All public apps are available in the search, engine either in your local instance or on https://shuffler.io/search?tab=apps. This is a repository for apps to be used in Shuffle
PS: These apps should be valid with WALKOFF (from NSA), but the SDK is different, meaning you have to change the FIRST line in each Dockerfile (FROM shuffle/shuffle:app_sdk) to make it compatible with Shuffle.
App creation can be done with the Shuffle App Creator (exports as OpenAPI) or Python, which makes it possible to connect literally any tool. Always prioritize using the App Creator when applicable.
We have defined eight (8) "major" categories of tools that are necessary to any cybersecurity threat. Most security-related tools can fit into one of these eight.
- Communication - Any way to chat; WhatsApp, SMS, Email etc.
- Case Management - The central hub for operation teams.
- SIEM - Search engine for logs in an enterprise. Used to find evil.
- Assets - Discover endpoint information. Vulnerabilities, owners, departments etc.
- IAM - Access Management. Active Directory, Google Workspaces, Single Sign-on etc.
- Intelligence - Typically a vendor explaining what you should be looking for.
- Network - Anything BETWEEN your connected devices. Firewalls, WAF, Switches, Bluetooth...
- Eradication - Control machines directly to eradicate evil. Hard and undefined (EDR & AV)
Apps in this repository are mostly manually made. Shuffle is striving for standardization and accessability, and our effort is focused on OpenAPI rather than manual work. With this in mind, most app creation that supports REST API's will be continued here.
All apps, workflows and modular parts of Shuffle including our App SDK is under licensed under MIT, meaning you can freely use it anywhere in any way you want.
Contributing guidelines for outlined here.
