Metadata-Version: 2.1
Name: ostorlab
Version: 0.2.6
Summary: Ostorlab Agent and Extensibility CLI and SDK
Home-page: https://github.com/Ostorlab/ostorlab
Author: ostorlab team
Author-email: legends@ostorlab.dev
License: MIT
Project-URL: Documentation, https://docs.ostorlab.co/
Project-URL: Source, https://github.com/Ostorlab/ostorlab
Project-URL: Changelog, https://docs.ostorlab.co/changelog/
Project-URL: Tracker, https://github.com/Ostorlab/ostorlab/issues
Project-URL: Twitter, https://twitter.com/OstorlabSec
Platform: any
Classifier: Development Status :: 4 - Beta
Classifier: Programming Language :: Python
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click
Requires-Dist: docker
Requires-Dist: jsonschema (>=4.4.0)
Requires-Dist: protobuf (>=3.19.4)
Requires-Dist: requests
Requires-Dist: rich
Requires-Dist: ruamel.yaml
Requires-Dist: tenacity
Requires-Dist: sqlalchemy
Requires-Dist: semver
Requires-Dist: markdownify
Requires-Dist: importlib-metadata ; python_version < "3.8"
Provides-Extra: agent
Requires-Dist: Werkzeug ; extra == 'agent'
Requires-Dist: aio-pika ; extra == 'agent'
Requires-Dist: flask ; extra == 'agent'
Requires-Dist: jsonschema (>=4.4.0) ; extra == 'agent'
Requires-Dist: protobuf (>=3.19.4) ; extra == 'agent'
Requires-Dist: ruamel.yaml ; extra == 'agent'
Requires-Dist: tenacity ; extra == 'agent'
Requires-Dist: semver ; extra == 'agent'
Requires-Dist: importlib-metadata ; (python_version < "3.8") and extra == 'agent'
Provides-Extra: testing
Requires-Dist: setuptools ; extra == 'testing'
Requires-Dist: pytest ; extra == 'testing'
Requires-Dist: pytest-cov ; extra == 'testing'
Requires-Dist: pytest-asyncio ; extra == 'testing'
Requires-Dist: pytest-mock ; extra == 'testing'
Requires-Dist: pytest-timeout ; extra == 'testing'
Requires-Dist: requests-mock ; extra == 'testing'

[![PyPI version](https://badge.fury.io/py/ostorlab.svg)](https://badge.fury.io/py/ostorlab)
[![Downloads](https://pepy.tech/badge/ostorlab/month)](https://pepy.tech/project/ostorlab)
[![Ostorlab blog](https://img.shields.io/badge/blog-ostorlab%20news-red)](https://blog.ostorlab.co/)
[![Twitter Follow](https://img.shields.io/twitter/follow/ostorlabsec.svg?style=social)](https://twitter.com/ostorlabsec)

# Ostorlab Open-Source Security Scanner

![Scan Run](images/scan_run.gif)

## The Sales Pitch

If this is the first time you are visiting the Ostorlab Github page, here is the sales pitch.

Security testing requires often chaining tools together, taking the output from one, mangling it, filtering it and then
pushing it to another tool. Several tools have tried to make the process less painful with limited success. Ostorlab addresses the same
challenge by simplifying the hardest part and automating the boring and tedious part.

To do that, Ostorlab focuses on the following:

* __Ease of use__ with simple one command-line to perform all tasks
* __Developer Experience__ through project documentation, tutorials, SDK and templates
* __Scalability and Performance__ by using efficient serialisation format and proven industry standard for all of its components


To do that, Ostorlab ships with:

* A simple, yet powerful SDK to make simple cases effortless while supporting the complex one, like distributed locking,
  QPS limiting, multiple instance parallelization ...
* A battle-tested framework that has been powering Ostorlab Platform for years and used to perform complex dynamic
  analysis setup and demanding static analysis workloads running on multiple machines.
* Performant and scalable design, thanks to the use of message queue with dynamic routing, binary and compact message
  serialisation with protbuf, universal file format using docker image, resilient thanks to docker swarm mode to cite a
  few
* A store of agents that make is to use and discover tools to add your toolset
* An automated builder to take the hassle away of building and publishing.
* A GUI to prepare and write down your tool collection setup
* Focus on documentation, multiple tutorials and upcoming videos and conference presentations
* A ready to use one-click template repo to get started.

# Requirements

For some tasks, like running scans locally, Docker is required. To install docker, please see the following
[instructions](https://docs.docker.com/get-docker/).

# Installing

Ostorlab is shipped as a Python package on Pypi. To install, simply run the following command if you have `pip` already
installed.

```shell
pip install -U ostorlab
```

# Getting Started

To perform your first scan, simply run the following command:

```shell
ostorlab scan run --install --agent agent/ostorlab/nmap --agent agent/ostorlab/openvas --agent agent/ostorlab/tsunami --agent agent/ostorlab/nuclei ip 8.8.8.8
```

This command will download and install the following scanning agents:

* `agent/ostorlab/nmap`
* `agent/ostorlab/tsunami`
* `agent/ostorlab/nuclei`
* `agent/ostorlab/openvas`

And will scan the target IP address `8.8.8.8`

To check the scan status:

```shell
ostrlab scan list
```

Once the scan has completed, to access the scan results:

```shell
ostorlab vulnz list --scan-id <scan-id>
ostorlab vulnz describe --vuln-id <vuln-id>
```

# The Store

Ostorlab lists all agents on a public store where you can search and also publish your own agents.

![Store](images/store2.gif)

In addition, the store, a graphical agent group builder is also available to compose multiple agents and see how
they would interact with each other.

![Store](images/store.gif)

The builder also helps with generating the agent group YAML file to set special arguments that can be passed to agents
to control their behavior.

![Build](images/agent_group.gif)

# Publish your first Agent

To write your first agent, check out the full tutorial [here](https://docs.ostorlab.co/tutorials/write-an-ostorlab-agent/).

Once you have written your agent, you can publish it on the store for others to use and discover it. The store even
handles agent building and will automatically pick up new releases from the git repo.

![Build](images/build.gif)


