Retour aux projets
Open Source

ETC Collector - Auditeur de Sécurité Open Source

Auditeur de sécurité des identités réécrit de Node.js vers Go. Binaire unique, zéro dépendance. 400+ contrôles, audit ADCS ESC1-11, requêtes LDAP concurrentes. API REST (Gin), Docker multi-architecture, audit de 500 utilisateurs en moins de 60 secondes. Licence Sustainable Use.

Go LDAP/LDAPS Microsoft Graph API Docker Gin Cobra CLI JWT SMB
Voir le projet

Go-Based CLI + REST API Architecture

Open-source security auditor rewritten from Node.js to Go for performance and portability

01

CLI & REST API

Cobra CLI framework + Gin HTTP server on port 8443. JWT authentication, rate limiting (100 req/min), async job support with polling for large domains. Health check endpoint.

Cobra CLIGinJWTRate Limiting
02

Audit Engine

400+ detectors across 15 categories. Self-registering detector registry pattern. Graph-based attack path analysis for privilege escalation detection. Concurrent LDAP queries via goroutines.

Detector RegistryAttack GraphConcurrent QueriesGo Routines
03

Provider Layer

LDAP provider (AD on-prem), Azure provider (Graph API with pagination >999 items), Network probes, SMB protocol. YAML config with environment variable interpolation.

go-ldap/ldapAzure SDKgo-smb2Viper Config

Fonctionnalités Clés

400+ Security Checks

AD + Azure Entra ID across 15 categories: Kerberos, ADCS, Permissions, GPO, Network, Compliance, Attack Paths, and more

Complete Go Rewrite

From Node.js to Go. Single binary, zero external dependencies, concurrent operations via goroutines

Graph-Based Attack Path Analysis

Privilege escalation detection analyzing relationships between AD objects, group memberships, and permissions. Maps vulnerabilities to real attack chains

ADCS Certificate Auditing (ESC1-11)

Complete Active Directory Certificate Services security coverage. Detects ESC1 through ESC11 certificate vulnerability patterns

REST API with Async Jobs

JWT auth, rate limiting, async mode for large domains (10,000+ objects) with polling. Health checks. AD and Azure audit endpoints

Multi-Format Output

JSON, HTML, CSV export. Structured findings with severity classification, MITRE ATT&CK mapping, and remediation guidance per finding

Compliance Frameworks

ANSSI, CIS, NIST, DISA built-in. Standards-aligned security checks with compliance scoring and gap analysis

Docker Multi-Arch

linux/amd64 + linux/arm64. Alpine 3.19, non-root execution, health checks. Also available as standalone binary for any platform

Stack Technique

Go 1.24 Runtime

99.2% of codebase. Single binary, zero dependencies, goroutines for concurrency

go-ldap/ldap v3 LDAP Client

Active Directory connectivity. Connection pooling, LDAPS (port 636), injection prevention

Azure SDK + Graph SDK Azure Provider

Azure Entra ID auditing. Pagination >999 items, conditional access, PIM analysis

Gin HTTP Framework

REST API server. JWT middleware, rate limiting, async job support, health checks

Cobra + Viper CLI Framework

CLI command structure + YAML config with environment variable interpolation

go-smb2 SMB Protocol

Network-level security probing (port 445). SMB signing verification

Docker Multi-Arch Deployment

Alpine 3.19, multi-stage build, non-root user, amd64 + arm64 support

uber/zap Observability

Structured logging. Production-grade, high-performance, leveled logging

Résultats & Métriques

Performance Technique

< 60 sec
500 Users Audit
Concurrent LDAP queries
Single file
Binary Size
Zero external dependencies
Goroutines
Concurrency
Parallel LDAP + Graph queries
Multi-arch
Docker Image
amd64 + arm64 Alpine

Impact Business

400+
Security Checks
AD + Azure
15
Categories
Kerberos/ADCS/Permissions/...
Open Source
License
Open-core model
EtcSec
SaaS Integration
Feeds SaaS dashboard

Sécurité & Conformité

100/min
JWT + Rate Limiting
Per client IP
Non-root
Container Hardening
Alpine 3.19, UID 1001
Prevented
LDAP Injection
go-ldap auto-escaping
uber/zap
Structured Logging
Production-grade observability

Défis Techniques & Solutions

Complete Rewrite Node.js to Go

Problème
Node.js could not handle concurrent LDAP queries efficiently. Memory overhead with 400+ detectors, single-threaded event loop bottleneck for CPU-intensive analysis
Solution
Go with goroutines for concurrent LDAP queries, single binary compilation (zero runtime dependencies), detector registry pattern for scalable check management

Graph-Based Attack Path Engine

Problème
Individual vulnerability findings lack context. Need to show how vulnerabilities chain together for privilege escalation (e.g., Kerberoasting + weak ACLs + admin group)
Solution
Internal attack graph module analyzing relationships between AD objects, permissions, delegations, and group memberships. Traverses paths from any compromised account to Domain Admin

Azure Graph API Pagination for Large Tenants

Problème
Microsoft Graph API returns max 999 items per page. Large tenants with 10k+ users/groups cause incomplete audits if not paginated correctly
Solution
Automatic cursor-based pagination traversal with retry logic. Implemented in v2.5.9 to handle tenants of any size

Detector Registry Scalability

Problème
Managing 400+ individual detectors across 15 categories with different provider requirements (AD, Azure, Network, SMB). Adding new detectors should be trivial
Solution
Self-registering registry pattern: each detector declares metadata (category, severity, provider, MITRE mapping). Engine orchestrates execution order and concurrent scheduling automatically

Compétences Démontrées

Go Development

Goroutines/ConcurrencyDetector Registry PatternSingle Binary DistributionMulti-Arch BuildsGo Module Structure

Security Engineering

400+ DetectorsAttack Path AnalysisADCS ESC1-11MITRE ATT&CK MappingCompliance Frameworks

Protocol Engineering

LDAP/LDAPSSMB ProtocolMicrosoft Graph APIAzure SDKNetwork Probing

API Design

REST API (Gin)JWT AuthenticationAsync Jobs with PollingRate LimitingHealth Checks

Open Source & DevOps

CI/CD (GitHub Actions)Multi-Registry Docker PublishingChangelog ManagementSemantic Versioning

Intéressé par ce projet ?

Contactez-moi pour discuter de projets similaires ou pour plus d'informations.

Me contacter Voir tous les projets