peass_bot

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: ['https://www.buymeacoffee.com/carlospolop']

.github/workflows/peass_bot.yaml

@@ -0,0 +1,44 @@
+name: peass_bot_action
+
+on:
+  schedule:
+    - cron: '0 * * * *'
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@master
+
+      - name: Setup Python
+        uses: actions/[email protected]
+
+      - name: Setup Dependencies
+        run: python3 -m pip install -r requirements.txt
+
+      - name: Run CVEs Monitor
+        run: python3 peass_bot.py
+        shell: bash
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          VULNERS_API_KEY: ${{ secrets.VULNERS_API_KEY }}
+          TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
+          TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
+
+      - name: Create local changes
+        run: git add scripts/cves_monitor_bot/output/cves_monitor_bot.json
+
+      - name: Commit results to Github
+        run: |
+            git config --local user.email ""
+            git config --global user.name "actions-continuous-monitoring"
+            git commit -m "PD-Actions report" -a --allow-empty
+
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+           github_token: ${{ secrets.GITHUB_TOKEN }}
+           branch: ${{ github.ref }}
+

.gitignore

@@ -0,0 +1,26 @@
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk

README.md

@@ -1,3 +1,21 @@
 # PEASS_Bot
 
-Use this bot to monitors new CVEs containing defined keywords and sends alets to Slack or Telegram.
+Use this bot to monitor new CVEs containing defined keywords and send alets to Slack or Telegram.
+
+## See it in action
+
+Join the telegram group **[peass](https://t.me/peass)** to see the bot in action and be up to date with the latest privilege escalation vulnerabilities.
+
+## Configure one for yourself
+
+**Configuring your own PEASS_Bot** that notifies you about the new CVEs containing specific keywords is very easy!
+
+- Fork this repo
+- Modify the file `config/cves_monitor_bot.yaml` and set your own keywords
+- In the **github secrets** of your forked repo enter the following API keys:
+    - **VULNERS_API_KEY**: (Optional) This is used to find publicly available exploits. You can ue a Free API Key.
+    - **SLACK_WEBHOOK**: (Optional) Set the slack webhook to send messages to your slack group
+    - **TELEGRAM_BOT_TOKEN** and **TELEGRAM_CHAT_ID**: (Optional) Your Telegram bot token and the chat_id to send the messages to
+- Check `.github/wordflows/peass_bot.yaml` and configure the cron (*once per hour by default*)
+
+*Note that the slack and telegram configurations are optional, but if you don't set any of them you won't receive any notifications*

config/peass_bot.yaml

@@ -0,0 +1,28 @@
+ALL_VALID: no
+
+DESCRIPTION_KEYWORDS_I:
+- privilege escalation
+- escalation
+- privesc
+- high integrity
+- " sudo "
+- " suid "
+- " pe "
+- " UAC "
+- User Account Control
+- linpeas
+- winpeas
+- escape
+- a
+
+DESCRIPTION_KEYWORDS:
+- ThisIsACaseSensitiveExample
+
+PRODUCT_KEYWORDS_I:
+- sudo
+- docker
+- kubernetes
+
+PRODUCT_KEYWORDS:
+- ThisIsACaseSensitiveExample
+

output/peass_bot.json

@@ -0,0 +1 @@
+{"LAST_NEW_CVE": "2021-04-07T11:15:00", "LAST_MODIFIED_CVE": "2021-05-07T11:15:00"}