fringe-runner

command module

v0.0.0-...-656a664 Latest Latest Go to latest Published: Sep 24, 2020 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fringeproject/fringe-runner

Links

Open Source Insights

README ¶

Fringe Runner

fringe-runner is a tool to fetch new assets over the wire and add it the FringeProject.

Installation

To easy-install the binary run the following command:

go get github.com/fringeproject/fringe-runner

If you want to install manually or for an other environment, please read the documentation here

Docker

A Docker image of the latest build is available on DockerHub:

docker run -it --rm fringeproject/fringe-runner:latest <cmd>

You can also build the image yourself:

docker build .
---> <image_id>
docker run -it <image_id> <cmd>

How to use

Configuration

The configuration of fringe-runner is store in a YAML file config.yml. Please check the config.yml provided in the repository and the documentation for more information.

Module

This command interacts with the fringe modules.

You can list the modules with -L/--list-modules:

fringe-runner module --list-modules | jq

You can execute a module manually:

fringe-runner module -m module_slug -a asset_value

The asset argument can also be a file containing assets to execute the same module on all the assets from the file.

fringe-runner module -m crtsh -a assets.txt

Parse a local file

This command parse a file separated by new lines:

fringe-runner parse -p <file_path> | jq ".[].value"

Use cases

Get website technologies with Wappalyzer

You want to use the wappalyzer module on a URL to identify technologies on a website:

fringe-runner module -m wappalyzer https://fringeproject.com | jq .[].value

This will returns a list of technologies and their versions.

Take screenshots a list of hostnames

The file hostnames.txt contains a list of hostname (1 by line) and you want to take a screenshot of the webservers runnings on those:

First, configure the screenshot renderer (see config.yml) then type the following command:

fringe-runner module -m http-probe -a hostnames.txt -w workflows/screenshot.yml

The runner execute the module http-probe on each line of the hostnames.txt file. This module checks for web-servers on HTTP (80) and HTTPS (443). Then the workflow screenshot.yml take a live screenshot for every listening web-server.

Available modules

Here is a list of module's slugs available to query public resources:

alienvault
bufferover
censys: need API key (censys_api_id) and secret (censys_api_secret)
certspotter: API key is not supported yet
crtsh
dnsdumpster: API key is not supported yet
github-subdomains: need API token (github_api_token)
hackertarget
securitytrails: need an API key sets as securitytrails_api_key
shodan: may use an API key sets as shodan_api_key
sublist3r
threatcrowd
threatminer
urlscan
virustotal: use the unofficial API (ui)
whoisxmlapi: need API key (whoisxmlapi_key)
yougetsignal

The following modules are still in progress:

nessus: Add a new scan to a module instance (nessus_endpoint, nessus_username and nessus_password)

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
commands
common
modules
alienvault
awss3
backup
bufferover
censys
certspotter
cloudflare
cors
crtsh
dnsdumpster
docker
elasticsearch
git
github
hackertarget
httpprobe
ipinfo
kafka
kubernetes
nessus
nmap
openredirect
securitytrails
shodan
sslstriper
sublist3r
takeover
threatcrowd
threatminer
tor
urlscan
virustotal
wappalyzer
wayback
webscreenshot
whoisxmlapi
yougetsignal
network

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL