Home / easm

Mini EASM Platform (Open Source)

webmaster 

External Attack Surface Management System

  
    
  


Deskripsi
Proyek ini bertujuan membangun sistem **External Attack Surface Management (EASM)** berbasis open source untuk:

- Mengidentifikasi aset (domain/subdomain)
- Melakukan scanning port & service
- Mendeteksi vulnerability (CVE)
- Melakukan tagging risiko (admin panel, EOL, dll)
- Menyajikan dashboard monitoring

Sistem ini dirancang untuk berjalan pada VPS dengan spesifikasi:
- 4 CPU Core
- 8 GB RAM
- OS: Ubuntu Server

Arsitektur Sistem

[Subfinder/Amass] → Asset Discovery ↓ [Nmap / Naabu] → Port Scanning ↓ [Httpx] → Service Validation ↓ [Nuclei] → Vulnerability Scanning (CVE) ↓ [Parser + Tagging Engine] ↓ [Elasticsearch] ↓ [Kibana / Grafana Dashboard]


Teknologi yang Digunakan

## Recon & Scanning
- Subfinder → Enumerasi subdomain
- Nmap → Scan port & service
- Httpx → Validasi HTTP service
- Nuclei → Vulnerability scanner berbasis template

## Data & Visualisasi
- Elasticsearch → Data storage
- Kibana → Dashboard & analitik

## Orkestrasi
- Bash Script → Pipeline automation
- Python → Parsing & enrichment

Instalasi

1. Update Sistem

```bash
sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io docker-compose git jq python3-pip

2. Install Tools (ProjectDiscovery)

go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest

Update template Nuclei:

nuclei -update-templates

3. Install Nmap

sudo apt install nmap -y

4. Deploy Elasticsearch + Kibana

docker-compose.yml

version: '3'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.11.0
    environment:
      - discovery.type=single-node
      - xpack.security.enabled=false
    ports:
      - "9200:9200"

  kibana:
    image: docker.elastic.co/kibana/kibana:8.11.0
    ports:
      - "5601:5601"

Jalankan:

docker-compose up -d

Pipeline Scanning

scan.sh

#!/bin/bash

DOMAIN=$1

echo "[+] Subdomain Discovery"
subfinder -d $DOMAIN -silent > subs.txt

echo "[+] Checking Alive Hosts"
cat subs.txt | httpx -silent > alive.txt

echo "[+] Port Scanning"
nmap -iL alive.txt -p 80,443,8080,8443 -oX nmap.xml

echo "[+] Running Nuclei"
nuclei -l alive.txt -json -o nuclei.json

Parsing & Enrichment

parser.py

import json
import requests

ES_URL = "http://localhost:9200/vuln/_doc"

def tagger(data):
    tags = []

    url = data.get("matched-at","").lower()
    template = data.get("template-id","").lower()

    if "admin" in url:
        tags.append("exposed-admin-panel")

    if "zimbra" in template:
        tags.append("eol-zimbra")

    if "vpn" in template:
        tags.append("vpn")

    return tags

def severity_score(count):
    if count > 5:
        return "critical"
    elif count > 2:
        return "high"
    else:
        return "medium"

with open("nuclei.json") as f:
    for line in f:
        d = json.loads(line)

        cve = d.get("info", {}).get("classification", {}).get("cve-id")

        doc = {
            "host": d.get("host"),
            "template": d.get("template-id"),
            "severity": d.get("info", {}).get("severity"),
            "cve": cve,
            "tags": tagger(d)
        }

        requests.post(ES_URL, json=doc)

Dashboard (Kibana)

Akses:

http://<IP-VPS>:5601

Langkah:

  1. Buat index pattern: vuln
  2. Buat visualisasi:
    • Top CVE
    • Critical hosts
    • Tag distribution
  3. Buat dashboard:
    • "Critical Hosts with Multiple CVEs"
    • "Exposed Admin Panels"

Automasi (Cron Job)

crontab -e

Tambahkan:

0 2 * * * /root/scan.sh target-domain.com

Optimasi Resource

Nuclei

nuclei -rate-limit 50

Nmap

nmap -T4 --max-rate 100

Keamanan & Legal

Penting:

  • Jangan scan tanpa izin
  • Gunakan hanya untuk:
    • aset milik sendiri
    • penetration test legal
    • bug bounty

Pengembangan Lanjutan

Fitur Tambahan

  • Alerting (Grafana / webhook)
  • Integrasi Slack / Email
  • Redis queue (scaling)
  • Multi-target scanning
  • Asset inventory database

Upgrade Tools

  • Naabu (pengganti Nmap lebih cepat)
  • ReconFTW (otomasi penuh)
  • ELK Stack (advanced analytics)

Hasil yang Diharapkan

Sistem ini mampu:

✅ Menemukan subdomain
✅ Scan port & service
✅ Deteksi CVE otomatis
✅ Tagging risiko
✅ Menampilkan dashboard seperti:

Critical Hosts with Multiple CVEs

Kesimpulan

Dengan arsitektur ini, Anda berhasil membangun:

Mini EASM Platform berbasis open source

yang mendekati kemampuan platform komersial, namun tetap:

  • fleksibel
  • transparan
  • gratis

Author Notes

  • Disarankan dijalankan di VPS dedicated
  • Backup data Elasticsearch secara berkala
  • Monitor penggunaan CPU saat scanning

Lanjut ke:
- versi **dockerized full stack (1 command up)**
- atau **template dashboard Kibana siap import (.ndjson)**