projectbuild72/CyberVille

A research project to assist users to identify and remediate vulnerabilities recurrent in the Windows ecosystem.

Final Year Project

A SaaS Solution to Detect Threats and Vulnerabilities Recurrent in the Windows Home Ecosystem.

Please Note
This application has been produced as part of an academic research project undertaken at the University of Greenwich, and as such, its codebase should not be considered as production ready.

CyberWary Project Overview

The project that this application is associated with explores the inherent risks surrounding the executable-based architecture that forms the foundation of the Windows platform, and the subsequent identification of methods aimed toward the advancement of security awareness for its users. Centred on the research of recurrent threats that it is frequently subjected to, this project encompasses developing a proposed solution utilising a Software as a Service approach to convey critical information associated with users' devices. This repository contains a successfully fabricated product to aid navigate the complexities of software vulnerability identification, browser password storage insecurities and data handling intricacies to deliver a prototype capable of achieving all defined objectives.

Getting Started

Just a reminder, this application forms part of a research project, so use in the real-world is not recommended! The following instructions are for the installation and configuration of an instance of the CyberWary platform; they are not the steps for running a scan using the platform!

Self-Setup and Installation

Minimum Python Requirement (As Tested)

• Python 3.10.4
• PIP 22.0.4

Compatible Operating Systems (As Tested)

• Windows 10 Home (Version 21H2)
• Windows 10 Pro (Version 21H2)
• Windows 11 Home (Version 21H2)
• Windows 11 Pro (Version 21H2)
• CloudLinux 8

Software Setup & Installation Steps

1. This project uses multiple packages from the Python Package Index (PyPI) repository; get these installed first.
1. Please execute pip install -r requirements.txt to install PIP requirements.
2. Rename the file .env.template in your project directory to .env.
3. Connect your installation of the CyberWary platform to a database.
1. If you don't already have one, setup a MySQL database now and get the credentials available.
2. Populate the environment variables contained within your .env file - the ones you're looking for are CYBERWARY_MYSQL_DB, CYBERWARY_MYSQL_USER, CYBERWARY_MYSQL_PASSWORD, CYBERWARY_MYSQL_HOST, CYBERWARY_MYSQL_PORT.
4. Create a secure secret key for your Django installation to use.
1. Generate a random secure string (64 chars, upper & lowercase chars, numbers and symbols recommended) and populate the CYBERWARY_SECRET variable in the .env file.
5. Generate your database structure.
1. Execute the command python manage.py migrate.
6. In a new terminal instance (or in a screen instance - recommended), import common enumeration data.
1. See the Automated Data Import section for further details.
7. Generate a Send Mail API key from SendGrid (or replace mail sending mechanism).
1. See the SendGrid API page to create a key
2. Populate the CYBERWARY_SENDGRID_API_KEY variable in your .env file.
3. Update the CYBERWARY_SENDGRID_EMAIL variable with an email address from a domain authenticated through your SendGrid account.
8. Populate your site information for easy viewing.
1. Populate the remaining variables in your .env file to update various elements of the site; please be sure to remove or replace the contents of cyber_wary_site/templates/pp.html and cyber_wary_site/templates/tos.html.
9. (Optional) Download a copy of the GeoLite2 database.
1. See the MaxMind GeoLite2 page to download a copy of the country and city databases.
2. Populate the CYBERWARY_GEOIP_DIRECTORY variable in your .env file to point to the directory where you extract them.
10. (Optional) Configure Google Javascript Maps API for map rendering.
1. See the Google Maps Platform API page to enable your Google Maps JavaScript API, and obtain a copy of your key.
2. Populate the CYBERWARY_GOOGLE_MAPS_API_KEY variable in your .env file with your key.
11. (Optional) Enable Google OAuth2.
1. See the Google OAuth 2.0 API page to create an application.
2. Populate the CYBERWARY_GOOGLE_CLIENT_ID and CYBERWARY_GOOGLE_SECRET variables in your .env file.
3. When requested, enter the callback URL as {your_url_here}/portal/account/google/login/callback/.
12. (Optional) Enable GitHub OAuth2.
1. See the GitHub OAuth 2.0 API page to create an application.
2. Populate the CYBERWARY_GITHUB_CLIENT_ID and CYBERWARY_GITHUB_SECRET variables in your .env file.
3. When requested, enter the callback URL as {your_url_here}/portal/account/github/login/callback/.
13. (Optional) Enable Microsoft OAuth2.
1. See the Microsoft OAuth page to create an application
2. Populate the CYBERWARY_MICROSOFT_CLIENT_ID and CYBERWARY_MICROSOFT_SECRET variables in your .env file (you may need to go through additional app verification to enable multi tenant users).
3. When requested, enter the callback URL as {your_url_here}/portal/account/microsoft/login/callback/.

Automated Data Import

The CyberWary platform provides a script to automate the process of bulk importing and updating of common enumeration data that is cached in the database; data is imported directly from the data feeds made available by the National Vulnerability Database (NVD), maintained by the National Institute of Standards and Technology (NIST).

Command Usage: python manage.py import_common_data --cpe --cwe --cpe --cve-year 2022

Option	Description
--cpe	Enables the import/update of all Common Platform Enumeration identifiers.
--cwe	Enables the import/update of all Common Weakness Enumeration identifiers.
--cve	Enables the import/update and matching of all identifiers for Common Vulnerabilities and Exposures .
--cve-year {year}	Restricts the --cve import to only import/update CVEs from a single year. Range: 2002 - Current Year

School of Computing and Mathematical Sciences
Faculty of Liberal Arts and Sciences

Project Researcher: William P