# grapheneX [](https://github.com/grapheneX/grapheneX/releases) [](./LICENSE) [](https://github.com/astral-sh/ruff)
> In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.
`grapheneX` project aims to provide a framework for securing the system with hardening commands automatically.
It's designed for the end user as well as the Linux and Windows developers due to the interface options. (interactive shell/web interface)
In addition to that, `grapheneX` can be used to secure a web server/application.
> The project name is derived from 'graphene'. Graphene is a one-atom-thick layer of carbon atoms arranged in a hexagonal lattice. In proportion to its thickness, it is about 100 times stronger than the strongest steel.
Hardening commands and the scopes of those commands are referred to `modules` and the `namespaces` in the project.
They exist at the `modules.json` file after installation. (`$PYPATH/site-packages/graphenex/modules.json`)
Additionally, it's possible to add, edit or remove modules and namespaces.
Also, the hardening operation can be automated with the presets that contain a list of modules.
Currently, grapheneX supports the hardening sections below. Each of these namespaces contains more than one module.
• Firewall
• User
• Network
• Services
• Kernel
• Filesystem
• Other
Listen to The Python Podcast.\_\_init\_\_: [Automate Your Server Security With GrapheneX - Episode 237](https://www.pythonpodcast.com/graphenex-server-security-episode-237/)
## Installation
You can install `grapheneX` with `pip`. Usually this is the easiest way:
```shell
pip install graphenex
```
Or if you get an error try:
```shell
python3 -m pip install graphenex
```
Additionally, [poetry](https://python-poetry.org/) can be used for development:
```shell
poetry install # install the dependencies
poetry run grapheneX # run grapheneX
```
### Dependencies
- [Flask-SocketIO](https://flask-socketio.readthedocs.io/en/latest/)
- [Flask](http://flask.pocoo.org/)
- [coloredlogs](https://pypi.org/project/coloredlogs/)
- [colorama](https://pypi.org/project/colorama/)
- [terminaltables](https://pypi.org/project/terminaltables/)
- [PyInquirer](https://pypi.org/project/PyInquirer/)
## Usage
### Command Line Arguments
```
usage: grapheneX [-h] [-v] [-w] [--open] [host:port]
```
```
positional arguments:
host:port host and port to run the web interface
optional arguments:
-h, --help show this help message and exit
-v, --version show version information
-w, --web run the grapheneX web server
--open open browser on web server start
```
### Interactive Shell
Execute the `grapheneX` command in order to start the interactive shell.
• Animated gifs and screenshots added for demonstration and include the test execution of the unversioned grapheneX. Use `grapheneX` or `python -m graphenex` command for the execution.
• grapheneX currently supports [Python 3.10](https://www.python.org/)
### Web Interface
Execute the `grapheneX` with the `-w` or `--web` argument in order to start the web server.
• Web interface has the authentication system that requires an `access token`. Once the user verifies her/his identity with the given token at the shell, grapheneX creates a session for further use.
`FLASK_SECRET_KEY` is automatically generated by a cryptographically secure `os.urandom` function to keep your grapheneX instance secure by design. It is stored inside an `.env` file at the root of the project.
• You can override this value with CLI parameter `--flask-secret-key`:
```shell
python3 -m graphenex --flask-secret-key <secure_key_here>
```
• The default host and port values are `0.0.0.0:8080`. It can be changed via the `host:port` argument as shown below.
The default server address is set to `0.0.0.0` because the docker container is designed to listen on all available network interfaces, allowing it to be accessible from both within the container itself and from the host machine.
You can also set it to `localhost` if you aren't planning to containerize grapheneX.
```shell
python3 -m graphenex -w 192.168.1.36:8090
```
• Use `--open` argument to open the browser after the server start.
```shell
python3 -m graphenex -w --open
```
## CLI Commands
| Command | Description |
| ------- | ----------------------------------------------------------------------------- |
| back | Go back from namespace or module |
| clear | Clear the terminal |
| exit | Exit interactive shell |
| harden | Execute the hardening command |
| help | List available commands with "help" or show detailed help with "help `<cmd>`" |
| info | Show information about the module |
| list | List available hardening modules |
| manage | Add, edit or delete module |
| preset | Show/execute the hardening module presets |
| search | Search for modules |
| switch | Switch between modules or namespaces |
| use | Use a hardening module |
| web | Start the grapheneX web server |
### help
`help` or `?` shows the commands list above.
`help [CMD]` shows the detailed usage of given command.
### list
Show the available modules in a table.
For example:
### switch
`switch` command can be used to switch to a namespace or use a module. It's helpful if you want to see a list of modules in a namespace.
```
switch [NAMESPACE]
```
• Supports autocomplete for namespaces.
Also, using the `switch` command like this is possible:
```
switch [NAMESPACE]/[MODULE]
```
It's the equivalent of the `use` command in this situation.
### use
Serves the purpose of selecting a hardening module.
```
use [MODULE]
```
• Supports autocomplete for modules.
### info
Shows information (namespace, description, OS command) about the selected module.
### harden
Executes the hardening command of the selected module.
### preset
grapheneX has presets that contain particular modules for automating the hardening operation. Presets can be customized with the `modules.json` file, and they can contain any supported module. `preset` command shows the available module presets and `preset [PRESET]` runs the hardening commands in a preset.
An example `preset` command output is shown above. Below, a preset that contains 2 modules is selected and hardening modules executed.
`preset` command supports autocomplete for preset names. Also, it supports an option for asking permission between each hardening command execution so that the user knows what he/she is doing.
• Adding module presets
Presets are stored in the `presets` element inside the `modules.json` file. This JSON file can be edited for updating the presets.
```
"presets": [
{
"name": "Preset_1",
"modules": [
"namespace1/Module_Name1",
"namespace2/Module_Name2",
],
"target_os": "linux/win"
},
{
"name": "Preset_2",
"modules": [
"namespace/All"
],
"target_os": "linux/win"
}
]
```
`namespace/All` means every hardening command in that `namespace` will be executed.
### search
```
search [QUERY]
```
### manage
`manage` command allows to add, edit or remove modules.
• Adding modules with `manage`
Follow the instructions for adding a new module. Choose the 'new' option in the namespace prompt for creating a new namespace.
• Adding modules manually
grapheneX stores the modules and namespaces in `modules.json` file. It will show up as a new module when a new element is created in this JSON file. An example element is given below.
```
"namespace": [
{
"name": "Module_Name",
"desc": "This is the module description.",
"command": "echo 'hardening command'",
"require_superuser": "True/False",
"require_restart": "True/False",
"target_os": "linux/win"
}
]
```
It's recommended to add modules from CLI or the Web interface other than editing the `modules.json` file.
• Editing modules
Choose the `edit` option after the `manage` command for the editing the module properties.
Or edit the `modules.json` manually.
• Removing modules
Choosing the `remove` option in the `manage` menu will be enough for removing the specified module. It's also possible to remove the module from `modules.json` manually.
### web
Starts the grapheneX web server with the optional `host:port` argument.
```
web [host:port]
```
### back
Go back from selected namespace or module.
### clear
Clear terminal
### exit
Exit interactive shell
## Web
Most of the command line features are accessible with the Web interface.
### Namespaces & Modules
It's easy to switch between namespaces and see details of modules.
### Hardening
Just click `run` under the module properties for executing the hardening command.
### Adding Modules
There's a menu available in the web interface for adding new modules.
### System Monitor
It's possible to display various system information such as disk usage and network state at the Web interface.
## Docker
### Building the image
```shell
docker build -t graphenex .
```
### Running the container
```shell
docker run -it --rm --name graphenex -p 8080:8080 --privileged graphenex
```
## Screenshots
## TODO(s)
- Add new modules for Linux and Windows.
## Contributing
For contributing to this project, see [CONTRIBUTING.md](./CONTRIBUTING.md)
## Contributors ✨
Thanks goes to these wonderful people ✨
<a href="https://github.com/grapheneX/grapheneX/graphs/contributors">
<img src="https://contrib.rocks/image?repo=grapheneX/grapheneX" />
</a>
Made with [contrib.rocks](https://contrib.rocks).
## Sponsors
We don't have any sponsors yet. Contact us with email if you want to help us improve the project.
## License
[GNU General Public License v3.0](./LICENSE)
Raw data
{
"_id": null,
"home_page": "https://graphenex.github.io",
"name": "GrapheneX",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.10",
"maintainer_email": null,
"keywords": "hardening, hardening-commands, security",
"author": "grapheneX contributors",
"author_email": "graphenex.project@protonmail.com",
"download_url": "https://files.pythonhosted.org/packages/b4/4c/1cb230919ecb908a7f75c9fe2e0ce8a577ad4ccfaf8bbe1299b8550e6420/graphenex-1.7.0.tar.gz",
"platform": null,
"description": "\n\n# grapheneX [](https://github.com/grapheneX/grapheneX/releases) [](./LICENSE) [](https://github.com/astral-sh/ruff)\n\n> In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.\n\n`grapheneX` project aims to provide a framework for securing the system with hardening commands automatically.\nIt's designed for the end user as well as the Linux and Windows developers due to the interface options. (interactive shell/web interface)\nIn addition to that, `grapheneX` can be used to secure a web server/application.\n\n> The project name is derived from 'graphene'. Graphene is a one-atom-thick layer of carbon atoms arranged in a hexagonal lattice. In proportion to its thickness, it is about 100 times stronger than the strongest steel.\n\nHardening commands and the scopes of those commands are referred to `modules` and the `namespaces` in the project.\nThey exist at the `modules.json` file after installation. (`$PYPATH/site-packages/graphenex/modules.json`)\nAdditionally, it's possible to add, edit or remove modules and namespaces.\nAlso, the hardening operation can be automated with the presets that contain a list of modules.\n\nCurrently, grapheneX supports the hardening sections below. Each of these namespaces contains more than one module.\n\n\u2022 Firewall \n\u2022 User \n\u2022 Network \n\u2022 Services \n\u2022 Kernel \n\u2022 Filesystem \n\u2022 Other\n\nListen to The Python Podcast.\\_\\_init\\_\\_: [Automate Your Server Security With GrapheneX - Episode 237](https://www.pythonpodcast.com/graphenex-server-security-episode-237/)\n\n## Installation\n\nYou can install `grapheneX` with `pip`. Usually this is the easiest way:\n\n```shell\npip install graphenex\n```\n\nOr if you get an error try:\n\n```shell\npython3 -m pip install graphenex\n```\n\nAdditionally, [poetry](https://python-poetry.org/) can be used for development:\n\n```shell\npoetry install # install the dependencies\npoetry run grapheneX # run grapheneX\n```\n\n### Dependencies\n\n- [Flask-SocketIO](https://flask-socketio.readthedocs.io/en/latest/)\n - [Flask](http://flask.pocoo.org/)\n- [coloredlogs](https://pypi.org/project/coloredlogs/)\n- [colorama](https://pypi.org/project/colorama/)\n- [terminaltables](https://pypi.org/project/terminaltables/)\n- [PyInquirer](https://pypi.org/project/PyInquirer/)\n\n## Usage\n\n### Command Line Arguments\n\n```\nusage: grapheneX [-h] [-v] [-w] [--open] [host:port]\n```\n\n```\npositional arguments:\n host:port host and port to run the web interface\n\noptional arguments:\n -h, --help show this help message and exit\n -v, --version show version information\n -w, --web run the grapheneX web server\n --open open browser on web server start\n```\n\n### Interactive Shell\n\nExecute the `grapheneX` command in order to start the interactive shell.\n\n\n\n\u2022 Animated gifs and screenshots added for demonstration and include the test execution of the unversioned grapheneX. Use `grapheneX` or `python -m graphenex` command for the execution. \n\u2022 grapheneX currently supports [Python 3.10](https://www.python.org/)\n\n### Web Interface\n\nExecute the `grapheneX` with the `-w` or `--web` argument in order to start the web server.\n\n\n\n\u2022 Web interface has the authentication system that requires an `access token`. Once the user verifies her/his identity with the given token at the shell, grapheneX creates a session for further use.\n`FLASK_SECRET_KEY` is automatically generated by a cryptographically secure `os.urandom` function to keep your grapheneX instance secure by design. It is stored inside an `.env` file at the root of the project.\n\n\u2022 You can override this value with CLI parameter `--flask-secret-key`:\n\n```shell\npython3 -m graphenex --flask-secret-key <secure_key_here>\n```\n\n\n\n\n\n\u2022 The default host and port values are `0.0.0.0:8080`. It can be changed via the `host:port` argument as shown below.\nThe default server address is set to `0.0.0.0` because the docker container is designed to listen on all available network interfaces, allowing it to be accessible from both within the container itself and from the host machine.\nYou can also set it to `localhost` if you aren't planning to containerize grapheneX.\n\n```shell\npython3 -m graphenex -w 192.168.1.36:8090\n```\n\n\u2022 Use `--open` argument to open the browser after the server start.\n\n```shell\npython3 -m graphenex -w --open\n```\n\n## CLI Commands\n\n| Command | Description |\n| ------- | ----------------------------------------------------------------------------- |\n| back | Go back from namespace or module |\n| clear | Clear the terminal |\n| exit | Exit interactive shell |\n| harden | Execute the hardening command |\n| help | List available commands with \"help\" or show detailed help with \"help `<cmd>`\" |\n| info | Show information about the module |\n| list | List available hardening modules |\n| manage | Add, edit or delete module |\n| preset | Show/execute the hardening module presets |\n| search | Search for modules |\n| switch | Switch between modules or namespaces |\n| use | Use a hardening module |\n| web | Start the grapheneX web server |\n\n### help\n\n`help` or `?` shows the commands list above. \n`help [CMD]` shows the detailed usage of given command.\n\n### list\n\nShow the available modules in a table.\nFor example:\n\n\n\n### switch\n\n`switch` command can be used to switch to a namespace or use a module. It's helpful if you want to see a list of modules in a namespace.\n\n```\nswitch [NAMESPACE]\n```\n\n\n\n\u2022 Supports autocomplete for namespaces.\n\nAlso, using the `switch` command like this is possible:\n\n```\nswitch [NAMESPACE]/[MODULE]\n```\n\nIt's the equivalent of the `use` command in this situation.\n\n### use\n\nServes the purpose of selecting a hardening module.\n\n```\nuse [MODULE]\n```\n\n\n\n\u2022 Supports autocomplete for modules.\n\n### info\n\nShows information (namespace, description, OS command) about the selected module.\n\n\n\n### harden\n\nExecutes the hardening command of the selected module.\n\n\n\n### preset\n\ngrapheneX has presets that contain particular modules for automating the hardening operation. Presets can be customized with the `modules.json` file, and they can contain any supported module. `preset` command shows the available module presets and `preset [PRESET]` runs the hardening commands in a preset.\n\n\n\nAn example `preset` command output is shown above. Below, a preset that contains 2 modules is selected and hardening modules executed.\n\n\n\n`preset` command supports autocomplete for preset names. Also, it supports an option for asking permission between each hardening command execution so that the user knows what he/she is doing.\n\n\u2022 Adding module presets\n\nPresets are stored in the `presets` element inside the `modules.json` file. This JSON file can be edited for updating the presets.\n\n```\n\"presets\": [\n {\n \"name\": \"Preset_1\",\n \"modules\": [\n \"namespace1/Module_Name1\",\n \"namespace2/Module_Name2\",\n ],\n \"target_os\": \"linux/win\"\n },\n {\n \"name\": \"Preset_2\",\n \"modules\": [\n \"namespace/All\"\n ],\n \"target_os\": \"linux/win\"\n }\n ]\n```\n\n`namespace/All` means every hardening command in that `namespace` will be executed.\n\n### search\n\n```\nsearch [QUERY]\n```\n\n\n\n### manage\n\n`manage` command allows to add, edit or remove modules.\n\n\u2022 Adding modules with `manage`\n\nFollow the instructions for adding a new module. Choose the 'new' option in the namespace prompt for creating a new namespace.\n\n\n\n\u2022 Adding modules manually\n\ngrapheneX stores the modules and namespaces in `modules.json` file. It will show up as a new module when a new element is created in this JSON file. An example element is given below.\n\n```\n\"namespace\": [\n {\n \"name\": \"Module_Name\",\n \"desc\": \"This is the module description.\",\n \"command\": \"echo 'hardening command'\",\n \"require_superuser\": \"True/False\",\n \"require_restart\": \"True/False\",\n \"target_os\": \"linux/win\"\n }\n ]\n```\n\nIt's recommended to add modules from CLI or the Web interface other than editing the `modules.json` file.\n\n\u2022 Editing modules\n\nChoose the `edit` option after the `manage` command for the editing the module properties.\n\n\n\nOr edit the `modules.json` manually.\n\n\u2022 Removing modules\n\nChoosing the `remove` option in the `manage` menu will be enough for removing the specified module. It's also possible to remove the module from `modules.json` manually.\n\n\n\n### web\n\nStarts the grapheneX web server with the optional `host:port` argument.\n\n```\nweb [host:port]\n```\n\n\n\n### back\n\nGo back from selected namespace or module.\n\n### clear\n\nClear terminal\n\n### exit\n\nExit interactive shell\n\n## Web\n\nMost of the command line features are accessible with the Web interface.\n\n### Namespaces & Modules\n\nIt's easy to switch between namespaces and see details of modules.\n\n\n\n### Hardening\n\nJust click `run` under the module properties for executing the hardening command.\n\n\n\n### Adding Modules\n\nThere's a menu available in the web interface for adding new modules.\n\n\n\n### System Monitor\n\nIt's possible to display various system information such as disk usage and network state at the Web interface.\n\n\n\n## Docker\n\n### Building the image\n\n```shell\ndocker build -t graphenex .\n```\n\n### Running the container\n\n```shell\ndocker run -it --rm --name graphenex -p 8080:8080 --privileged graphenex\n```\n\n## Screenshots\n\n\n\n\n\n\n\n\n\n\n\n## TODO(s)\n\n- Add new modules for Linux and Windows.\n\n## Contributing\n\nFor contributing to this project, see [CONTRIBUTING.md](./CONTRIBUTING.md)\n\n## Contributors \u2728\n\nThanks goes to these wonderful people \u2728\n\n<a href=\"https://github.com/grapheneX/grapheneX/graphs/contributors\">\n <img src=\"https://contrib.rocks/image?repo=grapheneX/grapheneX\" />\n</a>\n\nMade with [contrib.rocks](https://contrib.rocks).\n\n## Sponsors\n\nWe don't have any sponsors yet. Contact us with email if you want to help us improve the project.\n\n## License\n\n[GNU General Public License v3.0](./LICENSE)\n",
"bugtrack_url": null,
"license": "GPL-3.0-or-later",
"summary": "Automated System Hardening Framework for Linux & Windows",
"version": "1.7.0",
"project_urls": {
"Homepage": "https://graphenex.github.io",
"Repository": "https://github.com/grapheneX/grapheneX"
},
"split_keywords": [
"hardening",
" hardening-commands",
" security"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "f3bff3d70128a38eb9291de771e08148bb28907d503dd470525be69cbba02086",
"md5": "bfa4021cff81bf3887401b96d40026ae",
"sha256": "f4b357da99952bb1b021093f55922e77cd4db754c546ef5a051bdaf2d881acce"
},
"downloads": -1,
"filename": "graphenex-1.7.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "bfa4021cff81bf3887401b96d40026ae",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.10",
"size": 1529731,
"upload_time": "2024-06-23T16:52:44",
"upload_time_iso_8601": "2024-06-23T16:52:44.545068Z",
"url": "https://files.pythonhosted.org/packages/f3/bf/f3d70128a38eb9291de771e08148bb28907d503dd470525be69cbba02086/graphenex-1.7.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b44c1cb230919ecb908a7f75c9fe2e0ce8a577ad4ccfaf8bbe1299b8550e6420",
"md5": "eefc95c4f7603e1de17ecc1e12a0310f",
"sha256": "2862b7545c745eb2de9be2399112240d4c533962cb6f35003afde9e2ec1fcc00"
},
"downloads": -1,
"filename": "graphenex-1.7.0.tar.gz",
"has_sig": false,
"md5_digest": "eefc95c4f7603e1de17ecc1e12a0310f",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.10",
"size": 1528933,
"upload_time": "2024-06-23T16:52:46",
"upload_time_iso_8601": "2024-06-23T16:52:46.759387Z",
"url": "https://files.pythonhosted.org/packages/b4/4c/1cb230919ecb908a7f75c9fe2e0ce8a577ad4ccfaf8bbe1299b8550e6420/graphenex-1.7.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-23 16:52:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "grapheneX",
"github_project": "grapheneX",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "graphenex"
}
JSON
