stalker
stalker copied to clipboard
red-kite-solutions
Stalker, the Extensible Attack Surface Management tool.
The goal is to make sure that everything that was asked is completed. Maybe purge the queue or get it to see if the job that we are about to...
On-boarding process not requiring an administrator to set the password on user creation. 2FA via SMS (convenient) and authenticator app (secure) :sparkles: Watch out for 2FA bypass with the forgot...
The login is vulnerable to password brute-force :sparkles: Invisible captcha + after a couple of tries ask for 2FA always
AC: * Refreshes the flow manager data on a timely basis * Starts jobs to refresh data * Automatically scale the flow manager according to performance metrics :sparkler: Issue is...
Requires: A job that submits potential domains AC: * Tag as mine or not mine * UI to list and quickly accept/deny * If not mine, never ask again, but...
AC: * Can search at least the following fields: * hostname * ip * tags * server * service * Supports regex search for fields * Advanced search UI *...
AC: * Mark job as interesting * When an interesting job reports something new, send an alert via the messaging service
AC: * Add Slack as a way to send notifications and reports * Edit the configuration to reflect the new needs
AC: * Extract keybase service * Create mail service * Expose a messaging API * Update the config UI and service
AC: * Take a screenshot of a RDP server * Store the image for future use * See the image in a host page
Metadata
Owner
Metadata
Stalker, the Extensible Attack Surface Management tool.