Jackhammer - I Safety Vulnerability Assessment/Management Tool To Solve All The Safety Squad Problems
One Security vulnerability assessment/management tool to solve all the safety squad problems.
What is Jackhammer?
Jackhammer is a collaboration tool built amongst an aim of bridging the gap betwixt Security squad vs dev team, QA squad in addition to existence a facilitator for TPM to empathize in addition to rails the character of the code going into production. It could create static code analysis in addition to dynamic analysis amongst inbuilt vulnerability management capability. It finds safety vulnerabilities inwards the target applications in addition to it helps safety teams to grapple the chaos inwards this novel historic stream of continuous integration in addition to continuous/multiple deployments.
It completely industrial plant on RBAC (Role Based Access Control). There are cool dashboards for private scans in addition to squad scans giving ample flexibility to collaborate amongst dissimilar teams. It is totally built on pluggable architecture which tin live on integrated amongst whatever opened upwards source/commercial tool.
Jackhammer uses the OWASP pipeline projection to run multiple opened upwards source in addition to commercial tools against your code,web app, mobile app, cms (wordpress), network.
Key Features:
- Provides unified interface to collaborate on findings
- Scanning (code) tin live on done for all code management repositories
- Scheduling of scans based on intervals # daily, weekly, monthly
- Advanced imitation positive filtering
- Publish vulnerabilities to põrnikas tracking systems
- Keep a tab on statistics in addition to vulnerability trends inwards your applications
- Integrates amongst bulk of opened upwards source in addition to commercial scanning tools
- Users in addition to Roles management giving greater control
- Configurable severity levels on listing of findings across the applications
- Built-in vulnerability condition progression
- Easy to run filters to review targeted sets from tons of vulnerabilities
- Asynchronous scanning (via sidekiq) that scale
- Seamless Vulnerability Management
- Track statistics in addition to graph safety trends inwards your applications
- Easily integrates amongst a diverseness of opened upwards source, commercial in addition to custom scanning tools
Supported Vulnerability Scanners:
Static Analysis:
- Brakeman
- Bundler-Audit
- Checkmarx**
- Dawnscanner
- FindSecurityBugs
- Xanitizer*
- NodeSecurityProject
- PMD
- Retire.js
Finding difficult coded secrets/tokens/creds:
- Trufflehog (Slightly modified/extended for amend consequence in addition to integration every bit of May 2017)
Webapp:
Mobile App:
- Androbugs (Slightly modified/extended for amend consequence in addition to integration every bit of May 2017)
- Androguard (Slightly modified/extended for amend consequence in addition to integration every bit of May 2017)
Wordpress:
- WPScan (Slightly modified/extended for amend consequence in addition to integration every bit of May 2017)
Network:
Adding Custom (other opened upwards source/commercial /personal) Scanners:
You tin add together whatever scanner to jackhammer inside 10-30 minutes. Check the links/video
Quick Start in addition to Installation
See our Quick Start/Installation Guide if you lot desire to campaign out Jackhammer every bit chop-chop every bit possible using Docker Compose.
Run the next commands for local setup (corporate mode):
git clone https://github.com/olacabs/jackhammer sh ./docker-build.sh
Default credentials for local setup:
username: jackhammer@olacabs.com
password: j4ckh4mm3r
(For unmarried user mode)
sh ./docker-build.sh SingleUser
create signup for accessRestarting Jackhammer
docker-compose halt docker-compose rm docker-compose upwards -d
User Guide
The User Guide volition give you lot an overview of how to run Jackhammer in 1 lawsuit you lot accept things upwards in addition to running.
Demo
Demo Environment Link:
https://jch.olacabs.com/
Default credentials:
username: admin@admin.com
password: admin@admin.com
Credits
Sentinels Team @Ola
Shout-out to:
-Madhu
-Habi
-Krishna
-Shreyas
-Krutarth
-Naveen
-Mohan