A lot of tool using in DevSecOps pipelines. But DevSecOps process does not include secure configuration of these tools. That's why too many misconfigured DevSecOps tools exist on internet. Also so many security tools used for Phishing or Scanning are available on internet with old versions or misconfigured way or default credentials.
The Radar find DevSecOps or Security tools via Shodan and check their configuration.
Scanned Tools:
- SonarQube
- Check default credential
- Show public projects and details
- Download source codes from selected project
- GoPhish
- Check default credential
git clone https://github.com/ahmetak4n/radar.git
cd radar
go buid radar.goHelp
./radar -h
Scan misconfigured SonarQube services
./radar sonarqube -aK $SHODAN_API_KEY
Scan Gophish services that work run with default credentials
./radar gophish -aK $SHODAN_API_KEY
Find sonarqube services
Download source code from detected sonarqube services
Find gophish services
Radar is developed for InfoSec persons. It should be used for authorized testing and/or educational purposes only. I take no responsibility for the abuse of Radar