anteater

anteater

Security DevOps CI / CD Framework.

What is Anteater?

Anteater is an open framework to prevent the unwanted merging of dangerous strings, filenames, binaries, depreciated functions, staging enviroment code / credentials etc.

Continous Integration

anteater runs as a DevOps gate check. Every patch / pull request is scanned. It easily integrates with Travis-CI, CircleCI and Jenkins

Open Source

anteater is 100% open source under an apache 2.0 license. You're free to make changes and we encourage community contributions.

Easy to customize

anteater is easy to customise with an open framework. There is no need to make code changes to implement your own checks and filters.

Virus Total API

anteater uses the 'crowd sourced' Virus Total API to verify any public IP addresses, url's or binaries found are safe to merge

Community Vault

Know of some expressions that are useful and want to share them? Looking for something in particular? Try the community vault (pending)

Wide adoption

anteater is used by the Linux Foundation, Red Hat, and independent security researchers.

Get Started

Install

Anteater is best installed via pip


$ pip install anteater
                 

Configure

Set content to block

                  
  apprun:
    regex: app\.run\s*\(.*debug.*=.*True.*\)
    desc: "Running flask in debug mode can give away sensitive data"
                  
                  
xreadlines:
  regex: import*.xreadlines|from*.xreadlines
  desc: "Using 'for line in file', introduced in 2.3, is preferable."
                  

Set filenames to block

                  
 file_names:
  - jenkins\.plugins\.publish_over_ssh\.BapSshPublisherPlugin\.xml
  -  (irb|plsq|mysql|bash|zsh)_history
  - \.gem\/credentials
  - key(store|ring)
  - ovpn
  - secret_token\.rb
                  

Virus Total API - Binary Scanning

                  
INFO - Non Whitelisted Binary file: /example_project/files/eicar_com.zip
INFO - Rate limit clear.
INFO - Report found, job complete.
ERROR - Virus Found!
INFO - File scan date for infected/eicar_com.zip shows a infected status on: 2018-04-04 21:52:26
INFO - Full report avaliable here: https://www.virustotal.com/file/2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad/analysis/1522878746/
                  

Virus Total API - IP Scanning

              
INFO - Found what I believe is an IP Address: command.server(host='90.156.201.21', port=9190)
INFO - File python/run.py. Parsed IP Address: 90.156.201.21
INFO - Rate limit active..please wait...
INFO - Rate limit clear.
ERROR - 90.156.201.21 has been known to resolve to the following malicious urls:
http://igmarealty.ru/ on date: 2018-04-04 20:02:51
http://new.abrikostur.ru/img on date: 2018-04-04 17:57:02
http://personnel-sakh.ru/ on date: 2018-04-04 11:55:50
http://new.abrikostur.ru/img/lib.js on date: 2018-03-31 04:19:13
INFO - http://new.abrikostur.ru/img/lib.js on date: 2018-03-31 04:19:13
INFO - http://new.abrikostur.ru/menu/menu-ver2.js on date: 2018-03-29 23:47:56
              

Virus Total API - URL Scanning

              
INFO - File shell/test.sh contains what I believe is a URL: curl -L http://cool-mart.ru/katalog-produkcii
INFO - Scanning: http://cool-mart.ru/katalog-produkcii
INFO - Rate limit active..please wait...
INFO - Rate limit clear.
INFO - Report found, job complete for http://cool-mart.ru/katalog-produkcii.
ERROR - http://cool-mart.ru/katalog-produkcii is recorded as a malicious site by ADMINUSLabs
ERROR - http://cool-mart.ru/katalog-produkcii is recorded as a malware site by Yandex Safebrowsing
ERROR - Full report available here: https://www.virustotal.com/url/666c50b300b33e15d076359b20d2eac020a2868af4680ad99154dc517f0ca7a4/analysis/1519139134/
              

Full Documentation

For more indepth details, please refer to the latest documentation on our readthedocs site.

Read the Docs