Introduction
This new release of OpenKAT includes many small and large updates: OpenKAT has become easier to install, use and maintain. One of the main novelties is Keiko, the reporting module. We also introduced container images based on a GitHUB action, introduced a settings scheme for Boefjes and removed Flower from the system. Read the full changelog to see all the work that has been done. We look forward to comments on this release, here on GitHUB or by email @ meedoen@openkat.nl.
IMPORTANT
Before using this update, delete your .env file in the main directory and prune docker, or make sure that your .env contains all new variables (KEIKO_API is new and required to make reports, also, USE_SCHEDULER=1 should be added).
Summary
Keiko
Keiko is a new module added to KAT responsible for creating informative reports in LateX. In this version, you can check out some of Keiko's capabilities by going to a findings report and clicking on the generate PDF report button. By using Keiko, we will be able to create different and more versatile reports in the future which will become one of KATs most important features.
Containers
In this version, people that want to use KAT without actively developing it can use pre-built containers which are built using GitHub workflows. This saves a lot of time and risks of compiling errors.
Celery and Flower
As Flower is not actively maintained we decided to remove KATs dependency on it. Previously, jobs were placed in a celery queue by the scheduler and the Boefjes would use that queue to know what to do. Since this release, the Boefje runner pops directly from the scheduler's queue. Not only is this method more secure (flower contained some vulnerabilities), but it also opens up the possibility for Boefjes to pop only jobs that they are capable of running. Think of two Boefje runners of which only one has access to IPv6.
Boefje settings
In this version, we laid the foundation of settings for Boefjes. For example, API keys, endpoints, but also "how many ports should NMAP scan?". Settings can be set per boefje, per organisation. In the next version, those settings will be fetched by the runner and injected into the Boefje job. Also, minimal settings for a Boefje to run will be added.
Model changes
For ease-of-use purposes we added a URL discovery bit, enabling users to also choose Hostnames as "starting points" instead of only URLs. Also, Subject Alternative Names were added to the Certificate object removing false positives that we were made aware of by the community.
Full Changelog
Coordination
What's Changed
- Update boefje entrypoints by @Donnype
- Add
make checkout branch=xcommand by @reincode050 - feat(keiko): implement keiko in env, docker and makefile by @Lisser
- feature(keiko): update entrypoint by @Lisser
- Build production suitable container images in CI by @dekkers
- Run build-rocky-frontend outside docker by @dekkers
- refactor(keiko): change keiko api invocation by @Lisser
- Remove celery by @Rieven
- Use local octopoes when developing by @dekkers
New Contributors
- @dekkers made their first contribution
Rocky
What's Changed
- Robot framework implementation by @Reinaard
- Add note for SMTP by @Rieven
- Bug fix by @Rieven
- Implement PR and issue templates by @reincode050 in
- Implement baseline Python linters on Rocky by @reincode050
- feat(): Remove inline JS and add separate script to handle this by @TwistMeister
- Filter boefjes on object detail when scan level exceeds objects clearance level by @TwistMeister
- Change django password requirements to allow rdo-default by @sigio
- More functional Robot tests by @reincode050
- Remove 90% confidence lines by @reincode050
- Initial GA translation check by @reincode050
- Celery to scheduler by @Rieven
- Send Content-Security-Policy header using django-csp by @dekkers
- Add autocomplete to token field of form by @Rieven
- General settings for KAT-alogus by @Rieven
- Beautified Health Checks by @Rieven
- feat(keiko): add option to generate pdf report by @Lisser
- Refactoring CSV upload for Hostname, IPAddressV4, IPAddressV6 by @Rieven
- Password fixes for Robot tests by @reincode050
- Build production suitable container images in CI by @dekkers
- Fix collectstatic and by @dekkers
- Fix upgrading deb package by @errieman
- Enable uwsgi thunder lock to workaround bug by @dekkers
- Make password settings configurable using env variables by @dekkers
- Use local boefjes and octopoes when developing by @dekkers
- More features added to Task List by @Rieven
- Feature/settings per boefje by @Rieven
- remove inline JS by @Rieven
- Feature/translations by @Rieven
New Contributors
- @Reinaard made their first contribution
Mula
What's Changed
- Fix pylint suggestions by @jpbruinsslot
- Add commit to update by @jpbruinsslot
- Start database session for every method by @jpbruinsslot
- Remove obsolete sesssion by @jpbruinsslot
- Build production suitable container images in CI by @dekkers
- Support using Postgres as database by @dekkers
- Fix upgrading deb package by @errieman
- Remove references to dispatcher by @jpbruinsslot
New Contributors
- @dekkers made their first contribution
Bytes
What's Changed
- Build production suitable container images in CI by @dekkers
- Add log statements in log manager by @Donnype
- templated repos url in changelog by @errieman
- Requirements bump by @Donnype
- Fix debian package upgrade by @errieman
- Reconnect and retry basic_publish on pika.exceptions.ConnectionClosed by @Donnype
- Longer plugin_id, normalizer_name and boefje_id character fields by @Donnype
New Contributors
- @dekkers made their first contribution
Boefjes
What's Changed
- Build production suitable container images in CI by @dekkers
- Remove removed boefje requirements.txt from Dockerfile by @dekkers
- Update requirements.txt by @underdarknl
- Deb upgrade fix by @errieman
- Feature/create org on request by @noamblitz
- Feature/pop from scheduler pq worker update by @Donnype
- Add plugin_id parameter and filter on it for the all() method. by @Donnype
- Cherry picked local octopoes by @Donnype
- Add certificate subject alternative names to certificate boefje by @noamblitz
- Longer plugin_id, normalizer_name and boefje_id character fields by @Donnype
New Contributors
- @dekkers made their first contribution
Octopoes
What's Changed
- Release 2.4.0 by @noamblitz
- Fix debian package upgrade by @errieman
- fix(netblock model): fix human-readable by @Lisser
- fix path to debian build script by @errieman
- Main by @noamblitz
- fix netblock human_readable by @Lisser
- Fix openapi schema endpoint by @dekkers
- Build production suitable container images in CI by @dekkers
- Add makefile and debian package target by @errieman
- remove nginx dep from deb by @errieman
- URL discovery bit by @noamblitz
- Add certificatealternativenames and make bits work by @noamblitz
New Contributors
- @dekkers made their first contribution