/ostorlab

Ostorlab is security scanning platform that enables running complex security scanning tasks involving multiple tools in an easy, scalable and distributed way.

Primary LanguagePythonApache License 2.0Apache-2.0

PyPI version Downloads Ostorlab blog Twitter Follow

Ostorlab Open source

Ostorlab is a security scanning platform that enables running complex security scanning tasks involving multiple tools in an easy, scalable and distributed way.

Ostorlab provides:

  • CLI to run scans locally and on Ostorlab's Cloud and access the results.
  • SDK to build scanner components called Agents.
  • Store to publish Agents and share them with the community.
  • Automated Agent builder that takes care of automatically building and releasing Agents directly from the source code repo.

Requirements

For some tasks, like running scans locally, Docker is required. To install docker, please see the following instructions.

Installing

Ostorlab is shipped as a Python package on Pypi. To install, simply run the following command if you have pip already installed.

pip install -U ostorlab

Getting Started

To perform your first scan, simply run the following command:

ostorlab scan run --install --agent agent/ostorlab/nmap --agent agent/ostorlab/tsunami --agent agent/ostorlab/nuclei ip 8.8.8.8

This command will download and install the following scanning agents:

  • agent/ostorlab/nmap
  • agent/ostorlab/tsunami
  • agent/ostorlab/nuclei

And will scan the target IP address 8.8.8.8

To check the scan status:

ostrlab scan list

Once the scan has completed, to access the scan results:

ostorlab vulnz list --scan-id <scan-id>
ostorlab vulnz describe --vuln-id <vuln-id>

Publish your first Agent

Check the full tutorial writing an Ostorlab agent