Pentest Tools

Published on June 6th, 2017 📆 | 5494 Views ⚑

0

Automatic Firewall Rule Orchestator: assimilator


https://www.ispeech.org
The first restful API to control all firewall brands. Configure any firewall with restful API calls, no more manual rule configuration. Centralize all your firewalls into one API.

 

Multiplatform

  • [ x ] : Palo Alto ( 90% )
  • [ x ] : Juniper ( 40% )
  • [ ] : Cisco ( 0% )
  • [ ] : Fortinet ( 0% )
  • [ ] : Checkpoint ( 0% )
  • [ ] : PfSense ( 0% )
  • [ ] : AWS ( 0% )

 

Authentication

  • API key through HTTP headers.
  • Flexible authorization, allow certain URI path with certain HTTP methods.

 

JSON

  • All request/response body are in JSON. No more XML, plain text or custom responses.

 

 Python

  • Fully scripted in Python Flask.
  • Easy to update and add new modules.
  • Ready for any automatic task.

 

Open Source

  • No more Panorama, CSM or NSM.
  • Integrates with Apache2 with mod WSGI.
  • Assimilator gives a full RESTful experience for free.

 

How it works

All firewalls share a common ground on their configuration, for example:

  • List of commands showing the actual configuration (AKA the running configuration).
  • Rules or policies filtering IP packets.
  • Objects:
    • Addresses (i.e. 10.1.1.1 <-> Administration_Server).
    • Address group (i.e. Administration_Farm <-> [ Administration_Server01 , Administration_Server02 ]).
    • Port or service (i.e. TCP/80 <-> http).
    • Port or service group (i.e. Application_ports <-> { TCP/6600 , TCP/6610 }).
  • Interfaces.
  • Zones.
  • Routing table.
  • PBR (policy based route).





Assimilator makes it possible to configure via the five RESTful methods all these portions of configuration with JSON objects:

  • GET: Show the object.
  • POST: Add new object.
  • PATCH: Append new data to object.
  • PUT: Replace data in object.
  • DELETE: Remove object from configuration.

 

URL Format

/api/site/resource

 

Example

Request: GET /api/headquarters/config

Response: HTTP 200
{"config" : "<...>"}

Request: POST /api/branch/rules
{"name" : "Test01", "from" : "trust", "to" : "untrust",
"source" : "10.1.1.1", "destination" : "8.8.8.8", "action" : "allow",
"application" : "junos-dns-udp"}
Response: HTTP 201
{}
Request: DELETE /api/branch1/rules
{"name" : "Permit Any"}
Response: HTTP 200
{}

Request: PUT /api/branch2/objects/address-group
{"name" : "Admin_Servers", "members" : [ "Server02" ] }
Response: HTTP 200
{}

Request: PATCH /api/paloalto/headquarters/route
{"name" : "internal", "destination" : "10.0.0.0/8", "next-hop" : "172.16.1.2" }
Response: HTTP 200
{}

[adsense size='1']

Installation

With Docker (recommended):

cd /opt
git clone https://github.com/videlanicolas/assimilator && cd assimilator
./generate_certificate.sh
docker build -t assimilator /opt/assimilator/
docker run -d -p 443:443/tcp assimilator

Without Docker:

cd /opt
git clone https://github.com/videlanicolas/assimilator && cd assimilator
./generate_certificate.sh
sudo ./install.sh

https://github.com/videlanicolas/assimilator



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑