{
    "info": {
        "author": "Netflix",
        "author_email": "security@netflix.com",
        "bugtrack_url": null,
        "classifiers": [
            "Intended Audience :: Developers",
            "Intended Audience :: System Administrators",
            "License :: OSI Approved :: Apache Software License",
            "Natural Language :: English",
            "Operating System :: OS Independent",
            "Programming Language :: Python",
            "Programming Language :: Python :: 3.6",
            "Topic :: Software Development"
        ],
        "description": "Diffy\n=====\n\n.. image:: docs/images/diffy_small.png\n    :align: right\n\n.. image:: https://img.shields.io/travis/liiight/diffy/master.svg?style=flat-square\n    :target: https://travis-ci.org/Netflix-Skunkworks/diffy\n    :alt: Travis CI\n\n.. image:: https://img.shields.io/codecov/c/github/Netflix-Skunkworks/diffy/master.svg?style=flat-square\n    :target: https://codecov.io/gh/Netflix-Skunkworks/diffy\n    :alt: Codecov\n\n.. image:: https://img.shields.io/gitter/room/nwjs/nw.js.svg?style=flat-square\n    :target: https://gitter.im/diffy/diffy\n\n.. image:: https://img.shields.io/pypi/v/diffy.svg?style=flat-square\n    :target: https://pypi.python.org/pypi/diffy\n    :alt: PyPi version\n\n.. image:: https://img.shields.io/pypi/pyversions/diffy.svg?style=flat-square\n    :target: https://pypi.org/project/diffy\n    :alt: Supported Python versions\n\n.. image:: https://img.shields.io/pypi/l/diffy.svg?style=flat-square\n    :target: https://choosealicense.com/licenses\n    :alt: License\n\n.. image:: https://img.shields.io/pypi/status/diffy.svg?style=flat-square\n    :target: https://pypi.python.org/pypi/diffy\n    :alt: Status\n\n.. image:: https://img.shields.io/readthedocs/diffy.svg?style=flat-square\n    :target: https://readthedocs.org/projects/diffy/badge/?version=latest\n    :alt: RTD\n\n\nDiffy is a digital forensics and incident response (DFIR) tool developed by\nNetflix's Security Intelligence and Response Team (SIRT). \n\nDiffy allows a forensic investigator to quickly scope a compromise across cloud\ninstances during an incident, and triage those instances for followup actions.\nDiffy is currently focused on Linux instances running within Amazon Web\nServices (AWS), but owing to our plugin structure, could support multiple\nplatforms and cloud providers.\n\nIt's called \"Diffy\" because it helps a human investigator to identify the\n*differences* between instances, and because `Alex`_ pointed out that \"The\nDifforensicator\" was unnecessarily tricky.\n\nSee `Releases`_ for recent changes. See `our Read the Docs site`_ for\nwell-formatted documentation.\n\n.. _Alex: https://www.linkedin.com/in/maestretti/\n.. _Releases: https://github.com/Netflix-Skunkworks/diffy/releases\n.. _our Read the Docs site: http://diffy.readthedocs.io/\n\nSupported Technologies\n----------------------\n\n- AWS (AWS Systems Manager / SSM)\n- Local\n- osquery\n\nEach technology has its own plugins for targeting, collection and persistence.\n\n\nFeatures\n--------\n\n- Efficiently highlights outliers in security-relevant instance behavior. For\n  example, you can use Diffy to tell you which of your instances are listening\n  on an unexpected port, are running an unusual process, include a strange\n  crontab entry, or have inserted a surprising kernel module.\n- Uses one, or both, of two methods to highlight differences: \n\n    - Collection of a \"functional\" baseline from a \"clean\" running instance,\n      against which your instance group is compared, and\n    - Collection of a \"clustered\" baseline, in which all instances are surveyed,\n      and outliers are made obvious.\n\n- Uses a modular plugin-based architecture. We currently include plugins for\n  collection using osquery via AWS Systems Manager (formerly known as Simple\n  Systems Manager or SSM).\n\n\nInstallation\n------------\n\nVia pip::\n\n    pip install diffy\n\n\nRoadmap\n-------\n\nWe are actively adding more plugins & tests, and improving the documentation.\n\n\nWhy python 3 only?\n~~~~~~~~~~~~~~~~~~\n\nPlease see `Guido's guidance\n<https://mail.python.org/pipermail/python-dev/2018-March/152348.html>`_\nregarding the Python 2.7 end of life date.\n\n\n",
        "description_content_type": "",
        "docs_url": null,
        "download_url": "",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/Netflix-Skunkworks/diffy",
        "keywords": "",
        "license": "",
        "maintainer": "",
        "maintainer_email": "",
        "name": "diffy",
        "package_url": "https://pypi.org/project/diffy/",
        "platform": "",
        "project_url": "https://pypi.org/project/diffy/",
        "project_urls": {
            "Homepage": "https://github.com/Netflix-Skunkworks/diffy"
        },
        "release_url": "https://pypi.org/project/diffy/0.1.0/",
        "requires_dist": [
            "boto3 (==1.7.9)",
            "botocore (==1.10.9)",
            "click-log (==0.2.1)",
            "click (==6.7)",
            "deepdiff (==3.3.0)",
            "docutils (==0.14)",
            "dogpile.cache (==0.6.4)",
            "fuzzywuzzy (==0.16.0)",
            "jmespath (==0.9.3)",
            "jsondiff (==1.1.1)",
            "jsonpickle (==0.9.6)",
            "jsonschema (==2.6.0)",
            "marshmallow-jsonschema (==0.5.0)",
            "marshmallow (==2.15.1)",
            "python-dateutil (==2.7.2)",
            "python-levenshtein (==0.12.0)",
            "pyyaml (==3.12)",
            "retrying (==1.3.3)",
            "s3transfer (==0.1.13)",
            "six (==1.11.0)",
            "swag-client (==0.3.8)",
            "tabulate (==0.8.2)",
            "alabaster (==0.7.10); extra == 'dev'",
            "aniso8601 (==3.0.0); extra == 'dev'",
            "aspy.yaml (==1.1.0); extra == 'dev'",
            "attrs (==17.4.0); extra == 'dev'",
            "autopep8 (==1.3.5); extra == 'dev'",
            "babel (==2.5.3); extra == 'dev'",
            "bandit (==1.4.0); extra == 'dev'",
            "blinker (==1.4); extra == 'dev'",
            "boto3 (==1.7.9); extra == 'dev'",
            "botocore (==1.10.9); extra == 'dev'",
            "bumpversion (==0.5.3); extra == 'dev'",
            "cached-property (==1.4.2); extra == 'dev'",
            "certifi (==2018.4.16); extra == 'dev'",
            "cfgv (==1.0.0); extra == 'dev'",
            "chardet (==3.0.4); extra == 'dev'",
            "click-log (==0.2.1); extra == 'dev'",
            "click (==6.7); extra == 'dev'",
            "codecov (==2.0.15); extra == 'dev'",
            "coverage (==4.5.1); extra == 'dev'",
            "deepdiff (==3.3.0); extra == 'dev'",
            "docutils (==0.14); extra == 'dev'",
            "dogpile.cache (==0.6.4); extra == 'dev'",
            "first (==2.0.1); extra == 'dev'",
            "flake8 (==3.5.0); extra == 'dev'",
            "flask-restful (==0.3.6); extra == 'dev'",
            "flask (==1.0.1); extra == 'dev'",
            "fuzzywuzzy (==0.16.0); extra == 'dev'",
            "gitdb2 (==2.0.3); extra == 'dev'",
            "gitpython (==2.1.9); extra == 'dev'",
            "gunicorn (==19.8.1); extra == 'dev'",
            "identify (==1.0.13); extra == 'dev'",
            "idna (==2.6); extra == 'dev'",
            "imagesize (==1.0.0); extra == 'dev'",
            "inflection (==0.3.1); extra == 'dev'",
            "itsdangerous (==0.24); extra == 'dev'",
            "jinja2 (==2.10); extra == 'dev'",
            "jmespath (==0.9.3); extra == 'dev'",
            "jsondiff (==1.1.1); extra == 'dev'",
            "jsonpickle (==0.9.6); extra == 'dev'",
            "jsonschema (==2.6.0); extra == 'dev'",
            "markupsafe (==1.0); extra == 'dev'",
            "marshmallow-jsonschema (==0.5.0); extra == 'dev'",
            "marshmallow (==2.15.1); extra == 'dev'",
            "mccabe (==0.6.1); extra == 'dev'",
            "more-itertools (==4.1.0); extra == 'dev'",
            "mypy (==0.590); extra == 'dev'",
            "nodeenv (==1.3.0); extra == 'dev'",
            "packaging (==17.1); extra == 'dev'",
            "pbr (==4.0.2); extra == 'dev'",
            "pip-tools (==2.0.2); extra == 'dev'",
            "pluggy (==0.6.0); extra == 'dev'",
            "pre-commit-hooks (==1.2.3); extra == 'dev'",
            "pre-commit (==1.8.2); extra == 'dev'",
            "py (==1.5.3); extra == 'dev'",
            "pycodestyle (==2.3.1); extra == 'dev'",
            "pyflakes (==1.6.0); extra == 'dev'",
            "pygments (==2.2.0); extra == 'dev'",
            "pyparsing (==2.2.0); extra == 'dev'",
            "pytest-cov (==2.5.1); extra == 'dev'",
            "pytest-flask (==0.10.0); extra == 'dev'",
            "pytest (==3.5.1); extra == 'dev'",
            "python-dateutil (==2.7.2); extra == 'dev'",
            "python-levenshtein (==0.12.0); extra == 'dev'",
            "pytz (==2018.4); extra == 'dev'",
            "pyyaml (==3.12); extra == 'dev'",
            "raven[flask] (==6.7.0); extra == 'dev'",
            "requests (==2.18.4); extra == 'dev'",
            "retrying (==1.3.3); extra == 'dev'",
            "s3transfer (==0.1.13); extra == 'dev'",
            "six (==1.11.0); extra == 'dev'",
            "smmap2 (==2.0.3); extra == 'dev'",
            "snowballstemmer (==1.2.1); extra == 'dev'",
            "sphinx-autodoc-annotation (==1.0.post1); extra == 'dev'",
            "sphinx (==1.7.4); extra == 'dev'",
            "sphinxcontrib-websupport (==1.0.1); extra == 'dev'",
            "stevedore (==1.28.0); extra == 'dev'",
            "swag-client (==0.3.8); extra == 'dev'",
            "tabulate (==0.8.2); extra == 'dev'",
            "typed-ast (==1.1.0); extra == 'dev'",
            "urllib3 (==1.22); extra == 'dev'",
            "virtualenv (==15.2.0); extra == 'dev'",
            "werkzeug (==0.14.1); extra == 'dev'",
            "aniso8601 (==3.0.0); extra == 'web'",
            "blinker (==1.4); extra == 'web'",
            "boto3 (==1.7.9); extra == 'web'",
            "botocore (==1.10.9); extra == 'web'",
            "click-log (==0.2.1); extra == 'web'",
            "click (==6.7); extra == 'web'",
            "croniter (==0.3.20); extra == 'web'",
            "deepdiff (==3.3.0); extra == 'web'",
            "docutils (==0.14); extra == 'web'",
            "dogpile.cache (==0.6.4); extra == 'web'",
            "flask-restful (==0.3.6); extra == 'web'",
            "flask-rq2 (==18.0); extra == 'web'",
            "flask (==1.0.2); extra == 'web'",
            "fuzzywuzzy (==0.16.0); extra == 'web'",
            "gunicorn (==19.8.1); extra == 'web'",
            "inflection (==0.3.1); extra == 'web'",
            "itsdangerous (==0.24); extra == 'web'",
            "jinja2 (==2.10); extra == 'web'",
            "jmespath (==0.9.3); extra == 'web'",
            "jsondiff (==1.1.1); extra == 'web'",
            "jsonpickle (==0.9.6); extra == 'web'",
            "jsonschema (==2.6.0); extra == 'web'",
            "markupsafe (==1.0); extra == 'web'",
            "marshmallow-jsonschema (==0.5.0); extra == 'web'",
            "marshmallow (==2.15.1); extra == 'web'",
            "python-dateutil (==2.7.2); extra == 'web'",
            "python-levenshtein (==0.12.0); extra == 'web'",
            "pytz (==2018.4); extra == 'web'",
            "pyyaml (==3.12); extra == 'web'",
            "raven[flask] (==6.7.0); extra == 'web'",
            "redis (==2.10.6); extra == 'web'",
            "retrying (==1.3.3); extra == 'web'",
            "rq-scheduler (==0.8.2); extra == 'web'",
            "rq (==0.10.0); extra == 'web'",
            "s3transfer (==0.1.13); extra == 'web'",
            "six (==1.11.0); extra == 'web'",
            "swag-client (==0.3.8); extra == 'web'",
            "tabulate (==0.8.2); extra == 'web'",
            "werkzeug (==0.14.1); extra == 'web'"
        ],
        "requires_python": ">=3.6",
        "summary": "Forensic differentiator",
        "version": "0.1.0"
    },
    "last_serial": 3937108,
    "releases": {
        "0.1.0": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "221c3567ee7afd7d654b755cf823453a",
                    "sha256": "237c7fac29b43336060765fc8dcd5b02b4714a116b7daa9865960a462daf6b46"
                },
                "downloads": -1,
                "filename": "diffy-0.1.0-py2.py3-none-any.whl",
                "has_sig": false,
                "md5_digest": "221c3567ee7afd7d654b755cf823453a",
                "packagetype": "bdist_wheel",
                "python_version": "py2.py3",
                "requires_python": ">=3.6",
                "size": 47262,
                "upload_time": "2018-06-06T19:14:14",
                "url": "https://files.pythonhosted.org/packages/54/60/0d9af719e0f19d1da6b4a6d15ff630894d7db71523e95f76164947b3fc4c/diffy-0.1.0-py2.py3-none-any.whl"
            },
            {
                "comment_text": "",
                "digests": {
                    "md5": "47cc9839517e4017af1a00a98572d5a4",
                    "sha256": "88ff943f81f437de9ee7a0e05314caa236715aea37989fd7be00c988b456dd0f"
                },
                "downloads": -1,
                "filename": "diffy-0.1.0.tar.gz",
                "has_sig": false,
                "md5_digest": "47cc9839517e4017af1a00a98572d5a4",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": ">=3.6",
                "size": 31056,
                "upload_time": "2018-06-06T19:14:15",
                "url": "https://files.pythonhosted.org/packages/ee/ec/89b75acfcc8ca8bb6a5451998f276f38dff07885be85f8e9d0c9ce06a413/diffy-0.1.0.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "221c3567ee7afd7d654b755cf823453a",
                "sha256": "237c7fac29b43336060765fc8dcd5b02b4714a116b7daa9865960a462daf6b46"
            },
            "downloads": -1,
            "filename": "diffy-0.1.0-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "221c3567ee7afd7d654b755cf823453a",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": ">=3.6",
            "size": 47262,
            "upload_time": "2018-06-06T19:14:14",
            "url": "https://files.pythonhosted.org/packages/54/60/0d9af719e0f19d1da6b4a6d15ff630894d7db71523e95f76164947b3fc4c/diffy-0.1.0-py2.py3-none-any.whl"
        },
        {
            "comment_text": "",
            "digests": {
                "md5": "47cc9839517e4017af1a00a98572d5a4",
                "sha256": "88ff943f81f437de9ee7a0e05314caa236715aea37989fd7be00c988b456dd0f"
            },
            "downloads": -1,
            "filename": "diffy-0.1.0.tar.gz",
            "has_sig": false,
            "md5_digest": "47cc9839517e4017af1a00a98572d5a4",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.6",
            "size": 31056,
            "upload_time": "2018-06-06T19:14:15",
            "url": "https://files.pythonhosted.org/packages/ee/ec/89b75acfcc8ca8bb6a5451998f276f38dff07885be85f8e9d0c9ce06a413/diffy-0.1.0.tar.gz"
        }
    ]
}