Skip to content

Latest commit

 

History

History
82 lines (55 loc) · 5.18 KB

README.rst

File metadata and controls

82 lines (55 loc) · 5.18 KB

What is OpenKAT?

OpenKAT aims to monitor, record and analyze the status of information systems. The basic premise is that many of the major security incidents are caused by small errors and known vulnerabilities, and if you find them and resolve them in time your systems and infrastructure become a lot more secure.

OpenKAT scans, collects, analyzes and reports in an ongoing process:

flow of OpenKAT

OpenKAT scans networks, finds vulnerabilities and creates accessible reports. It integrates the most widely used network tools and scanning software into a modular framework, accesses external databases such as shodan, and combines the information from all these sources into clear reports. It also includes lots of cat hair.

OpenKAT is useful if you want to monitor a complex system and know whether it contains known vulnerabilities or configuration errors. Due to its modular structure and extensibility, OpenKAT can be applied in different situations. You can customize it and put it to your own use.

Documentation

The full documentation of OpenKAT can be found here: https://docs.openkat.nl. It includes information such as:

  • Introduction to the system
  • Modules
  • Guidelines
  • Templates
  • Technical documentation
  • Our Figma / UX designs.

Brochures

The high level documentation on OpenKAT explains the purpose and operation of OpenKAT at the management level:

Current release

The current release of OpenKAT can be found via the release page on this repository.

Translations

Translation status (summary) Translation status (bar chart)

We gratefully use Weblate to manage the translations. See the docs for more information.

Which license applies to OpenKAT?

OpenKAT is available under the EU PL 1.2 license. This license was chosen because it provides a reasonable degree of freedom while ensuring public character. The EU PL 1.2 license is retained upon further distribution of the software. Modifications and additions can be made under the EU PL 1.2 license or under compatible licenses, which are similar in nature.

The tools addressed by OpenKAT may have their own license, from the OS/S domain or from commercial application. This is the responsibility of the owner of the system addressing these tools. The inclusion of new boefjes in the KAT catalog is governed by a separate agreement.

Contact

There are several options to contact the OpenKAT team:

Privacy

OpenKAT is not designed to collect private information and it does not act on any private information that it finds. Some information considered to be personally identifiable information, may be collected through one or more of OpenKAT's plugins and subsequently stored, but only if that information has been accessible to OpenKAT. For example, a phone number or email address listed on a website might end up being collected as part of OpenKAT normal data collection. These data might then be stored for a long period of time, because OpenKAT stores evidence of its actions. No email or phone number models are present and as such they won't be processed into objects by OpenKAT. An OpenKAT installation requires user accounts for users to be able to log in. These accounts (and all data OpenKAT works with) are stored only on the OpenKAT installation itself, and are not shared with any other parties or outside of your OpenKAT install.

Security

OpenKAT is designed to be secure by default in its production setup. In the development setup some debugging flags are enabled by default and it will not include TLS out of the box. To set up a secure production OpenKAT install, please follow the Production setup guidelines and Hardening guidelines.