Eagle is designed to simplify your asset and vulnerabilities management and boost your workflow efficiency
- Automated Asset Collection: Gather IPs, domains, and other internal digital assets from platforms like Cloudflare, AWS Route53, Digital Ocean, with flexible options to add, edit, delete, and import assets.
- Periodic Open Port Detection: Automatically scan assets for open ports on a regular basis, with instant alerts sent to Slack.
- Custom Nuclei Scanning: Run comprehensive Nuclei scans on all assets or define custom scans using your own Nuclei templates.
- Subdomain Discovery: Effortlessly collect subdomains for any domain.
- DNS Dangling Detection: Identify and alert on dangling DNS records to help prevent subdomain takeover attacks.
- Host Collection via Shodan: Collect host information using Shodan for deeper insights into exposed assets.
- Reverse IP Lookup: Discover domains associated with an IP address.
Eagle consits 3 major components
- Backend API base on Flask with Gunicorn as webserver and Mongodb as database
- Frontend base on React Native
- Reverse proxy via Nginx
- Replace your api endpoint (apiEndpoint) at
/eagle/frontend/src/config.jsfile - Build
nvm use 16
npm run build
build folder will be served by nginx (/etc/nginx/sites-available/[your domain])
...
root /home/linhle4/eagle/eagle/frontend/build;
try_files $uri /index.html;
...
see nginx config section below for details
- Install requirements for Flask Python Backend
cd backend
source venv/bin/activate
pip install -r requirements.txt
- Install engine dependencies
- nuclei
- subfinder
- nmap
Set multiple env variables options in backend/.env file
cd eagle
cp backend/.copy.env backend/.env
Install mongodb follow the instructions (https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/)
- Install Gunicorn
pip install gunicorn
- Create a Gunicorn Systemd Service File
sudo nano /etc/systemd/system/gunicorn.service
[Unit]
Description=Gunicorn instance to serve eagle app
After=network.target
[Service]
User=$USER
Group=www-data
WorkingDirectory=$HOME/eagle/backend
EnvironmentFile=$HOME/eagle/backend/.env
ExecStart=$HOME/eagle/backend/venv/bin/gunicorn --bind 0.0.0.0:5000 app:app --log-level debug --access-logfile /var/log/gunicorn/access.log --error-logfile /var/log/gunicorn/error.log
StandardOutput=file:/var/log/gunicorn/stdout.log
StandardError=file:/var/log/gunicorn/stderr.log
[Install]
WantedBy=multi-user.target
- Start and Enable the Gunicorn Service
- Reload the systemd daemon
sudo systemctl daemon-reload - Start the Gunicorn service
sudo systemctl start gunicorn - Enable the Gunicorn service to start on boot
sudo systemctl enable gunicorn - Check the status of the service to ensure it's running
sudo systemctl status gunicorn
Gunicorn is not designed to handle HTTP requests directly from the web. It’s better to use Nginx as a reverse proxy to forward client requests to Gunicorn. Moreover, you can implement oauth2 mechanism for authentication with Nginx.
- Install Nginx
sudo apt-get install nginx - Create a new Nginx configuration file
sudo nano /etc/nginx/sites-available/[your_domain]
# HTTP
server {
listen 80;
server_name [your_domain];
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
# HTTPS
server {
listen 443 ssl;
server_name [your_domain];
ssl_certificate /etc/letsencrypt/live/[your_domain]/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/[your_domain]/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Phục vụ các file tĩnh
location / {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
root /home/linhle4/eagle/eagle/frontend/build;
try_files $uri /index.html;
}
# Xử lý các yêu cầu API
location /api {
auth_request /oauth2/auth;
error_page 401 = /oauth2/sign_in;
proxy_pass http://localhost:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_request_set $user $upstream_http_x_auth_request_user;
auth_request_set $email $upstream_http_x_auth_request_email;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
}
# OAuth2 Callback
location /oauth2 {
proxy_pass http://localhost:4180;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Auth-Request-Redirect $request_uri;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
}
}
- Enable the configuration by creating a symlink
sudo ln -s /etc/nginx/sites-available/[your_domain] /etc/nginx/sites-enabled
- Test the Nginx configuration
sudo nginx -t
- Restart Nginx
sudo systemctl restart nginx
- Add your OAuth2 provider configuration
sudo nano /etc/oauth2_proxy.cfg
provider = "google"
client_id = "YOUR_CLIENT_ID"
client_secret = "YOUR_CLIENT_SECRET"
cookie_secret = "A_RANDOM_STRING_BASE64_ENCODED"
cookie_domains = ".xxx.com"
cookie_secure = true
email_domains = ["yourdomain.net"]
# Listen on localhost to proxy requests
http_address = "127.0.0.1:4180"
# Redirect URL (must be the same as in Google OAuth2 configuration)
redirect_url = "https://[your_domain]/oauth2/callback"
Replace YOUR_CLIENT_ID, YOUR_CLIENT_SECRET, and cookie_secret with your Google OAuth2 credentials and a base64-encoded random string. Update email_domains with your domain.
- Create a new service file for OAuth2 Proxy
sudo nano /etc/systemd/system/oauth2_proxy.service
[Unit]
Description=Oauth2 Proxy
After=network.target
[Service]
ExecStart=/usr/local/bin/oauth2-proxy --config=/etc/oauth2_proxy.cfg
Restart=always
User=nobody
Group=nogroup
[Install]
WantedBy=multi-user.target
- Reload the systemd daemon
sudo systemctl daemon-reload - Start and enable the OAuth2 Proxy service
sudo systemctl start oauth2_proxy
sudo systemctl enable oauth2_proxy
- Check the status of the service:
sudo systemctl status oauth2_proxy