¶ Assets
In Cryeye users can add many diferent assets to their workspaces. Assets can be scanned by the audit system to find vulnerabilities, misconfigurations, information leaks, etc.
Also assets can be added to Uptime Monitoring where users can watching on assets availability.
Also assets can be added to Singular and Multi target audit project or Whitebox where users can scan developers Source code on development vulnerabilities, misconfigurations, information leaks, etc.
¶ Assets types
Assets are divided into different categories such as:
-
Web- category includes assets for scaning web resources on vulnerabilities or leakage data. -
Infrastructure- category includes assets uses for scanning infrastructure files for vulnerabilities and misconfigurations -
Mobile- category includes assets for scanning mobile files to find vulnerabilities, misconfigurations, wrong permissions etc. -
Source Code Analysis- category includes assets for scaning GitHub repositories and source code to find vulnerabilities, hardcoded misconfigurations, emails, usernames, passwords. -
Binary Analysis- category includes the process of analyzing and understanding the behavior and vulnerabilities of binary code to identify and mitigate potential security risks. -
Recon- category includes assets for scaning users Personal Data for leakages such as Emails, Usernames, Phone numbers. -
Network Forensics- category for analysis, and interpretation of network traffic data to investigate and respond to security incidents, detect intrusions, and gather evidence for legal purposes. -
Names, Titles or Identifications- category icludes assets for OSINT needs. -
Other- category includes assets that have not been categorized.
¶ How to add asset
Click on asset icon which you need and fill data. Users can enter targets directly, or enter multiple targets directly or by upload file with targets. Also here, at the same time, users can create an Audit projects to manually run scans using various tools integrated into Cryeye, add web target to Uptime monitoring to monitoring connections status of your web resource, Start Exploit Monitoring in Multi target audit project, to find newest exploits and vulnerabilities for your service, or upload your source code and create Whitebox project to find problems on development stage.
¶ Assets dashboard
Or users can create diffrent projects later from assets dashboard by using Assets services conrol.
¶ URL Asset
In URL Asset users can enter and scan website URL. For example: https://example.com/
¶ Domain Asset
In Domain Asset users can enter and scan website Domain name. For example: example.com
¶ Host Asset
In Host Asset users can enter and scan website Host name (domain or IP) & Host port. For example: example.com:8000 or 192.168.0.1:8000
¶ IPv4 Asset
In IPv4 Asset users can enter and scan website IPv4 address. For example: 192.168.0.1
¶ IPv6 Asset
In IPv6 Asset users can enter and scan website IPv6 address. For example: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
¶ Docker Image Asset
In Docker Image Asset users can upload txt file with Docker image name scan Docker image, used for creating Docker Container. For example: tomcat:latest
¶ Docker File Asset
In Docker File Asset users can Upload and scan Docker File, Dockerfile used for build Docker image. For example: https://github.com/docker-library/tomcat/blob/9cad4b1a880782d3504d7c8723fccc667965cf29/8.5/jdk8/temurin-focal/Dockerfile
¶ Teraform Asset
In Teraform Asset users can upload and scan Infrastructure files for Terraform vulnerabilities and misconfigurations. For example: Teraform.zip
¶ AWS Cloudformation Asset
In AWS Cloudformation Asset users can upload and scan Infrastructure files for AWS Cloudformation vulnerabilities and misconfigurations. For example: AWS.zip
¶ Ansible Asset
In Ansible Asset users can upload and scan Infrastructure files for AWS Cloudformation vulnerabilities and misconfigurations. For example: Ansible.zip
¶ Helm Asset
In Helm Asset users can upload and scan Infrastructure files for Helm vulnerabilities and misconfigurations. For example: Helm.zip
¶ Kubernetes Asset
In Kubernetes Asset users can upload and scan Infrastructure files for Kubernetes vulnerabilities and misconfigurations. For example: Kubernetes.zip
¶ Azure resource manager Asset
In Azure resource manager Asset users can upload and scan Infrastructure files for Azure vulnerabilities and misconfigurations. For example: ARM.zip
¶ Android Application Asset
In Android Application Asset users can upload and scan Android APK files for Mobile vulnerabilities, misconfigurations and wrong permissions. For example: Application.apk
¶ Apple Application Asset
In Apple Application Asset users can upload and scan Apple IPA files for Mobile vulnerabilities, misconfigurations and wrong permissions. For example: Application.ipa
¶ Git Repository Asset
In Git Repository asset users can add GitHub repositories for scan to find vulnerabilities, hardcoded misconfigurations, emails, usernames, passwords. For example: https://github.com/nmap/nmap
¶ Sources Asset
In Sources asset users can add source code archive with application source code. for scan to find vulnerabilities, hardcoded misconfigurations, emails, usernames, passwords.
¶ File Asset
In File asset users can add any file for analyzing and understanding the behavior and vulnerabilities of binary code to identify and mitigate potential security risks.
¶ Email Asset
In Email asset users can enter and scan electronic mail address for information leaks and breaches. For example: [email protected]
¶ Phone Asset
In Phone asset users can enter and scan phone numbers for information leaks. For example: +1234567890
¶ Username Asset
In Username asset users can enter and scan Usernames for information leaks and breaches. For example: username_123
¶ Packet Capture Asset
In Packet Capture asset users can upload Packet capture file with extentions .pcap, .cap, .dmp for analysis, and interpretation of network traffic data.
¶ Technology Asset
In Technology asset users can add technology for scaning to find a vulnerabilities, exploits, PoCs. For example: Django 3.0
¶ CPE Asset
In CPE asset users can add technology in CPE 2.3 format for scaning to find a vulnerabilities, exploits, PoCs.
¶ Organization Asset
In Organization asset users can add name of organization, company or groupe for information gathering, OSINT. For example: Google
¶ Bank number Asset
In Bank number asset users can add IBAN or credit card number for check leaked information. Coming soon...
¶ Textline Asset
Textline asset is Coming soon...
¶ Keyword Asset
In Keyword asset user can add a keyword to search for similar domain names and url addresses and check them for phishing. More functionality of this asset is Coming soon.
¶ Smart contract Asset
In Smart contract asset users can Upload and scan Self-executing smart contract files for different blockchains.
¶ NuGet Package Asset
In NuGet Package asset users can add archive file with some NuGet packegas for vulnerability scan. Coming soon...
¶ Regex Asset
In Regex asset users can add regular expression for darknet monitoring triggers. Coming soon...
¶ Custom Asset
In Custom asset users can enter or upload anything else that is not listed here. Coming soon...
