Malinkundang is Backend for Sangkuriang Project, A security analyzer tools You find the Frontend in https://github.com/Proyek-Sangkuriang/sangkuriang (STILL IN DEVELOPMENT)
- Python FastAPI backend.
- MongoDB database.
- JWT Authentication
- OWASP ZAP
- Spider mode
- NMAP
- Top 200 open ports
- Chaos
- Enumerate subdomains
Please install all folowing dependencies to run all the feature in malinkundang
- NMAP - https://nmap.org/download.html
- MongoDB - https://github.com/Proyek-Sangkuriang/purbasari/tree/master/mongo-db
- OWASP ZAP - https://github.com/Proyek-Sangkuriang/purbasari/tree/master/owasp-zap
Clone this repository and make a virtual environment in it. Install the modules listed in the requirements.txt
file:
pip3 install -r requirements.txt
To run the starter:
First, set your PYTHONPATH
:
export PYTHONPATH=$PWD
Next, Put the output of this comman into .env
file with variable name SECRET
openssl rand -hex 32
Run the app :
python3 run.py
The starter listens on port 1337 on address localhost:1337.
Please refer to http://localhost:1337/docs to check all API route and test it.
Create Database with name Sangkuriang
in your MongoDB and import sample collection thet you can find in database/admins.json
Default credentials for login in /admin/login/
:
"username": "[email protected]" "password": "#Sangkuriang-2k21!"
http://localhost:8000/scan/nmap/{target}/top-port
http://localhost:8000/scan/zap/{target}/spider
http://localhost:8000/scan/subdomains/{target}
To deploy to Heroku, connect your repository to the Heroku application and deploy the branch master.
Ensure you add the environment variable MONGO_DETAILS
in your application's settings.
To build a docker image for this boilerplate, create a duplicate .env
file but with name env
. Next, build an image:
docker build -t sangkuriang-backend .
The command above builds an image that can be deployed. To run the image in a container:
docker run --env-file env -d --name sangkuriang-backend -p 1337:1337 sangkuriang-backend:latest
Fork the repo, make changes and send a PR. We'll review it together!
Please put your module in the server/modules
directory then make sure the module only accepts 2 input, which is target
and supporting arguments
, the module output should be in JSON Format
which will then be parsed by the output parser to match the report to be generated.
Please put your new module in server/routes/scan.py
with following format /<MODULE_NAME>/{target}/<MODULE_OPTIONS>
, see existing modules route for example.
-
Add a simple bash script file that runs the installation process.
-
Multiple Authentication
-
Add Dockerfile
-
Deploying to Heroku
-
Write a concise README
-
Add OWASP ZAP module for normal mode
-
Add Subdomain enumeration module
tested by @arkwrn :
- OS : MacOS Catalina 10.15.7
- Database : https://github.com/Proyek-Sangkuriang/purbasari/tree/master/mongodb
- Python : 3.7.2
This project is licensed under the terms of MIT license.
Email : [email protected]
@Youngestdev : Providing FastAPI template