams are part of our release ZIP archives.

awesome-windows-domain-hardening - A curated list of awesome Security Hardening techniques for Windows

  •    

A curated list of awesome Security Hardening techniques for Windows. This document summarizes the information related to Pyrotek and Harmj0y's DerbyCon talk called "111 Attacking EvilCorp Anatomy of a Corporate Hack". Video and slides are available below.


quick-secure - Quickly secure UNIX/Linux systems

  •    Shell

Quick NIX Secure Script is used to harden and secure basic permissions and ownership on the fly. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice. Many times in (prod)uction world prior admins harden without automation or towards an industry baseline. This is to help get to a point of standardization and quickly set or reset basic system security.

hardening - DevSec Examples

  •    Ruby

The Hardening Framework combines DevOps with Security. It implements hardening for Puppet, Chef and Ansible. One of the main goals for the Hardening Framework it to provide security as a plug-in mechanism. All modules are implemented as overlay modules and work in conjunction with the corresponding open source module like apache or nginx. This enables you to drop in hardening for your staging and production environments and reuse existing developments.

hardening - Hardening Ubuntu. Systemd edition.

  •    Shell

A quick way to make a Ubuntu server a bit more secure. Tested on 17.10 Artful Aardvark, 18.04 Bionic Beaver and 18.10 Cosmic Cuttlefish (under development).

rails-security-checklist - :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  •    Ruby

This checklist is limited to Rails security precautions and there are many other aspects of running a Rails app that need to be secured (e.g. up-to-date operating system and other software) that this does not cover. Consult a security expert. One aim for this document is to turn it into a community resource much like the Ruby Style Guide.

chef-os-hardening - This chef cookbook provides numerous security-related configurations, providing all-round base protection

  •    Ruby

This cookbook provides numerous security-related configurations, providing all-round base protection. In the current implementation different components are located in the different recipes. See the available recipes or default.rb for possible component names.

stronghold - Easily configure macOS security settings from the terminal.

  •    Python

stronghold is the easiest way to securely configure your Mac. Designed for MacOS Sierra and High Sierra. Previously fortify.

rattlesnakeos-stack - Build your own privacy and security focused Android OS in the cloud on a continuous basis with OTA updates

  •    Go

RattlesnakeOS is a privacy and security focused Android OS for Google Pixel phones. RattlesnakeOS was created initially as an alternative to CopperheadOS, a security hardened Android OS created by Daniel Micay, after it stopped being properly maintained back in June 2018. To be clear, this project is not attempting to add or recreate any of the security hardening features that were present in CopperheadOS. Instead, it is looking to fill a gap now that CopperheadOS is no longer available in its previous form, as there are no real alternatives that provide the same level of privacy and security.

user.js - user.js -- Firefox configuration hardening

  •    Javascript

A user.js configuration file for Mozilla Firefox designed to harden browser settings and make it more secure. Do note that these settings alter your browser behaviour quite a bit, so it is recommended to either create a completely new profile for Firefox or backup your existing profile directory before putting the user.js file in place.

ansible-os-hardening - This Ansible role provides numerous security-related configurations, providing all-round base protection

  •    Ruby

This role provides numerous security-related configurations, providing all-round base protection. It is intended to be compliant with the DevSec Linux Baseline. If you're using inspec to test your machines after applying this role, please make sure to add the connecting user to the os_ignore_users-variable. Otherwise inspec will fail. For more information, see issue #124.

Wazuh - Host and endpoint security

  •    C

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.

Network Security Toolkit (NST)

  •    Javascript

Network Security Toolkit (NST) is a bootable ISO image (Live DVD) based on Fedora 18 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanc

CopperheadOS - A security and privacy focused mobile operating system compatible with Android apps

  •    Java

CopperheadOS is a security and privacy focused mobile operating system compatible with Android apps. It provides Protection from zero-days, Hardened C standard library and compiler toolchain, Hardened kernel, Stronger sandboxing and isolation for apps & services, Firewall & network hardening and lot more.

xss-listener - 🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

  •    Javascript

From now on, you do not need XSS listeners! XSS listener records the data you have stolen on the remote site in the database, and gives instant notification with telegram / slack.

DumpsterFire - "Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events

  •    Python

The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Turn paper tabletop exercises into controlled "live fire" range events. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts. The toolset is designed to be dynamically extensible, allowing you to create your own Fires (event modules) to add to the included collection of toolset Fires. Just write your own Fire module and drop it into the FireModules directory. The DumpsterFire toolset will auto-detect your custom Fires at startup and make them available for use.

vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security

  •    HTML

Vulnreport is a platform for managing penetration tests and generating well-formatted, actionable findings reports without the normal overhead that takes up security engineer's time. The platform is built to support automation at every stage of the process and allow customization for whatever other systems you use as part of your pentesting process. Vulnreport was built by the Salesforce Product Security team as a way to get rid of the time we spent writing, formatting, and proofing reports for penetration tests. Our goal was and continues to be to build great security tools that let pentesters and security engineers focus on finding and fixing vulns.