Home

Awesome

pynipper-ng

CodeQL GitGuardian scan Snyk SCA analysis SonarCloud Quality Gate Status Flake8 CI Build pynipper-ng with python3 Yaml Lint

Table of contents

  1. What is pynipper-ng
  2. Install
  3. Quickstart
  4. More information
  5. References

What is pynipper-ng?

pynipper-ng is a configuration security analyzer for network devices. The goal of this tool is check the vulnerabilities and misconfigurations of routers, firewalls and switches reporting the issues in a simple way.

This tool is based on nipper-ng, updated and translated to Python. The project wants to improve the set of rules that detect security misconfigurations of the network devices using multiple standard benchmarks (like CIS Benchmark) and integrate the tool with APIs (like PSIRT Cisco API) to scan known vulnerabilities.

Install

The requirements are:

Python install

You can install pynipper-ng with pip using the wheel package linked in each version of the tool.

pip install pynipper_ng-<VERSION>-py3-none-any.whl

It will be in pypi registry soon.

Source code install

Clone this repository and run:

python setup.py build install

Quickstart and options

Quickly demo

pynipper-ng -d IOS_ROUTER -i tests\test_data\cisco_ios_example.conf -o HTML -f ./report.html -x

Options

FlagOPTIONDESCRIPTIONMANDATORY?DEFAULT VALUE
-h--helpDisplay a help messageNON/A
-d--deviceDevice type to analyze (1)YES
-i--inputConfiguration device file to analyze (file contains standard output redirection of show configuration command)YES
-o--output-typeReport type (HTML or JSON)NOHTML
-f--output-filenameReport filenameNOreport.html
-x--offlineDisable APIs integrationNOTrue
-c--configurationConfiguration file to pynipper-ng (2)NOdefault.conf

(1) Check here the devices supported

(2) Check Pynipper-ng configuration file to know more about it.

More information

Pynipper-ng Configuration File

The configuration file is used to define some properties and customize the scans.

Pynipper-ng Configuration File: PSIRT Cisco API

To use the PSIRT Cisco API you must provide the API keys. To get it: https://apiconsole.cisco.com/

[Cisco]
CLIENT_ID = <your-client-id>
CLIENT_SECRET = <your-client-secret-token>

Contributing

Contribution are welcome! Please follow the steps defined in CONTRIBUTING file and share your improvements with the community.

CISCO IOS API integration

Get your credentials and put into the configuration file.

Pynipper modules

Pynipper-ng detects device configuration weaknesses based on modules. Pynipper modules checks into the network device configuration with regex if a property is set or not, and report it when this is not secure.

Pynipper modules summary

Available plugins: check here

Implements your modules

You can implements your own modules. You should clone the repository and create the plugins in src/analyze/cisco/<device_type>/plugins. To improve the pynipper-ng tool you can contribute adding your work :).

To create your own plugins, follow this guidelines

References

nipper-ng