A extensive solution to prevent security credential leaks, at response phase of a request-response cycle.
- SecurumExireSignalServer - Signal Server Implementation
- exirectl - Securum Exire Controller Implementation
- SecurumExireBot - Securum Exire Bot Implementation
- traefik-plugin-securum-exire - Securum Exire Telegram Bot Implementation
- Telegram Bot to notify of leaks.
- Fast and Effective Algorithm to find credentials in a particular response.
- System synchronisation for credentials available on the system.
- Signal server to communicate with the telegram bot server.
- JWT key exchange
- Service discovery for signal server and leaks scanner server
- Environment variable scraping cli
- Rust
- Golang
- Traefik
- Redis
- Telegram Bot
- Extract the contents of installer.tar.gz
command:
tar -xvf installer.tar.gz
- Change the permissions for install.sh
command:
chmod +x install.sh
-
Get the BOT UID and BOT SECRET from telegram bot Securum Exire bot
-
Expose a port to public internet OR install ngrok (preferred for new users)
-
Get public webhook ready.
-
METHOD 1 (if you have a exposed port of your operating node):
the webhook address will be:
http://<YOUR_PUBLIC_IP>:10000- METHOD 2 (ngrok method):
command:
ngrok http 10000
the webhook is the NGROK URL provided to you by ngrok cli
-
-
Run the script
./install.sh
- Go to secumum exire install location
cd $HOME/securum_exire
- Start the service
./startup.sh
- Check the logs with
tail -f <LOCATION_PROMPTED_BY_STARTUP_SCRIPT>
-
Service is up and running.
-
Use the traefik-plugin-securum-exire with traefik to utilize the service.
- If the contents of
$HOME/.securum_exire/credentials.jsonare empty you can run the following command to populate the file with required credentials.
./securum_exire -o <PATH_TO_SCAN> -p ~/.securum_exire
Credentials written at path [/Users/mayankk/go/src/credentials.json]|
Mayank Kumar
|
Made with ❤️ by DSC VIT