Chowkidar is an innovative platform designed to simplify and automate security testing for users. It empowers users to easily detect vulnerabilities within their website and provides detailed reports with actionable information. By leveraging Chowkidar Scanner and advanced automation techniques, Chowkidar ensures comprehensive security assessments without the need for extensive manual intervention.
-
Automated Security Testing:
- Users can initiate security scans by simply inputting their project name and website URL.
- The platform handles the execution of various security tests using a suite of open-source tools.
-
Vulnerability Detection:
- Chowkidar scans for a wide range of vulnerabilities, including common issues like DoS Attack, POODLE, SWEET32, LOGJAM, Wordpress vulnerabilities and many more
- Continuous updates to the scanning tools ensure the detection of the latest threats.
-
Detailed Reporting:
- Users receive detailed PDF reports that outline detected vulnerabilities, their severity, and potential impacts.
- Each report includes actionable recommendations to help users address and mitigate identified risks.
-
User-Friendly Interface:
- The platform is designed with simplicity in mind, making it accessible to users with varying levels of technical expertise.
- An intuitive dashboard provides a clear overview of scan results and progress.
- Users receive email notifications upon completion of a scan, informing them of the results and providing a link to get the detailed report.
-
Customizable Scans:
- Users can configure scan parameters to tailor the testing process to their specific needs.
- Docker
- Chowkidar Scanner Ensure it is properly set up.
- Clone the repository:
git clone https://github.com/Geni-Wazir/chowkidar.git
- Create config file to add admin email and number of worker
config.ini
.
[APP]
admins = ['admin.email@gmail.com']
[WORKER]
containers = 2
The containers
setting specifies how many scans can run simultaneously, with the rest being queued.
-
Get Google Client ID and Client Secret for setting up OAuth.
- Add
http://localhost/auth/callback
under the Authorised redirect URIs
- Add
-
Enable 2FA in your Gmail Account and generate an App passwords for email configration
-
Create
.env
file to setup all the environment variables.GOOGLE_CLIENT_ID=google-client-id GOOGLE_CLIENT_SECRET=google-secrate-key SECRET_KEY=random-secrate-key SCANNER_SECRET_KEY=random-secrate-key-for-scanner MAIL_USERNAME=your-email@gmail.com MAIL_PASSWORD=generated-app-password
-
Build the docker image
docker compose up
-
Visit
http://localhost
-
Login with your Admin Account to add all the templates
-
Add new Audit
http://localhost/audits/new
-
Control your audits conveniently by initiating, stopping, and deleting them all from a single location
http://localhost/audits
. -
Get list of all discovered vulnerabilities
http://localhost/audits/demo/vulnerability
. -
Analyze the raw output generated by the open-source tools.
http://localhost/audits/demo/scan-output
Contributions to chowkidar are welcome! If you encounter any bugs, have feature requests, or would like to contribute code improvements, please follow the following guidelines.
- Fork the Repository: Begin by forking the chowkidar repository to your GitHub account.
- Create a Branch: Create a new branch for your work to keep your changes separate from the main codebase.
git checkout -b feature-name
- Commit Your Changes: Make your changes and commit them with clear commit messages.
git commit -m "Your commit message"
- Push Your Changes: Push your changes to your fork.
- Open a Pull Request: After pushing your changes to your fork, proceed to open a pull request against the main chowkidar repository. Make sure to include a concise description of your modifications and explain why they are essential.
This project is licensed under the MIT License.