Shulou(Shulou.com)05/31 Report--

This article mainly introduces what NERVE is, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

NERVE

We believe that security scanning should be something that needs to be done continuously, and this continuity does not mean every day, every week, every month, or every quarter, we mean every minute! This continuous security scanning method is suitable for the following scenarios:

Suppose you have a dynamic environment, and every minute a new infrastructure may be created.

You want to catch abnormal security issues before anyone else.

You want to build a quick security response

NERVE is developed for the above scenarios, commercial tools are good, but these tools are often very "bulky", not easy to expand, and expensive.

In essence, NERVE is a vulnerability scanning tool that helps researchers find configuration flaws in specific applications, network service buildings, and various unfixed security vulnerabilities.

Detection function of NERVE

Management panels of interest (such as Solr, Django, PHPMyAdmin, etc.)

Subdomain name takeover

Open code base

information disclosure

Obsolete / default Web page

Misconfiguration in services (Nginx, Apache, IIS, etc.)

SSH server

Open database

Open Cache

Catalogue index

Best practice scenario

Note that this tool is not a replacement for tools such as Qualys, Nessus, or OpenVAS, because NERVE cannot perform authentication scanning and can only operate in black box mode.

Tool dependence

NERVE will automatically help us install the corresponding dependent components, in addition, the tool also comes with a Dockerfile for use by the majority of researchers.

Note that root access is required during the initial installation of NERVE.

The dependency services and packages required by NERVE are as follows:

Web Server (Flask)

Redis server

Nmap package (source code or Python nmap library)

HTTP/S access port (can be defined in py file)

The installation script will help us automate the installation and configure everything, but it may take some time if you want to install it yourself.

Tool installation-Docker

Clone the code base:

Git clone git@github.com:PaytmLabs/nerve.git & & cd nerve

Build a Docker image:

Docker build-t nerve

Use an image to create a container:

Docker run-e username= "YOUR_USER"-e password= "YOUR_PASSWORD"-d-p 80V 8080 nerve

Next, open your browser, then visit http://ip.add.re.ss:80, and log in using the login credentials defined in the command earlier.

Server-side installation & configuration of cd / opt/git clone git@github.com:PaytmLabs/nerve.git & & cd nervebash install/setup.shsystemctl status nerve

Next, open your browser, then visit http://ip.add.re.ss:80, and log in using the credentials output in the terminal window.

Tool running

GUI documentation:

API documentation:

Login interface:

Dashboard interface:

Security Assessment configuration:

Scan report:

Network Mapping:

Vulnerability management page:

Log terminal:

HTML report:

License agreement

The development and release of the NERVE project follows the MIT open source license agreement.

Thank you for reading this article carefully. I hope the article "what is NERVE" shared by the editor will be helpful to you. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.