Skip to content

Commit

Permalink
ENH: Initial deployment without LLMs
Browse files Browse the repository at this point in the history
  • Loading branch information
@sanand0
sanand0 committed Oct 15, 2024
0 parents commit 17e41b2
Show file tree
Hide file tree
Showing 7 changed files with 355 additions and 0 deletions.
1 change: 1 addition & 0 deletions CNAME
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
reportgen.straive.app
20 changes: 20 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
Copyright 2024 Anand S

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Binary file added img/vapt-deployment.webp
Binary file not shown.
Binary file added img/vapt-straive-logo.webp
Binary file not shown.
96 changes: 96 additions & 0 deletions index.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
<!DOCTYPE html>
<html lang="en">

<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Report Gen</title>
<link rel="icon" href="https://raw.githubusercontent.com/gramener/assets/main/straive-favicon.svg">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" crossorigin="anonymous">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/font/bootstrap-icons.min.css">
<style>
.narrative {
max-width: 40rem;
}
</style>
</head>

<body>

<nav class="navbar navbar-expand-lg bg-body-tertiary" data-bs-theme="dark">
<div class="container-fluid">
<a class="navbar-brand" href=".">Report Gen</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<div class="nav-item dropdown ms-auto" role="group" aria-label="Toggle dark mode" title="Toggle Dark Mode">
<button class="dark-theme-toggle btn btn-outline-light dropdown-toggle" type="button" data-bs-toggle="dropdown" aria-expanded="false" aria-label="Toggle theme (auto)">
<i class="bi bi-circle-half"></i> <span class="d-lg-none ms-2">Toggle theme</span>
</button>
<ul class="dropdown-menu dropdown-menu-end">
<li><button class="dropdown-item" data-bs-theme-value="light"><i class="me-2 bi bi-sun-fill"></i> Light</button></li>
<li><button class="dropdown-item" data-bs-theme-value="dark"><i class="me-2 bi bi-moon-stars-fill"></i> Dark</button></li>
<li><button class="dropdown-item" data-bs-theme-value="auto"><i class="me-2 bi bi-circle-half"></i> Auto</button></li>
</ul>
</div>
</div>
</div>
</nav>

<div class="container">
<h1 class="display-1 my-4 text-center">Report Gen</h1>

<div id="demos" class="row row-cols-1 row-cols-sm-2 row-cols-lg-3 row-cols-xl-4 my-5">
<div class="col py-3">
<div class="demo card h-100 text-decoration-none">
<div class="card-body">
<h5 class="card-title">VAPT test</h5>
<p class="card-text">Generate a VAPT test report.</p>
<button class="btn btn-primary generate" data-src="vapt.xlsx"><i class="bi bi-gear"></i> Generate</button>
<a class="btn btn-secondary" href="vapt.xlsx"><i class="bi bi-download"></i> Download</a>
</div>
</div>
</div>
<div class="col py-3">
<div class="demo card h-100">
<label class="card-body">
<h5 class="card-title">Custom Report</h5>
<p class="card-text">Use your own VAPT Excel report.</p>
<label for="file-upload" class="btn btn-primary w-100">
<i class="bi bi-cloud-upload"></i> Upload your Excel file here
</label>
<input id="file-upload" type="file" accept=".xlsx" class="d-none">
</div>
</div>
</div>

<div id="login" class="my-5"></div>

<div id="output"></div>

</div>


<footer class="my-5 vh-100 d-flex align-items-center justify-content-center">
<h1 class="display-4">Designed by <a href="https://gramener.com/" class="text-reset link-offset-3 link-underline link-underline-opacity-25">Gramener</a></h1>
</footer>

<div id="item-modal" class="modal" tabindex="-1">
<div class="modal-dialog modal-xl">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Item</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
</div>
<div class="modal-body"></div>
</div>
</div>
</div>

<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.bundle.min.js" type="module"></script>
<script src="https://cdn.jsdelivr.net/npm/@gramex/[email protected]/dist/dark-theme.js" type="module"></script>
<script src="script.js" type="module"></script>
</body>

</html>
238 changes: 238 additions & 0 deletions script.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,238 @@
import { html, render } from "https://cdn.jsdelivr.net/npm/lit-html@3/+esm";
import { read, utils } from "https://cdn.jsdelivr.net/npm/xlsx/+esm";
import {
Chart,
BarController,
BarElement,
CategoryScale,
LinearScale,
Tooltip,
} from "https://cdn.jsdelivr.net/npm/chart.js@4/+esm";

const { token } = await fetch("https://llmfoundry.straive.com/token", { credentials: "include" }).then((r) => r.json());
if (!token) {
const url = "https://llmfoundry.straive.com/login?" + new URLSearchParams({ next: location.href });
render(html`<a class="btn btn-primary" href="${url}">Log into LLM Foundry</a></p>`, document.querySelector("#login"));
}

const table = (data) => {
if (!data || data.length === 0) return null;
const columns = Object.keys(data[0]);
return html`
<table class="table table-bordered">
<thead>
<tr>
${columns.map((key) => html`<th scope="col">${key}</th>`)}
</tr>
</thead>
<tbody>
${data.map(
(row) => html`
<tr>
${columns.map((key) => html`<td>${row[key]}</td>`)}
</tr>
`
)}
</tbody>
</table>
`;
};

const statsTable = (data, keys) => html`
<table class="table table-bordered">
<tbody>
${keys.map(
(key) => html`
<tr>
<th scope="row">${key}</th>
<td>${data[key]}</td>
</tr>
`
)}
</tbody>
</table>
`;

const vaptReport = ({ Summary, ...data }) => html`
<div>
<style scoped>
.section-header {
background-color: #20b2aa;
color: white;
padding: 10px;
font-size: 1rem;
margin-bottom: 0;
margin-top: 1.5rem;
}
</style>
<img class="img-fluid" src="img/vapt-straive-logo.webp" alt="VAPT - Straive Logo" />
<h2 class="mt-4">${Summary["Client Name"]}</h2>
<h1 class="display-4 my-4 border-bottom border-dark pb-2">Vulnerability Assessment Report</h1>
<p>Date: ${Summary["Date"]}</p>
<h2 class="mt-4">Submitted by:</h2>
${statsTable(Summary, ["Analyst", "Analyst Email ID"])}
<h1 class="display-4 my-4 border-bottom border-dark pb-2">Vital Statistics</h1>
<p>
This document provides the findings of a recent analysis of your infrastructure. The document represents a summary
of these findings and presents a set of recommendations for addressing the detected events. The analysis is based
on data collected using the characteristics below:
</p>
<h2 class="section-header mt-3">Company Details</h2>
${statsTable(Summary, ["Company Name", "Address", "Industry", "Company Size"])}
<h2 class="section-header mt-3">Test Details</h2>
${statsTable(Summary, ["Test Start Date", "Test Objective", "Test Duration"])}
<h1 class="display-4 my-4 border-bottom border-dark pb-2">Executive Summary</h2>
<h3 class="section-header">Security and Threat Prevention</h3>
${table(data["Security and Threat Prevention"])}
<p class="mt-3">
Last year, over 780 enterprises were breached because of poor internal security practices and latent vendor
content security. The average cost of a corporate security breach is estimated at $3.5 million USD and is rising
at 15% year over year. Intrusions, malware/botnets and malicious applications collectively comprise a massive risk
to your enterprise network. These attack mechanisms can give attackers access to your most sensitive files and
database information. We mitigates these risks by providing award-winning security solutions and is consistently
rated among the best by objective third parties such as NSS Labs, VB 100 and AV Comparatives.
</p>
<h2 class="section-header mb-3">Deployment & Methodology</h2>
<p>
The internal network was monitored with a XYZ-500D (transparent mode using port pairs). This is a non-invasive way
to intercept traffic as it moves over your network. The diagram below demonstrates the assessment topology used.
</p>
<p class="text-center">
<img class="img-fluid" src="img/vapt-deployment.webp" alt="VAPT - Deployment Methodology" />
</p>
<p>
During this assessment, traffic was monitored as it moved over the wire and logs were recorded. These logs are
typically categorized by their log type. While traffic logs record much of the session information flowing across
your network, We can also monitor more in-depth security logging, such as IPS, anti-virus, web and application
control. This assessment was created based on telemetry from all log types and is meant to provide a big picture
view of your network's activity. Used in conjunction with ABC, DEF can provide additional functions such as event
management (e.g. alerts when malicious activity is detected), FGH analytics and filtering (e.g. investigating
specific user activity) and advanced reporting (e.g. detailed reports on security, user and even wireless
activity).
</p>
<h1 class="display-4 my-4 border-bottom border-dark pb-2">Security and Threat Prevention</h1>
<h2 class="mt-4">High Risk Applications</h2>
<p>Our research team assigns a risk rating of 1 to 5 to an application based on the application behavioral characteristics. The risk rating can help administrators to identify the high risk applications quickly and make a better decision on the application control policy.</p>
<h2 class="section-head
er">High Risk Applications Crossing the Network</h2>
${table(data["HighRiskApps"])}
<h2 class="mt-4">Application Vulnerability Exploits</h2>
<p>An application vulnerability could be exploited to compromise the security of the network. Our research team analyses application traffic patterns and application vulnerabilities and then develops signatures to prevent the vulnerability exploits. Our Intrusion Prevention Service (IPS) provides our customers with the latest defenses against stealthy network-level threats. It uses a customizable database of more than 5,800 known threats to stop attacks that evade traditional firewall systems.</p>
<h2 class="section-header">Top Application Vulnerability Exploits Detected</h2>
${table(data["AppExploits"])}
<h2 class="mt-4">Malware Detected</h2>
<p>There are numerous channels that cybercriminals use to distribute malware. Most common methods motivate users to open an infected file in an email attachment, download an infected file, or click on a link leading to a malicious site. During the security assessment, We identified a number of Malware-related events which indicate malicious file downloads or connections to malware-infested sites.</p>
<h2 class="section-header">Top Viruses, Spyware and Adware Detected</h2>
${table(data["Malware"])}
<h2 class="mt-4">At-Risk Devices and Hosts</h2>
<p>Based on the types of activity exhibited by an individual host, we can approximate the trustworthiness of each individual client. This client reputation is based on key factors such as websites browsed, applications used and inbound/outbound destinations utilized. Ultimately, we can create an overall threat score by looking at the aggregated activity used by each individual host.</p>
<h2 class="section-header">Most At-Risk Devices and Hosts</h2>
${table(data["AtRiskDevices"])}
<h1 class="display-4 my-4 border-bottom border-dark pb-2">Network Utilization</h1>
<h2 class="mt-4">Bandwidth and Sessions</h2>
<p>Bandwidth usage is the primary indicator for throughput and capacity planning. We can analyze bandwidth by application usage or by host. In addition, looking at daily usage trends can assist with peak capacity planning.</p>
<h2 class="section-header">Average Bandwidth Usage by Hour</h2>
<canvas id="bandwidth-usage"></canvas>
<p>Session averages on a a daily basis are useful for calculating throughput and proper sizing. It can help when determining peak planning as a typical enterprise will see more sessions being generated in the morning when the network is at its most active.</p>
<h2 class="section-header">Average Session Usage by Hour</h2>
<canvas id="session-usage"></canvas>
<h1 class="display-4 my-4 border-bottom border-dark pb-2">Recommended Actions</h1>
<div id="recommendations"></div>
</div>
`;

document.querySelector("#demos").addEventListener("click", async (event) => {
const $generate = event.target.closest(".generate");
if ($generate) {
event.preventDefault();
let workbook;
try {
workbook = read(await fetch($generate.dataset.src).then((r) => r.arrayBuffer()), { cellDates: true });
} catch (error) {
return notify(`Error loading or parsing XLSX file: ${error.message}`);
}
renderWorkbook(workbook);
}
});

document.querySelector("#file-upload").addEventListener("change", (event) => {
const file = event.target.files[0];
if (file) {
const reader = new FileReader();
reader.onload = (event) => {
const workbook = read(event.target.result, { cellDates: true });
renderWorkbook(workbook);
};
reader.readAsArrayBuffer(file);
}
});

function renderWorkbook(workbook) {
const oldOutput = document.querySelector("#output");
oldOutput.insertAdjacentHTML('afterend', '<div id="output"></div>');
oldOutput.remove();

const summarySheet = workbook.SheetNames.includes("Summary")
? workbook.Sheets["Summary"]
: workbook.Sheets[workbook.SheetNames[0]];
const Summary = Object.fromEntries(utils.sheet_to_json(summarySheet, { header: 1 }));

// Get the data from the other sheets as an array of objects, with the first row (header) as keys
const otherSheets = workbook.SheetNames.filter((name) => name !== "Summary");
const data = Object.fromEntries(otherSheets.map((name) => [name, utils.sheet_to_json(workbook.Sheets[name])]));

try {
render(vaptReport({ Summary, ...data }), document.querySelector("#output"));
Chart.register(BarController, BarElement, CategoryScale, LinearScale, Tooltip);

new Chart(document.getElementById("bandwidth-usage"), {
type: "bar",
options: { animation: true, plugins: { tooltip: { enabled: true } } },
data: {
labels: data.Bandwidth.map((row) => row.Time),
datasets: [{ label: "Bandwidth Utilization", data: data.Bandwidth.map((row) => row["Bandwidth Utilization"]) }],
},
});
new Chart(document.getElementById("session-usage"), {
type: "bar",
options: { animation: true, plugins: { tooltip: { enabled: true } } },
data: {
labels: data.Sessions.map((row) => row.Time),
datasets: [{ label: "Number of Sessions", data: data.Sessions.map((row) => row["Sessions"]) }],
},
});


} catch (error) {
return notify(`Error rendering report: ${error.message}`);
}
}

function notify(message) {
render(html`<div class="alert alert-danger">${message}</div>`, document.querySelector("#output"));
}
Binary file added vapt.xlsx
Binary file not shown.

0 comments on commit 17e41b2

Please sign in to comment.