Skip to content

IAwiz87/CyberForge

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CyberForge

CyberForge

Open-source tools for federal compliance, vulnerability management, and GRC workflows.

License: MIT Tools CISA KEV Python FIPS 140-3


About

CyberForge is a collection of standalone, practical tools built for cybersecurity professionals working in federal compliance, vulnerability management, and GRC (Governance, Risk & Compliance) disciplines.

Every tool in this repository is designed with the same philosophy:

  • No bloat — minimal or zero dependencies
  • No infrastructure — runs locally without servers, containers, or cloud accounts
  • No barriers — open-source, free to use, and built to be understood
  • Compliance-focused — aligned with NIST, CISA, FedRAMP, FIPS 140-3, and federal security standards

Whether you are tracking known exploited vulnerabilities, preparing for an ATO, validating a cryptographic module, or managing a GRC program — CyberForge has tools built for that work.


Tools

📁 Browse all tools: tools/


🛡️ CISA KEV Browser

tools/cisa-kev-browser/

A fully standalone, offline-capable browser for the CISA Known Exploited Vulnerabilities (KEV) Catalog.

Catalog entries 1,558+ KEVs tracked
Ransomware-confirmed 313 vulnerabilities
Data source CISA live JSON feed
Dependencies Zero (Python stdlib only)
Output Single standalone HTML file

Key capabilities:

  • 🔍 Full-text search across CVE ID, vendor, product, description, CWE, and notes
  • 🎛️ Filter by vendor, ransomware campaign use, CWE, and date range
  • 📊 Sortable columns — newest CVEs displayed first by default
  • 📋 Detail modal per CVE — required action, due date, NVD/CISA/vendor reference links
  • ⚠️ Overdue remediation date highlighting
  • 📤 Export any filtered view to CSV
  • 🔄 One command to pull the latest data from CISA

Quick start:

# Clone CyberForge with all tools
git clone --recurse-submodules https://github.com/IAwiz87/CyberForge.git
cd CyberForge/tools/cisa-kev-browser

python3 build.py            # fetches latest CISA KEV data
open cisa-kev-browser.html  # open in any browser

📄 Full documentation · 🌐 Project page · 📦 Standalone repo


📋 FedRAMP Baseline → POA&M Pipeline (alpha_Testing)

tools/fedramp-poam-pipeline/

Combines NIST OSCAL baseline awareness with multi-scanner vulnerability ingestion to produce FedRAMP-compliant POA&M documentation automatically.

Baselines LI-SaaS · Low · Moderate · High
Scanners Qualys VM · Tenable · Wiz · Generic CSV
SLA windows FedRAMP ConMon: Critical=30d · High=90d · Medium=180d · Low=365d
Dependencies pandas · openpyxl · python-dateutil
Outputs Excel POA&M · HTML Dashboard · Gap Report · Out-of-Scope CSV

Key capabilities:

  • 🗺️ Maps every finding to its NIST 800-53 control automatically
  • 🎯 Classifies findings as in-scope or out-of-scope for your baseline
  • ⏱️ Applies FedRAMP ConMon SLA windows (not generic CVSS dates)
  • 🔴 Flags Critical/High findings as FedRAMP 20x KSI triggers
  • 📋 Gap report surfaces baseline controls with no findings (scanner blind spots)
  • 📊 Standalone HTML dashboard — no server, no install required

Quick start:

cd tools/fedramp-poam-pipeline
pip install -r requirements.txt

# Run against your scan
python FedRAMP_pipeline.py --scan your_scan.csv --baseline Moderate --html

# Test with included samples
python FedRAMP_pipeline.py \
  --scan tests/sample_qualys_scan.csv \
  --baseline Moderate --html

📄 Full documentation · 🔒 Private repo


🔐 ForgeGRC — GRC Compliance Platform

github.com/IAwiz87/ForgeGRC

A compliance automation platform with multi-framework GRC workflows — built for security engineers in federal and regulated environments.

Standards NIST SP 800-53 · FedRAMP · CMMC v2
Frameworks SOC 2 · ISO 27001:2022 · PCI DSS 4.0.1 · NIST CSF 2.0
Scan Engines OpenSCAP · Anchore · CISA KEV integration
Architecture Offline-capable · Air-gap compatible · No cloud required
Download Latest Release →

Key capabilities:

  • 🔍 Automated compliance scanning mapped to NIST 800-53 control families
  • 📋 Structured evidence collection for audits and ATOs
  • 🗺️ Single-pane control mapping across 8+ frameworks simultaneously
  • 📝 Compliance-aligned policy and procedure template library
  • 📊 Standalone HTML audit dashboard with gap analysis and POA&M generation
  • ⚙️ OpenSSL, StrongSwan, wolfSSL integration with FPGA and PQC hybrid readiness

Quick start:

git clone https://github.com/IAwiz87/ForgeGRC.git
cd ForgeGRC
# See docs/INSTALL.md for full setup guide

📄 Full documentation · 🌐 Project page · 📦 Download latest release


🔮 QuantumForge — PQC GRC Framework

github.com/IAwiz87/quantumforge

A working, policy-as-code post-quantum cryptography readiness program — Terraform modules for hybrid-PQC AWS infrastructure, Rego/OPA policies for crypto discovery, risk scoring, and compliance gating, and GitHub Actions pipelines that turn all of it into continuously generated audit evidence.

Standards FIPS 203 (ML-KEM) · FIPS 204 (ML-DSA) · CNSA 2.0 · NIST SP 800-53
Infrastructure Terraform modules for AWS KMS (ML-DSA signing keys) and ALB (hybrid PQ-TLS listeners)
Policy engine OPA/Rego — 26/26 unit tests passing
CI/CD GitHub Actions crypto census, Conftest compliance gate, weekly CMVP status monitor

Key capabilities:

  • 🔍 Automated crypto asset discovery & classification from Terraform plan/state JSON
  • 📊 Risk-scoring engine (HNDL exposure × data classification × remediation cost)
  • 🔐 Hybrid-PQC Terraform modules for AWS KMS and Application Load Balancer
  • 🚦 Conftest crypto-agility gate — denies classical-only crypto configs, passes hybrid-PQC configs
  • 📋 Continuous compliance evidence bundles generated in CI
  • 📡 Scheduled CMVP validation status monitoring

Quick start:

git clone https://github.com/IAwiz87/quantumforge.git
cd quantumforge
terraform init && terraform validate
opa test policies/ -v

📄 Full documentation · 📘 Companion Build Guide


Roadmap

Tools planned or in development for this repository:

Tool Focus Area Status
CISA KEV Browser Vulnerability Management ✅ Live
FedRAMP Baseline → POA&M Pipeline FedRAMP / GRC / ATO 🧪 alpha_Testing
ForgeGRC — GRC Platform GRC Compliance Pipeline 🔧 Active Development
QuantumForge — PQC GRC Framework Post-Quantum Cryptography ✅ Live
NIST SP 800-53 Control Browser Compliance / ATO 🔜 Planned
CertForge — CMVP Readiness Platform Cryptographic Certification 🔜 Planned

Standards & Frameworks

Tools in this repository are built with awareness of and alignment to:


Repository Structure

CyberForge/
├── tools/
│   └── cisa-kev-browser/     # CISA KEV standalone browser (submodule)
│       ├── build.py           # fetches latest KEV data from CISA
│       ├── cisa-kev-browser.html  # fully offline standalone app
│       ├── README.md
│       └── docs/              # GitHub Pages project documentation
└── README.md

Related repositories:


Using This Repo

Clone with all tools:

git clone --recurse-submodules https://github.com/IAwiz87/CyberForge.git

If already cloned without submodules:

git submodule update --init --recursive

Update all tools to latest versions:

git submodule update --remote --merge

Contributing

Have a tool idea focused on federal compliance, vulnerability management, or GRC? Open an issue or submit a pull request. Contributions that align with the project's no-bloat, compliance-first philosophy are welcome.


Disclaimer

This repository is an independent open-source project. It is not affiliated with, endorsed by, or produced by CISA, NIST, or the U.S. Government. Always refer to official sources for authoritative compliance and security guidance.


Built for the federal cybersecurity and GRC community

🛡️ CISA KEV Browser · 🔐 ForgeGRC · 🔮 QuantumForge · 🌐 ForgeGRC Project Page · 📋 Issues

About

Cybersecurity / tools / concepts

Resources

License

Stars

2 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors