Kubebot - Security testing Slackbot
Data Flow
- 1 - API request (tool, target, options) initiated from Slackbot, sent to the API server, which is running as a Docker container on a Kubernetes (K8s) cluster and can be scaled.
- 2 - API server drops the request received as a message to a PubSub Tool Topic.
- 3 - Messages are published to the Tool Subscription.
- 4 - Subscription Worker(s), running as Docker container(s) on the K8s cluster, consumes the message from the subscription. The number of these workers can be scaled as well.
- 5 - Depending upon the tool, target and options received from the end user, appropriate Tool Worker(s) are initiated in the same K8s cluster as Docker containers. Results are stored temporarily on a local directory of that container. Github directory of that tool is cloned.
- 6 - A check is made to see if the generated results file existed or not. If it did not exist, it gets added and changes are pushed to Github. If it exists, files are compared, new file is pushed to Github and only changes are pushed forward to the next step.
- 7 - A webhook from the Tool Worker(s) sends back the changes to Slack. The tool worker(s) are deleted because they are no longer needed.
PS - All the Docker images of the API server, Subscription Worker(s) and Tool Worker(s) are downloaded from Google Container Registry of that GCP account before getting deployed on the K8s cluster.
List of tools integrated so far (This list will keep getting updated as more tools are added. There are some additional tools in the tools folder but they are still being developed.)
- Custom Enumall
- git-all-secrets
- gitrob. Also check gitrob-server for starting the Gitrob server first before you could run the Slash command for the gitrob client.
- git-secrets
- gobuster
- nmap
- subbrute
- sublist3r
- truffleHog
Post a Comment