View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006976Kali LinuxNew Tool Requestspublic2021-01-04 20:352021-01-08 13:56
Reporterthreatpunter Assigned Tog0tmi1k  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionsuspended 
Product Versionkali-dev 
Summary0006976: Dorothy - A tool to test security monitoring and detection capabilities for Okta Single Sign-On (SSO) environments
Description

[Name] - Dorothy

[Version] - 0.2.1

Link to release tag on GitHub: https://github.com/elastic/dorothy/releases/tag/v0.2.1

[Homepage] - https://github.com/elastic/dorothy

This blog post introduces and provides additional information on the tool: https://www.elastic.co/blog/testing-okta-visibility-and-detection-dorothy

The project's wiki shows how to use the tool: https://github.com/elastic/dorothy/wiki

[Download] - GitHub (https://github.com/elastic/dorothy) or PyPI (https://pypi.org/project/dorothy/)

[Author] - David French

[Licence] - Apache 2.0

[Description] - Dorothy is a tool to test a security team's monitoring and detection capabilities for their Okta Single Sign On (SSO) environment. Dorothy has several modules to simulate actions that an attacker might take while operating in an Okta environment and actions that security teams should be able to audit. The modules are mapped to the relevant MITRE ATT&CKĀ® tactics, such as persistence, defense evasion, and discovery.

[Dependencies] - Dorothy requires the following Python packages, as listed in the requirements.txt file found in the project's GitHub repo (https://github.com/elastic/dorothy):

PyYAML
click
requests
tabulate
setuptools
click_shell
elasticsearch
colorama
pyreadline

[Similar tools] - To my knowledge, Dorothy is the only open source tool to help test the security of Okta Single Sign-On (SSO) environments

[Activity] - The project was made public in December 2020. The project is maintained: feature/enhancement requests, questions, and bug reports will be triaged by the project's author.

[How to install] - pip install dorothy

The project hasn't been packaged for Debian yet, but I'm happy to do this if the Kali team wants to move forward with this request.

[How to use] - What are some basic commands/functions to demonstrate it?

A user-friendly shell interface with contextual help is provided for navigation between menus and modules, helping guide the user through simulated intruder scenarios.

Please refer to the project's wiki (https://github.com/elastic/dorothy/wiki/Using-the-Shell) or this blog post (https://www.elastic.co/blog/testing-okta-visibility-and-detection-dorothy) for additional examples of how to use the tool.

whoami
list-modules
get-users
execute
find-admins
execute
modify-policy
modify-zone

[Packaged] - Is the tool already packaged for Debian?

The project hasn't been packaged for Debian yet, but I'm happy to do this if the Kali team wants to move forward with this request.

Activities

g0tmi1k

g0tmi1k

2021-01-08 13:22

administrator   ~0014052

This is more of a defensive tool
g0tmi1k

g0tmi1k

2021-01-08 13:56

administrator   ~0014073

If/when we start to expand out - this is a good fit.
but not at this stage.

Issue History

Date Modified Username Field Change
2021-01-04 20:35 threatpunter New Issue
2021-01-08 13:22 g0tmi1k Note Added: 0014052
2021-01-08 13:56 g0tmi1k Note Added: 0014073
2021-01-08 13:56 g0tmi1k Assigned To => g0tmi1k
2021-01-08 13:56 g0tmi1k Status new => closed
2021-01-08 13:56 g0tmi1k Resolution open => suspended