SecurityManageFramwork-SeMF

README English | 中文

Introduction

SEMF is a security management platform for enterprise intranet, which includes functions of asset management, vulnerability management, account management, knowledge base management and security scanning automation. It can be used for internal security management.

This platform aims to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management. This software is only used for internal IT asset management, no aggressive behavior. Users are requested to abide by the Network Security Law of the People's Republic of China (http://www.npc.gov.cn/npc/xinwen/2016-11/07/content_2001605.htm). They are not required to use SEMF for unauthorized testing. The authors are not liable for any joint and several legal responsibilities.

If you like it, please click Star. If you don't intend to contribute, don't Fork. The later version of Fork will not automatically update the latest version synchronously. You won't enjoy the pleasure and surprise of the latest version.

The original address of this project: https://gitee.com/gy071089/SecurityManageFramwork

Author:残源

Architecture

posterior : python3 + django2 + rabbitmq

Front-end : layui + bootstarp,

Using Open Source Templates X-admin:http://x.xuebingsi.com/

Characteristic

• User type and privilege information can be customized, and four types of security personnel, operation and maintenance personnel, network personnel and business personnel can be generated in initialization.

• Enterprise IT asset types and asset attributes can be customized in the background and extended as needed.

• Intranet asset discovery and port scanning can be automated

• Complete vulnerability tracking and scanner vulnerability filtering

• Network mapping, for large enterprise intranet and extranet mapping management is complex, reservation function

• Knowledge base management, for security information sharing, is divided into announcement category and popular science category.

• Vulnerability library management, this module docks with cnvd vulnerability Library

• Plug-in-based vulnerability scanning function can be added by itself

• Weak Password Detection for Multiple Protocols

• AWVS (Acunetix Web Vulnerability Scanner) Interface Call

• Nessus (6/7) interface call

Installation

Installation Guide

User Guide

Screenshot

• Login Registration Page
• System Home Page
• Asset management
• Details of assets
• Vulnerability management
• Report Center

Contribution

1. This project is currently only self-maintenance, hope that people with lofty ideals can help improve the system, details can be added to the QQ group, contact the group owner can be.
2. If you have other customization requirements, you can contact me by email at [email protected].