This is Wiki about Cryeye project
video tutorial
Cryeye
is a cloud-based continuous deep audit and security monitoring solution with a variety of integrated tools that provides an all-in-one SaaS cybersecurity platform.
Automate vulnerability detection across servers, websites, mobile applications, source code, and cloud solutions.
Automate vulnerability detection across servers, websites, mobile applications, source code, and cloud solutions.
Resource extraction systems extract information about the target's web resources from the bulk of the results, they can be used for subsequent attacks.
View statistics of found vulnerabilities
Notification system can send notifications on Email and inside Cryeye on your dashboard.
There users can request Support from cryeye developers by creating "Support tickets". Support tickets can be created from findings such as vulnerabilities facts finded by audits service or by whitebox service.
A complete cloud-based solution for manual testing.
Check the vulnerabilities found or perform other actions necessary for a full cycle of vulnerability assessments or penetration testing cycle.
Tools like Metasploit, Nmap, commix, SQL map, zap and others can be run from our cloud. You can add your own MTP.
In Cryeye, we have many integrated open source and licensed security software that we call audits. In the audit system, our users can manually run audit checks on their Assets. Show possible vulnerabilities in your web application by sorting them from critical to informational. Audits allow you to select each attack vector and type of scan, showing a description of the vulnerability, its severity, CVSS assessment and remedies. Also, you can sort the results by many different parameters.
Integrated commercial Blackbox tools:
In Workspaces users work with Cryeye project. Inside workspace you can add Assets to use Cryeye services.
For example:
Constant updating of audits.
An example of audits for URLs:
Multi targets audit system allows you to add an unlimited number of assets and run automatic scanning on them in one click. You can add several IPs, domains, source code archives, mobile applications at once.
An example of adding several archives with source code at once:
Example of adding a list of technologies for Exploit Monitoring:
To add technologies for Exploit Monitoring, select the required assets, click 'Configure Workflow,' and a modal window will appear. From there, choose the service 'Exploit Monitoring' and click 'Continue.'
Allows you to configure the automatic launch of the necessary audits in the desired period of time or schedule automatic scanning. For example, the scheduler will allow you to control the automatic search for new exploits and CVEs for your technology.
Technology detected on the project and added F5 Firewall (BIG IP) for assets, and exploit monitoring and Darknet/CVE monitoring started.
Discovered technology
Source Code Analysis will help you monitor the security of your products at all stages of software development.
Our scanner can scan zip files and git repositories from Github.com
Our team tried to find the source code but didn't find it in github/gitlab/bitbucket.
However, we have uploaded vulnerable code so that you can verify it.
Please remember to sort by severity.
You can easily download your source code and get real-time scan results.
NOC Services
We regularly check the condition of the assets. Let's call it a heartbeat.
With uptime monitoring, you can monitor assets availability.
Uptime monitoring allows you to continuously monitor the availability of your assets.
Exploit Monitoring is a system designed to collect technologies and services on the site and search for their vulnerabilities. This tool allows you to carry out this process at an automated level. Its relevance is confirmed by the lack of the availability of this kind of instrument in the world. Of course, there are wonderful databases with vulnerabilities globally, but they are suitable only for manual use because they don’t know how to filter search results.
Redhat database integrated into Darknet monitoring
Example of Redhat Feed integration
Scans mobile applications for Android and iOS mobile operating systems for vulnerabilities.
Automatic Active Directory audits will help verify the security of your environment and identify potential vulnerabilities in your infrastructure.
Infrastructure code security scanning , also known as Infrastructure as Code (IaC) security scanning, is the process of evaluating the security of the code used to define and configure an organization's infrastructure. Infrastructure code refers to the scripts, templates, or configuration files that are used to automate the deployment and management of infrastructure resources such as servers, networks, and storage.
Darknet Monitoring This tool helps in collecting data from different text-based channels and reacting to it. If your data is seen on the darknet, you will be the first to know about it.
The main purpose of Breach Detection is to automate the remote breach detection process and alert the user to the potential risk to the asset.
To achieve the purpose, the user is given the opportunity to safely add their assets to the regular monitoring system. For the convenience of using the monitoring system, the user has the ability to configure the frequency of breach detection. If the user deems that monitoring the asset that he has added is no longer practical (useful), the user has the option to delete the corresponding asset.
It will show you issues with your project by domain, URL, email address, or any keyword and will automatically scan your assets daily, sending you email information about any problem found.