Recently, I’m concentrate on my side project called “Open EASM”. I’d like to talk about it today.
What is Open EASM?
I think Open EASM is a knowledge base of cyberspace.
TI (Threat Intelligence) is a great successful security product. It is some kind of knowledge base for blue team, can answer questions to blue team such as:
- Is the ip a normal ip or a bad ip?
- Is this ip attack someone?
- What is the ip latest activity?
- …
For attackers or Red Team, they are welling to know what assets do a company have and exposed in the internet. some ti can do this. But there is a big problem for current ti product: It contains lots of out-dated data.
So Open EASM wanner to build a nearly realtime knowdebase for the internet or for some company.
What will the knowlede base contains?
There are at least 5 importent entities and 1 security check module for the knowlede base.
5 entites
- company
- domain (fld)
- sub-domain
- ip(or cidr)
- open port and banner
1 security check module
The security check module will act as a human security researcher. It‘s a expert system. Such as :
- When banner contains keyword show there a redis unauth issue. I’ll act like a human to do a check. if succeed, then send a mail/notify to system manager. One ip address is affected by redis-unauth issue. it belown to xxxx company….
- When there is a 0day or 1day public. the module can search the database and then scan the asset that might be affected by the vuln. and send report to system manager.
Importently, All runs in full-automation. where ever the system manager are. Open EASM can always output the right issue (with zero false alarm).
What would you take to develop it?
In short, time & money.
I think it would takes at least 6 month for the volunteers to develop it and show a demo. The volunteers takes no reward, the major speeding will be on servers.
Open EASM has been cooperated with some bounty project ^_^. Low cost server would not be a problem now.
When will you release the alpha version?
There are lots of problems to solve. I’ll work hard with my volunteer members and release the alpha version asap. If every things goes well, I’ll release it in 4 month, before 2024.01.01.
Why do you call it “Open” EASM?
I’ll make every things open in long term. Including the data and algorithm and also, the code.
But in short term, Open EASM would be a SAAS based platform. In my opinion, E(External)ASM is born to be in public cloud and act as a saas platform.
Let’s waiting for the alpha version!