-
Notifications
You must be signed in to change notification settings - Fork 106
Usage
After starting the docker images go to: https://localhost:3000/ (or http://localhost:3000 if not using SSL)
You have to specify a password for your envizon instance. You can change it in the settings interface after logging in.
On the scan interface you can run a new network scan with preconfigured parameters or your own nmap fu. You also have the possibility to upload previously created nmap scans (with the -oX
parameter).
The scans are divided into smaller ones automatically to reduce the waiting time for results.
To specify scan destinations, you can use host names or IP addresses. IP addresses can be specified with or without subnet mask or CIDR prefix. To specify ranges, the individual parts of the IP can be separated with -
or ,
. These can be combined as desired. If the range is written out in full, only a -
is permitted. Possible values as targets are:
scanme.nmap.org
192.168.1.1
192.168.1.0/24
192.168.1.0/255.255.255.0
192.168.1.1-192.168.1.10
192.168.1.1-192.168.10.254
192.168.1.0-192.168.10.0/24
192.168.1.0-192.168.10.0/255.255.255.0
192.168.1.1-10
192.168.1-10.1-10
192.168.1-10.0/24
192.168.1-10.0/255.255.255.0
192.168.1,2.1
192.168.1,2.1-10
192.168.1,2.0/24
192.168.1,2.0/255.255.255.0
The group interface is the heart of envizon. You can select, group, order, quick search, global search, move, copy, delete and view your clients. The left side represents the group list. If you click on a group you will get a detailed view in the center of the page with the group content. Each client in a group has a link. By clicking on the IP address you will get a more detailed view on the right side with all attributes, labels, ports and nmap output. The group buttons are not tooltipped anymore so try to explore yourself all group actions ;)
In commit https://github.com/evait-security/envizon/commit/3d65e213e6565616ffd7591b4ad0e529dfe15dda we introduce some functions which are accessable via common keyboard shortcuts. Visit the shortcut table below to get more details. https://github.com/evait-security/envizon/wiki/Usage#shortcuts
In this section you can search for nearly anything in the database related to clients and combine each search parameter with 'AND', 'OR' & 'NOT'.
Perform simple queries for hostname, IP, open ports, etc. or create combined queries like: hostname contains 'win' AND mac address starts with '0E:5C' OR has port 21 and 22 open
. The portlist provides the port count for all clients and lets you quickly identify rarely used ports.
This page renders the images of all ports with visible/interactive content captured by starting a new scan using the "side actions" button. Actually only web-services are converted into a PNG files using selenium and chrome-headless. The scan interface has two functions:
- Screenshot new webservices - check which port can be captured and add only new images
- Re-Scan all webservices (overwrite) - delete all images from the database and take a screenshot from all possible ports
Using the left groups sidebar you can filter all images by group. Please note, that any on-change updates (e.g. someone deletes a group) are disabled on this page to avoid any disturbance on the manual image reviewing process.
Introducing remote issue templates: All issue templates are now located on a dedicated mysql database and are cached locally. You can easily clear this cache and sync all templates from the remote database with one click in the "settings" section under "issue templates". New issues created in your report are linked to their remote template and can be updated / added with one click. Before updating a remote template you will receive a diff-view with the corresponding changes.
In the reports section you are able to create reports for your customers. First, you have to create an issue group for example "Internal network". In this group you can create new issues with the content of your issue templates and link them to existing clients in the database. You can easily add screenshots as proofs for your findings by using CTRL + v
and pressing "update" or CTRL + s
. The remote templates are linked to the new issues and can be updated with ease. Under Site actions -> Edit report meta data and summary
you can edit basic information about the report itself for example the name of the customer or a management summary. The presentation mode allows you to hide all parts of an issue exept their screenshots.
In order to create a great looking report you have to edit the docx template file under ./report-templates/envizon_template.docx
. All variables used are included in the default template. In order to use your custom template simply copy the file into the envizon docker container e.g. docker cp your_template.docx envizon:/usr/src/app/envizon/report-templates/envizon_template.docx
. You can also export the report in .xlsx format using the site actions.
The complete project / database can be exported and imported using docker-compose and some fancy scripts located in the containers. For security reasons this function were moved from the web application to external scripts that are triggered manually.
Example export current instance to envizon_backup
volume / folder.
docker-compose exec envizon /bin/sh backup.sh
[*] Backup database ...
[*] Backup images ...
[*] Packing archive ...
[+] Done. File is located in ./envizon_backup/envizon_2021-05-31_20-58.tar.gz
Example export current instance to envizon_backup
volume / folder with custom filename.
docker-compose exec envizon /bin/sh backup.sh customername
[*] Backup database ...
[*] Backup images ...
[*] Packing archive ...
[+] Done. File is located in ./envizon_backup/envizon_customername.tar.gz
Example restoring a backup and overwriting the current instance. The .tar.gz
file has to be placed in the .\envizon_backup
folder.
docker-compose exec envizon /bin/sh restore.sh envizon_customername.tar.gz
[*] Copy backup to /tmp/
[*] Extracting ...
[*] Clean up ...
[*] Restore images ...
[*] Copy database backup ...
[*] Clean up ...
-----------------------------------------------------
[!] Success. Please restart the container now in order to restore the database.
[*] Use: docker-compose restart envizon
After executing the restore.sh
you need to restart the envizon app container immediately.
docker-compose restart envizon
NOTE: This will overwrite any data in your current project, including all stored images! An additional backup of the previous PostgreSQL will be created and placed in the db subfolder in your envizon container at this point.
Shortcut | Page | Function |
---|---|---|
CTRL + s | /reports | trigger the closest save button (calculated from the current focus) |
CTRL + v | /reports | insert the image in your clipboard directly into the input field (ofc. you can directly use CTRL + s) |
CTRL + f | /groups | opens a quick search table with all not archived clients that are searchable. With a click on the ip address the client will show up in the single client view |
CTRL + a | /groups | select all clients that are visible in the current selected group |
CTRL + s | /groups | trigger the download all selected clients function similar to the button with the "wget" label |