Silver - giosg-flavoured edition

Mass Vulnerability Scanner

Introduction

masscan is fast, nmap can fingerprint software and vulners is a huge vulnerability database. Silver is a front-end that allows complete utilization of these programs by parsing data, spawning parallel processes, caching vulnerability data for faster scanning over time and much more.

Features

• Resumable scanning
• Slack notifications
• Multi-core utilization
• Supports: IPs, CIDR & hostnames
• Vulnerability data caching
• Smart Shodan integration* - disabled in giosg edition by now

*Shodan integration is optional but when linked, Silver can automatically use Shodan to retrieve service and vulnerability data if a host has a lot of ports open to save resources. Shodan credits used per scan by Silver can be throttled. The minimum number of ports to trigger Shodan can be configured as well.

Setup

Downloading Silver

git clone https://github.com/giosg/Silver

Requirements

External Programs

• nmap
• masscan

apt update && apt install -y masscan nmap tmux python3 python3-pip

Python libraries

• psutil
• requests
• jinja2
• slack_sdk
• python-dotenv

Required Python libraries can be installed by executing pip3 install -r requirements.txt in Silver directory.

Configuration

Slack WebHook, Shodan API key and limits can be configured by editing respective variables in /core/memory.py

Setting up Slack notifications

• Create an incoming webhook, https://example.slack.com/apps/manage/custom-integrations
• Copy the incoming webhook url and export / provide on the CLI the env var SLACK_WEBHOOK containing that URL.

Usage

Before you start

⚠️ Run Silver as root and with python3 i.e. with sudo python3 silver.py <your input>

⚠️ Silver scans all TCP ports by default i.e. ports 0-65535. Use --quick switch to only scan top ~1000 ports.

Running as cron

Most probably you'd like to run the app as cron to have e.g. daily reports.
This way, do as follows:

1. Create a directory /secscan

2. Clone the repo there git clone -C /secscan https://github.com/giosg/Silver

3. Create auto update cron config in /etc/cron.d/silver_autoupdate (notice the empty newline in the end, that is on purpose!)

   # Seek for updates from github for silver dir each 10m
   */10 * * * * root /usr/bin/git -C /secscan/Silver pull && /usr/bin/pip3 install -r /secscan/Silver/requirements.txt
   

4. Create the scanning configuration in /etc/cron.d/perform_silver_scan

   SLACK_WEBHOOK="https://hooks.slack.com/services/XXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXX"
   # Perform the security scan on schedule each day
   0 8 * * * root /usr/bin/python3 /secscan/Silver/silver.py -i /secscan/targets.txt -C /secscan/results --cleanup-results --rate 2000 --vuln-cache-file /secscan/Silver/db/vulners_cache.json
   

5. Now put the IPs or subnets to scan to the /secscan/targets.txt and create directory mkdir /secscan/results

6. Enjoy the results in your slack channel