/electrosphere

Electrosphere is a amazing microservice for registering vulnerabilities found by nuclei on Conviso Platform. Developed by rd-team

Primary LanguageRubyMIT LicenseMIT

logo_header

About

Electrosphere was built to help developers and security analysts who use the Conviso Platform to manage their vulnerabilities.

The purpose of this microservice is to register, in a simple and easy way, vulnerabilities found by nuclei on Conviso Platform. This application was Developed by rd-team.

About Conviso

Conviso is a SaaS company focused on application security with the purpose of empowering development professionals to build secure applications. For this, we created the Conviso Platform - a platform that supports the entire secure development cycle and is composed of five products:

Secure by Design - Perform threat modeling and define requirements (ASRTM).

Secure Pipeline - Bring dedup and Security Tools Orchestration into your pipeline (ASOC).

Attack Surface - Identify, test, and monitor your External Attack Surface (EASM).

Protection as a Code - Developers are responsible for managing effective protections via WAF.

People & Culture - Empower your teams with the practice of code challenges contextualized and based on your team's main gaps.

Learn all that Conviso Platform can do for your company »

Getting started

Requirements

  • Docker You need Docker installed in your machine in order to run Electrosphere.

Installing Electrosphere

Clone repository

  git clone https://github.com/convisolabs/electrosphere.git 
  cd electrosphere

Build docker image

  docker build -t electrosphere .

Usage

CLI Usage

Electrosphere uses the nuclei output in JSONL(ines) format to register vulnerabilities in the Conviso Platform.

To generate the output correctly use the following command:

  nuclei -u $HOST -t $TEMPLATE -json -irr -o nuclei_output.json

Important: Do not change or format the nuclei output

Options

  docker run --rm -v $(pwd):/workspace -v /tmp:/tmp electrosphere  -h

Alt text

Demos

Demo running in homologation environment

  docker run --rm -v $(pwd):/workspace -v /tmp:/tmp electrosphere  -k $X_API_KEY -p $PROJECT_ID -i nuclei_output.json -e hml

Alt text


Documentation

You can find Conviso Platform's documentation on our website.

Contributing

Contributing to open source is more than just providing updates, it's also about letting us know when there is an issue. Read our Contributing Guidance to learn more.

We accept different types of contributions, including some that don't require you to write a single line of code.

Security

For any security issues or concerns, please see our Security Policies file in this repository.

Help and support

Your help and feedback is always welcome! If you find an issue let us know, either by clicking the Create Issue on any of the website pages, or by directly opening an issue here in the repo.

You can connect with us and other contributors through the DevSecOps Community on Discord. You're welcome!

License

This work is licensed under the MIT License.

And that 's it!

Thanks for all your contributions and efforts towards improving this work. We thank you for being part of our community!