Initial commit for Mantis

.gitignore

@@ -0,0 +1,3 @@
+*__pycache__
+logs/
+.DS_Store

Dockerfile

@@ -0,0 +1,101 @@
+FROM --platform=linux/amd64 python:3.9-slim
+# Install wget
+RUN apt-get update && apt-get install -y wget unzip tar gcc libpcap-dev dnsutils git dnstwist
+
+# Install git
+RUN apt-get update --fix-missing && apt install git -y
+
+# Setup work directory
+WORKDIR /home/mantis
+# Install amass
+RUN echo "Installing Amass"
+RUN wget https://github.com/owasp-amass/amass/releases/download/v3.23.2/amass_Linux_amd64.zip
+RUN unzip amass_Linux_amd64.zip
+RUN mv amass_Linux_amd64/amass /usr/bin
+
+# Install subfinder
+RUN echo "Installing subfinder"
+RUN wget https://github.com/projectdiscovery/subfinder/releases/download/v2.6.0/subfinder_2.6.0_linux_amd64.zip
+RUN unzip subfinder_2.6.0_linux_amd64.zip
+RUN mv subfinder /usr/bin
+
+# Install Puredns
+RUN echo "Installing Puredns"
+RUN wget https://github.com/d3mondev/puredns/releases/download/v2.1.1/puredns-Linux-amd64.tgz
+RUN tar -xvf puredns-Linux-amd64.tgz
+RUN mv puredns /usr/bin
+
+# Install HTTPX
+RUN echo "Installing HTTPX"
+RUN wget https://github.com/projectdiscovery/httpx/releases/download/v1.3.2/httpx_1.3.2_linux_amd64.zip
+RUN unzip httpx_1.3.2_linux_amd64.zip
+RUN mv httpx /usr/bin
+
+# Install Findcdn
+RUN echo "Installing Findcdn"
+RUN pip install git+https://github.com/cisagov/findcdn.git
+
+# Install Ipinfo
+RUN echo "Installing Ipinfo"
+RUN wget https://github.com/ipinfo/cli/releases/download/ipinfo-2.10.1/ipinfo_2.10.1_linux_amd64.tar.gz
+RUN tar -xvf ipinfo_2.10.1_linux_amd64.tar.gz
+RUN mv ipinfo_2.10.1_linux_amd64 ipinfo
+RUN mv ipinfo /usr/bin
+
+# Install naabu
+RUN echo "Installing naabu"
+RUN wget https://github.com/projectdiscovery/naabu/releases/download/v2.1.6/naabu_2.1.6_linux_amd64.zip
+RUN unzip naabu_2.1.6_linux_amd64.zip
+RUN mv naabu /usr/bin
+
+# Install nuclei
+RUN echo "Installing nuclei"
+RUN wget https://github.com/projectdiscovery/nuclei/releases/download/v2.9.6/nuclei_2.9.6_linux_amd64.zip
+RUN unzip nuclei_2.9.6_linux_amd64.zip
+RUN mv nuclei /usr/bin
+
+# Install gitleaks 
+RUN echo "Installing gitleaks"
+RUN wget https://github.com/gitleaks/gitleaks/releases/download/v8.17.0/gitleaks_8.17.0_linux_x64.tar.gz
+RUN tar -xvf gitleaks_8.17.0_linux_x64.tar.gz
+RUN mv gitleaks /usr/bin
+
+
+# Copy requirements.txt for mantis
+COPY ./requirements.txt /home/mantis/requirements.txt
+RUN pip install -r requirements.txt
+
+# Install wafw00f
+RUN pip install wafw00f
+
+#Install gau
+RUN echo "Installing GAU"
+RUN wget https://github.com/lc/gau/releases/download/v2.1.2/gau_2.1.2_linux_amd64.tar.gz
+RUN tar -xvf gau_2.1.2_linux_amd64.tar.gz
+RUN mv gau /usr/bin
+
+RUN echo "Installing and setting up awscli"
+RUN wget "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
+RUN unzip awscli-exe-linux-x86_64.zip
+RUN ./aws/install
+
+RUN rm -rf *
+RUN echo 'export PS1="🦗 Mantis > " && alias mantis="python /home/mantis/launch.py"' | tee -a /root/.bash_profile
+RUN echo 'export PS1="🦗 Mantis > " && alias mantis="python /home/mantis/launch.py"' | tee -a ~/.profile
+RUN echo 'export PS1="🦗 Mantis > " && alias mantis="python /home/mantis/launch.py"' | tee -a ~/.bashrc
+
+# Copy Code
+COPY ./mantis /home/mantis/mantis
+COPY ./configs /home/mantis/configs
+COPY ./launch.py /home/mantis/launch.py
+COPY ./scheduler.py /home/mantis/scheduler.py
+COPY ./*.txt /home/mantis/
+RUN mkdir /home/mantis/logs
+RUN mkdir /home/mantis/logs/scan_efficiency
+RUN mkdir /home/mantis/logs/tool_logs
+
+
+# Required for displaying stdout sequentially
+ENV PYTHONUNBUFFERED=1
+
+#ENTRYPOINT ["python3","launch.py"]% 

README.md

@@ -0,0 +1,215 @@
+# Mantis
+
+## Summary
+
+Mantis simplifies the efforts of an organisation's product security team by automating asset discovery, recon and scan. If you are already thining why another recon framework, well if you are a product security engineer you are in for a surprise. The framework gives you the power to distribute a single scan across multiple machines making your scan time 2x faster or even more depending on the resources you have. Recon frameworks combine a lot of open source tools that are seldom not in our control, hence we designed the framework to provide you with scan stats,scan timings and tool failures at a module, tool and subdomain level. Not done yet, there are a few bonus - deciding on the modules or tools to be run is config driven, criteria for alerts is config driven, even notifiying specific teams for specific alerts is config driven. Oh yea, new tool additions have never been simpler.
+
+
+## Features :rocket:
+
+- **Make yours scans 2x faster**
+    - *I am fed up with my scan times, i can bump up my infrastructure, but will the framework utilize it efficiently*
+    - Mantis can distribute a single scan across multiple machines (baremetals, AWS, Azure)
+- **Understand Scan Efficiency**
+    - *I really need to understand my scan results for every subdomain succeeded or failed at a granular level*
+    - Easily understand your scan efficiency, were there failures in scan, modules, tools etc.
+- **Integrate with your Org's DNS Service**
+    - *I also want to my DNS service to this tool, right now supports route 53*
+    - Just add your AWS Read-only key to the configuration and have your assets synced automatically
+- **Quickly Integrate new tools**
+    - *I need to add a new tool for a specific vulnerbaility or for subdomain discovery, its a command line tool/API*
+    - Integrating tool in Mantis takes only a few minutes
+- **Dashboard Support**
+    - *I need a dashboard to visualize my organisation's assets* 
+    - We store almost every detail in mongoDB, you are free to integrate with any dashboard that supports mongoDB integration. Metabase and chartbrew are some excellent dashbaords you can integrate our framework with
+- **Choose what modules/tools you need to run**
+    - *I just need to run my discovery module weekly, recon once a month and scan module everyday*
+    - Just comment/uncomment the configurations you need to skip/run
+- **Configurable Slack Alerts**
+    - *I need to get alerts just when new vulnerabilities are identified, i changed my mind, i need it for phishing domains too*
+    - Alerts for new assets (subdomains, IPs, certificates) and findings (vulnerabiltiies, misconfiguration, phishing and secrets) are configurable, no additonal coding required
+- **Configurable Team Notifications in slack**
+    - *I need to tag the right teams for the right findings, example, tag my phising team when new phising domains are identified, tag my Infra team when a new certificate is added*
+    - With Mantis, you can tag specific teams/members for asset types (subdomains, IPs, certificates) and finding types (vulnerabiltiies, misconfiguration, phishing and secrets) 
+- **Secrets Scanning** [Experimental] 🔥🔥
+    - *I need to know if my organisation's secrets or secrets provided by my organisation is leaked in public forums* 
+    - An indenpendent secrets module will help you integrate with github, gitlab, GAU, dorks to find secrets in public forums
+
+
+## Modules and Tools 
+
+- Discovery
+    - Subfinder: Subdomain Discovery
+    - AMASS:  Subdomain Discovery
+    - SSLMate: Find Certificates
+- PreRecon
+    - FindCDN: Identify CDNs
+    - Naabu: Active/Passive Ports
+    - IPInfo: Identify where your assets are located
+- ActiveHostScan
+    - HTTPX: Find Active Assets 
+- ActiveRecon
+    - wafw00f: Identifty WAF
+- Scan
+    - Nuclei: Technology Recon
+    - Nuclei: Identify vulnerabilities 
+    - DNSTwister: Identify Phishing domains
+    - Csper: CSP Misconfigurations
+
+## Installation
+
+Mantis supports multiple installation types. Installing Mantis via Docker would be a good start to get a hang of the framework.
+
+Considering that Mantis also includes mongoDB and AppSmith, we have provided a shell script that installs all the components.
+
+### Docker
+
+Clone the Mantis repository 
+
+```
+$ git clone https://github.com/PhonePe/mantis.git
+```
+
+cd into the Mantis directory    
+
+```
+$ cd mantis/setup/docker
+```
+
+Run the docker setup file
+
+```
+$ ./docker-setup.sh
+```
+
+
+### Ubuntu - Linux
+
+To install Mantis directly on Ubuntu, follow the below steps. 
+
+Clone the Mantis repository 
+
+```
+$ git clone https://github.com/PhonePe/mantis.git
+```
+
+cd into the Mantis directory    
+
+```
+$ cd mantis/setup/ubuntu
+```
+
+Run the mac setup file
+
+```
+$ ./setup-mantis-ubuntu.sh
+```
+
+## Command Line Options
+
+```
+
+  --mode {onboard,scan}                   Select mode of operation
+  -h, --help                              list command line options
+  -t HOST, --host HOST                    top level domain to scan
+  -f FILE_NAME, --file_input FILE_NAME    path to file containing any combination of TLD, subdomain, IP-range, IP-CIDR
+  -w WORKFLOW, --workflow WORKFLOW        workflow to be executed as specified in config file
+  -o ORG, --org ORG                       name of the organisation
+  -a APP, --app APP                       scan only subdomains that belong to an app
+  -p, --passive                           run passive port scan
+  -s, --stale                             mark domains as stale (domains purchased but not in use)
+  -i, --ignore_stale                      ignore stale domains during scan
+  -r, --use_ray                           use ray framework for distributed scans
+  -n NUM_ACTORS, --num_actors NUM_ACTORS  number of ray actors, default 10
+  -d, --delete_logs                       delete logs of previous scans
+
+```
+
+## Running scans on Mantis
+
+
+You want to onboard an org with its TLDs/IPs/IP-CIDRs/IP Range for the first time, use the onboard mode. This runs the scan on the default workflow.
+
+#### TLD
+```shell
+$ mantis -m onboard -o org_name -t example.in   
+```
+#### IP
+```shell
+$ mantis -m onboard -o org_name -t 10.123.123.12
+```
+
+#### IP-Range
+```shell
+$ mantis -m onboard -o org_name -t 203.0.113.0-203.0.113.255
+```
+
+#### IP-CIDR
+```shell
+$ mantis -m onboard -o org_name -t 203.0.113.0/24
+```
+
+### Onboard Known Assets and Scan
+```shell
+$ mantis -m onboard -o org_name -f input.txt
+```
+
+### Scan on all assets belonging to an organisation
+
+Now that you have onboarded, you just need to run scheduled scans for an org, you can just use the scan mode
+
+```shell
+$ mantis -m scan -o org_name
+```
+
+### Scan on all assets belonging to an organisation and app
+
+```shell
+$ mantis -m scan -o org_name -a app_name
+```
+
+
+
+
+## How to contribute ?
+
+If you want to contribute to this project:
+
+* Submit an issue if you found a bug, or a have a feature request.
+* Make a Pull Request from dev branch if you want to improve the code.
+
+## Need Help ?
+
+* Take a look at the wiki section.
+* Check FAQ for commonly asked questions.
+
+## Credits
+
+**Development** - Prateek Thakare  
+**Recon Tools Design/Launch scripts** - Bharath Kumar  
+**Secret Scanning** - Hitesh Kumar, Saddam Hussain  
+**Dashboard** - Pragya Gupta  
+**Design Suggestions** - Dhruv Shekawat  
+**Framework Design** - Praveen Kanniah  
+
+**Special Thanks** - Ankur Bhargava
+
+## Special Thanks
+
+* [Ray Framework](https://www.ray.io/)
+* [Project Discovery](https://github.com/projectdiscovery)
+
+
+## Disclaimer
+
+Usage of this program for attacking targets without consent is illegal. It is the user's responsibility to obey all applicable laws. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. Please use responsibly.
+
+The material contained in this repository is licensed under MIT.
+
+
+
+
+
+
+
+