SocGPTBot is a command-line tool designed to assist security analysts with various tasks related to Wazuh OSSEC. This Python-based application provides a menu-driven interface to search for Wazuh OSSEC information, analyze logs, and gather various data from an agent, including running processes, ports information, packages, and more.
- Search Wazuh OSSEC Information: Retrieve and display information related to Wazuh OSSEC.
- Analyze Logs: A placeholder for future log analysis capabilities.
- Get Running Processes from Agent: Fetch and display the list of running processes from an agent.
- Get Ports Information from Agent: Fetch and display the ports information from an agent.
- Get Packages Information from Agent: Fetch and display the packages information from an agent.
- Get Agent Information: Fetch and display general agent information.
- Get Agent Network Protocols: Fetch and display network protocol information from an agent.
- Get Agent Hardware: Fetch and display hardware information from an agent.
- Exit: Exit the application.
- Python 3.7 or higher
gpt4allcursesrequests
Creating a virtual environment ensures that your project dependencies are isolated from your system-wide Python packages. Here are the steps to create and activate a virtual environment:
# Create a virtual environment
python -m venv socgpt_env
# Activate the virtual environment (Linux/MacOS)
source socgpt_env/bin/activate
# Activate the virtual environment (Windows)
socgpt_env\Scripts\activateAfter activating the virtual environment, you need to install the required dependencies. The dependencies are listed in the requirements.txt file.
# Install the dependencies
pip install -r requirements.txtEnsure your requirements.txt includes the following packages:
gpt4all
requests
After setting up the virtual environment and installing the dependencies, you can run the application using the following command:
python socgptbot.pyThe main class SocGPTBot initializes the curses interface and provides methods to handle various tasks. Here's a brief overview of the primary methods:
__init__(self, stdscr): Initializes the curses interface and sets up the menu options.display_menu(self): Displays the main menu with options.search_wazuh_ossec(self): Placeholder for searching Wazuh OSSEC information.analyze_logs(self): Placeholder for analyzing logs.get_jwttoken(self): Retrieves the JWT token required for making API requests.get_running_processes(self): Fetches the running processes from the agent.get_running_ports(self): Fetches the ports information from the agent.get_running_packages(self): Fetches the packages information from the agent.get_agent_info(self): Fetches general agent information.get_agent_netproto(self): Fetches network protocol information from the agent.get_agent_hardware(self): Fetches hardware information from the agent.display_json_pretty(self, data): Displays JSON data in a readable format using curses.run(self): Main loop that handles menu navigation and option selection.
The entry point of the application is the main(stdscr) function, which initializes the SocGPTBot and starts the main loop.
- The API requests in the methods like
get_running_processes,get_running_ports, etc., are directed at a local Wazuh OSSEC server (https://localhost:55000). Ensure that your Wazuh OSSEC server is running and accessible. - The
curseslibrary is used for creating a text-based user interface. It may behave differently on various operating systems. Testing on the target environment is recommended. - The
analyze_logsandsearch_wazuh_ossecmethods are placeholders and need to be implemented according to your specific requirements. - Be cautious with the SSL verification being set to
Falseinrequestscalls. This is not recommended for production environments.
For any further questions or issues, feel free to reach out to the maintainer or consult the documentation for the respective libraries used in this project.