This project uses the Giza SDK to perform an OSINT security action. The action fetches repositories from the Giza GitHub organization, scans them for vulnerabilities, analyzes documentation, retrieves WHOIS information for a domain, and searches Shodan for information on an IP address.
-
Clone the repository:
git clone https://github.com/jeytuan/WebTrey.git cd WebTrey
-
Install the required dependencies:
cd webtrey-dashboard/backend python -m venv myenv myenv\Scripts\activate # On Windows source myenv/bin/activate # On macOS/Linux pip install -r requirements.txt
-
Frontend (Next.js App)
cd ../../frontend npm install
-
Set up environment variables in
.env.local
:GITHUB_TOKEN=<your_github_token> SHODAN_API_KEY=<your_shodan_api_key> SSH_KEY=<your_ssh_key>
- Start the Backend OSINT Scan
cd webtrey-dashboard/backend/webtrey/giza myenv\Scripts\activate # On Windows source myenv/bin/activate # On macOS/Linux python giza_run.py
- Start the Frontend Web App
cd ../../../../frontend npm run dev
This project provides a Docker container for the WebTrey dashboard application, which is a comprehensive solution for managing and analyzing security vulnerabilities. The container includes a suite of tools designed to integrate seamlessly with Giza AI, enabling advanced security automation and intelligence.
Docker installed on your local machine. Download Docker
To pull the Docker image from Docker Hub, use the following command:
```sh
docker pull jeytuan/webtrey_vm:latest
```
To run the Docker container, use the following command:
```sh
docker run -d --name webtrey_vm -p 3001:3000 jeytuan/webtrey_vm:latest
```
Once the container is running, the application can be accessed in your web browser at: http://localhost:3001
To stop the running container, use the following command:
```sh
docker stop webtrey_vm
```
To remove the container, use the following command:
```sh
docker rm webtrey_vm
```
To update the Docker image to the latest version, use the following commands:
```sh
docker pull jeytuan/webtrey_vm:latest
docker stop webtrey_vm
docker rm webtrey_vm
docker run -d --name webtrey_vm -p 3001:3000 jeytuan/webtrey_vm:latest
```
The WebTrey Docker container includes the following tools:
- Giza SDK: Enables the integration of AI models and the execution of verifiable machine learning tasks.
- Slither: A static analysis tool to find vulnerabilities in Solidity smart contracts.
- Mythril: A security analysis tool for Ethereum smart contracts.
- Echidna: A smart contract fuzzer for finding vulnerabilities in Ethereum smart contracts.
- Foundry: A blazing fast, portable and modular toolkit for Ethereum application development.
- Hardhat: A development environment to compile, deploy, test, and debug Ethereum software.
- Python 3.10: Includes various security libraries and tools for automation and analysis.
The Web App dashboard, built with Next.js, provides a user-friendly interface for managing bug bounties, viewing threat intelligence, and handling vulnerability disclosures.
The results will include:
Repository vulnerabilities Documentation analysis WHOIS information Shodan information
As part of this project, we have also investigated what an in-scope Vulnerability Disclosure Program (VDP) for Giza AI would look like. Our proposed VDP includes a clear scope of assets, a structured reward system based on the severity of vulnerabilities, and a detailed process for reporting and handling vulnerabilities. This VDP aims to enhance the security posture of Giza AI by encouraging the identification and responsible disclosure of potential vulnerabilities.
-
Smart Contract Vulnerabilities:
- Reentrancy attacks
- Integer overflows/underflows
- Access control issues
- Insecure storage
-
Machine Learning Model Risks:
- Model poisoning
- Adversarial inputs
- Data leakage
- Model inversion
-
Zero-Knowledge Proofs (ZK Proofs):
- Incorrect implementation of ZK proofs
- Verification bypass
- Cryptographic weaknesses
-
Protocol-Level Attacks:
- Sybil attacks
- Front-running
- Oracle manipulation
The integration with Giza AI empowers the WebTrey Dashboard with advanced AI capabilities, providing the following benefits:
-
Automated Vulnerability Detection: Leverage Giza's AI models to automatically detect vulnerabilities in smart contracts and applications.
-
OSINT (Open Source Intelligence) Capabilities: Use Giza AI to perform comprehensive OSINT scans, identifying potential attack vectors and security risks across Giza's GitHub repositories and documentation.
-
Continuous Monitoring: Utilize Giza AI agents to continuously monitor and analyze security logs, providing real-time threat intelligence and automated responses to security incidents.
-
Verifiable Inferences: Ensure the integrity and authenticity of AI predictions with Giza's verifiable machine learning models, providing a higher level of trust and security in automated decision-making processes.
-
Seamless Integration: Easily integrate Giza AI's powerful features into your existing workflows, enhancing your security operations with minimal effort.
The Netsoul WebTrey - Giza OSINT Security Action project provides a powerful and comprehensive solution for enhancing the security of decentralized protocols and applications. By leveraging the Giza SDK, this project demonstrates advanced capabilities in automated vulnerability detection, OSINT (Open Source Intelligence) scanning, and continuous monitoring. The integration with Giza AI ensures that the analysis and actions taken are backed by verifiable machine learning models, enhancing trust and reliability.
This project includes a suite of robust tools within a Docker container, making it easy to deploy and use. The WebTrey dashboard, built with Next.js, provides a user-friendly interface for managing bug bounties, viewing threat intelligence, and handling vulnerability disclosures. The included tools like Slither, Mythril, Echidna, Foundry, and Hardhat ensure that the platform is well-equipped to handle a wide range of security tasks.
In addition to providing a functional prototype for OSINT tasks, this project also proposes a structured Vulnerability Disclosure Program (VDP) for Giza AI. This VDP outlines the potential attack vectors, a clear scope of assets, and a reward system based on the severity of vulnerabilities. The VDP aims to encourage responsible disclosure and enhance the overall security posture of Giza AI.
By integrating Giza AI, the WebTrey Dashboard can continuously monitor and analyze security logs, provide real-time threat intelligence, and automate responses to security incidents. This seamless integration ensures that security operations are efficient and effective, with minimal effort required to incorporate these advanced features into existing workflows.
Overall, the Netsoul WebTrey - Giza OSINT Security Action project sets a strong foundation for future development and integration of AI-powered security solutions. It demonstrates the potential for leveraging advanced AI models and tools to enhance the security and reliability of decentralized protocols and applications.
If you wish to contribute to this project, please fork the repository and submit a pull request.
For any inquiries, contributions, or further information, please reach out to:
-
Justin Nguyen (@jeytuan)
- Email: [email protected]
-
Louis DeGuzman
- Email: [email protected]