GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → appsecco → Owasp Threat Dragon Gitlab

appsecco / Owasp Threat Dragon Gitlab

Licence: apache-2.0
OWASP Threat Dragon with Gitlab Integration

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

security-toolsgitlab

Projects that are alternatives of or similar to Owasp Threat Dragon Gitlab

Threatmapper
Identify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (+2023.53%)
Mutual labels:  security-tools, gitlab
Torbot
Dark Web OSINT Tool
Stars: ✭ 821 (+4729.41%)
Mutual labels:  security-tools
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+4394.12%)
Mutual labels:  security-tools
Sprayingtoolkit
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Stars: ✭ 802 (+4617.65%)
Mutual labels:  security-tools
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+4458.82%)
Mutual labels:  security-tools
Cs Suite
Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
Stars: ✭ 815 (+4694.12%)
Mutual labels:  security-tools
Client
GitLab API v4 client for PHP
Stars: ✭ 763 (+4388.24%)
Mutual labels:  gitlab
Deprecated Patrol Rules Aws
A set of functions implemented using lambda-cfn to monitor an organization's AWS infrastructure for best practices, security and compliance.
Stars: ✭ 16 (-5.88%)
Mutual labels:  security-tools
Brutedet
Generalized proof of concept tool which can be used for drop-in bruteforce protection when needed.
Stars: ✭ 5 (-70.59%)
Mutual labels:  security-tools
Ossa
Open-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+4582.35%)
Mutual labels:  security-tools
Opscloud
运维管理平台(阿里云),自动同步阿里云配置信息,堡垒机(容器),批量运维,Kubernetes,Zabbix管理等功能
Stars: ✭ 788 (+4535.29%)
Mutual labels:  gitlab
Agola
Agola: CI/CD Redefined
Stars: ✭ 783 (+4505.88%)
Mutual labels:  gitlab
Git Repo
Git-Repo: CLI utility to manage git services from your workspace
Stars: ✭ 818 (+4711.76%)
Mutual labels:  gitlab
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+4458.82%)
Mutual labels:  security-tools
Vivalasvenus
@viva_las_venus -- This project is to learn, teach and awareness about privacy and security in the digital life, to build a better, more open and more inclusive world together!
Stars: ✭ 16 (-5.88%)
Mutual labels:  security-tools
Vhostscan
A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, work around wildcards, aliases and dynamic default pages.
Stars: ✭ 767 (+4411.76%)
Mutual labels:  security-tools
Pompem
Find exploit tool
Stars: ✭ 786 (+4523.53%)
Mutual labels:  security-tools
Scala Steward
🤖 A bot that helps you keep your Scala projects up-to-date
Stars: ✭ 812 (+4676.47%)
Mutual labels:  gitlab
Tutoriel Gitlab
Tutoriel GitLab en Français
Stars: ✭ 17 (+0%)
Mutual labels:  gitlab
Marsnake
System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems
Stars: ✭ 16 (-5.88%)
Mutual labels:  security-tools
View All Similar Projects ➔

OWASP Threat Dragon

This project is a fork of the original OWASP Threat Dragon web application by Mike Goodwin with Gitlab integration instead of Github. You can use it with the Gitlab.com or your own instance of Gitlab.

Gitlab will be used as the OAuth provider for authentication and for model storage. For integration with Gitlab, an application must be created in Gitlab. Refer to this for detailed instructions. The Redirect URL is the externally accessible url your users will be redirected to after authentication (Ex: http://192.168.56.100:3000/oauth/gitlab). For local test deployments, you can use http://127.0.0.1:3000/oauth/gitlab.

Environment variables:

  • CLIENT_ID : Application ID of the application in Gitlab
  • CLIENT_SECRET : Application Secret of the application in Gitlab
  • CALLBACK_URL : URL of Threat Dragon Application Gitlab will redirect to aka Reditect URL of your application
  • GITLAB_URL : BaseUrl of your Gitlab instance
  • SESSION_SECRET : Session secret for all user sessions
  • ENCRYPTION_KEY : 256-bit Encryption key used to encrypt the stored sessions
  • PORT: Port in which Threat Dragon Listens on (Default: 3000)

Run a fully automated set up of Threat Dragon and Gitlab using docker:

This is intended for development and testing. Uses run.sh ,apptoken.py to obtain OAuth creadentials from Gitlab and start the application. Gitlab takes a while to startup, so please be patient.

  1. Clone the respository
git clone https://github.com/appsecco/owasp-threat-dragon-gitlab.git
cd owasp-threat-dragon-gitlab
  1. Create .env file like the following
GITLAB_USER=root
GITLAB_PASSWORD=Sup3r_s3cur3_P4ssw0rd
CALLBACK_URL=http://127.0.0.1:3000/oauth/gitlab
APPLICATION_NAME=owasp-td-gitlab
GITLAB_ROOT_PASSWORD=Sup3r_s3cur3_P4ssw0rd
SESSION_SECRET=IO2oifsj029r892ohSFIH9infs
ENCRYPTION_KEY=VvB0iJHbXviWJyRsKeypTjNgxJ6ho8mT
  1. Start the application with automated setup
docker-compose up

Access the applications on your system:

  1. Threat Dragon: http://127.0.0.1:3000
  2. Gitlab Server: http://127.0.0.1:3080

Run using docker with existing Gitlab Server:

  1. Clone the respository
git clone https://github.com/appsecco/owasp-threat-dragon-gitlab.git
cd owasp-threat-dragon-gitlab
  1. Create .env file like the following
GITLAB_URL=https://gitlab.com
CLIENT_ID=5803ee75eac86cf99fcd61cbcb4f6ede2304b84181fd5e3fca356
CLIENT_SECRET=bc2f7f5474e6c9855613a8a2be141dbb2a05f83f5f96855613ab9
CALLBACK_URL=http://127.0.0.1:3000/oauth/gitlab
SESSION_SECRET=IO2oifsj029r892ohSFIH9infs
ENCRYPTION_KEY=VvB0iJHbXviWJyRsKeypTjNgxJ6ho8mT
  1. Build the image and start the container
docker build -t td-gitlab .
  1. Start the container
docker run -p 3000:3000  --env-file .env --name td-gitlab td-gitlab

Visit http://127.0.0.1:3000 to access the application

Run locally without docker:

  1. Clone the respository
git clone https://github.com/appsecco/owasp-threat-dragon-gitlab.git
cd owasp-threat-dragon-gitlab
  1. Setup Environment variables:
export GITLAB_URL=https://gitlab.com
export CLIENT_ID=5803ee75eac86cf99fcd61cbcb4f6ede2304b84181fd5e3fca356
export CLIENT_SECRET=bc2f7f5474e6c9855613a8a2be141dbb2a05f83f5f96855613ab9
export CALLBACK_URL=http://127.0.0.1:3000/oauth/gitlab
export SESSION_SECRET=IO2oifsj029r892ohSFIH9infs
export ENCRYPTION_KEY=VvB0iJHbXviWJyRsKeypTjNgxJ6ho8mT
  1. Install dependencies:
npm install
  1. Start Threat Dragon:
npm start

Visit http://127.0.0.1:3000 to access the application

For documentation on how to use Threat Dragon, refer to the Official Documentation at http://docs.threatdragon.org/

Please feel free to make a pull request or tweet to me @pingsns for improvements and suggestions.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].