OpenKAT aims to monitor, record and analyze the status of information systems. The basic premise is that many of the major security incidents are caused by small errors and known vulnerabilities, and that if you can find them in time your systems and infrastructure become a lot more secure.
OpenKAT scans, collects, analyzes and reports in an ongoing process:
OpenKAT scans networks, finds vulnerabilities and creates accessible reports. It integrates the most widely used network tools and scanning software into a modular framework, accesses external databases such as shodan, and combines the information from all these sources into clear reports. It also includes lots of cat hair.
OpenKAT is useful if you want to monitor a complex system and want to know whether it contains known vulnerabilities or configuration errors. Due to its modular structure and extensibility, OpenKAT can be applied in a multitude of situations. You can customize it and put it to your own use.
The high level documentation on OpenKAT explains the purpose and operation of OpenKAT at the management level:
The full documentation of OpenKAT can be found here. It includes information such as:
- Introduction to the system
- Modules
- Guidelines
- Templates
- Technical documentation
The Ministry of Health, Welfare and Sport built the "Vulnerability Analysis Tool" to monitor systems during the pandemic. OpenKAT was built by the ministry's own programmers. Because of the scale and dynamics of the campaign, monitoring had to be automated, flexible and traceable. The structure of the system gives an indication of the possibilities:
OpenKAT is a framework that can be used for information collection, storage and processing. It is so flexible that "the pieces almost fall out": just about everything that can be separated is. Thus, it can respond to new developments and new functions can be included.
The 'Boefjes' retrieve information: they are plugins ranging from a small script or scraper to an external tool running in its own container. If there is a new issue that is not yet covered, create a boefje for it that retrieves the information.
The raw data is stored with a hash and an external timestamp. This allows retrieval of what information was stored at what time. Are there new vulnerabilities coming out for a particular software version? Then it is already known in the system and no separate scanning is required.
In order to process all inputs, data is converted into objects, which fit into a predetermined data model. For example, an IP address is an object, which can be found through various routes and has logical relationships with other objects. The data model can be extended to include all sorts of objects with logical relations.
The package itself searches for information, based on the logical relationships in the data model. The results of the scans in turn lead to new actions, just as the passage of time leads to repetition of previous scans.
The intensity of a scan is determined by the indemnity available. OpenKAT can invoke enough tools to put a heavy load on a system and permission is required to do so. If there is none, information can always be gathered through "third parties" such as with shodan and similar databases.
The results of the analysis are easy to view, by user, organization, object, etc. Reports are available for common questions and easily expandable.
The current release of OpenKAT can be found via the release page on this repository.
OpenKAT includes the following subsystems, which can all be found in the NL-KAT-Coordination repository (aka this one):
| Scheduler: | Mula |
|---|---|
| Datamodel with object types and objects: | Octopoes |
| Front end: | Rocky |
| Raw data storage: | Bytes |
| Boefjes and normalizers: | Boefjes |
OpenKAT is available under the EU PL 1.2 license. This license was chosen because it provides a reasonable degree of freedom while ensuring public character. The EU PL 1.2 license is retained upon further distribution of the software. Modifications and additions can be made under the EU PL 1.2 license or under compatible licenses, which are similar in nature.
The tools addressed by OpenKAT may have their own license, from the OS/S domain or from commercial application. This is the responsibility of the owner of the system addressing these tools. The inclusion of new boefjes in the KAT catalog is governed by a separate agreement.
You can directly participate and be involved in the development of OpenKAT. There is a community around OpenKAT with active developers and organizations working on implementing their own OpenKAT setup. If you want to start slowly, there are nice options:
- Install the system and use it, give us feedback
- Build your own boefjes, whiskers and bits
- Help extend the data model
- Suggest new features
- Submit bugreports as an issue
- Help make OpenKAT available for other operating systems
Through gitpod, anyone (with a github, gitlab account) can quickly start up and test an OpenKAT environment. During this installation, you can enter your own username and password.
Once started, the Rocky interface will be available on the service running on port 8000.
That is most welcome! The coordination of the project lies with the development team at the Ministry of Health, Welfare and Sport, which is open to all contributions. Please get in touch, there are many people working on OpenKAT and combined efforts make the whole system stronger.
You can submit PRs directly via Github, or contact the community manager at meedoen@openkat.nl. Check out the templates and coding guidelines.
OpenKAT uses the following principles for writing code:
- python 3.8
- All code via pull requests with reviews
- Python with PEP8.
- Pylint
- [Black], 120 characters line length:
- Type hinting
- Tests
On Github you will find a development branch. Pull requests can be submitted for review. Based on the development branch, the main branch is fed for production releases. The reviews are done by VWS developers.
If you want your boefje to be included in the KAT catalog, a separate arrangement applies, which we would be happy to tell you about. Send an email to meedoen@openkat.nl.
How can I make sure OpenKAT works on my system? OpenKAT assumes you're running ubuntu or debian, but the community manager got it working under Mac OS X in no time. So feel free to try it and help us with fixes and documentation for installation on your favorite system!
OpenKAT currently supports the following languages:
- English
- Dutch
- Papiamento
Most of the documentation in the software itself is written in English. Some of the general documentation is in Dutch, but we would like to make it available in other languages as well.
There several options to contact the OpenKAT team:
- Direct contact: meedoen@openkat.nl
- Github Discussions
- OpenKAT group on Linkedin (search for OpenKAT)
- IRC: #openkat on irc.libera.chat
- Signal group