Introduction

TWIGS is an acronym for ThreatWorx Inventory Gathering Script. It is a python based, open source CLI maintained by ThreatWorx on Github that is designed to be a one-stop tool for discovering various elements of the enterprise attack surface (both internal and external). It can discover code, container, cloud, servers, network devices and more. It can also run configuration checks on certain kinds of assets for security posture management.

Twigs was designed with 3 primary goals:

  1. Zero trust – Allow for discovery of attack surface from within the enterprise network and do not share access to the assets directly with ThreatWorx. No need to share passwords, credentials, access tokens to your assets. Dramatically reduce the risk of having ThreatWorx in your third party supply chain.
  2. Agent less – Wherever possible, allow for attack surface discovery without using black box or binary agents. Have an auditable, open source mechanism for asset discovery which can be easily deployed and scaled across the attack surface sprawl.
  3. Easy to use, DevOps friendly – Have a simple, portable, DevOps friendly interface which can be easily integrated in code pipelines and workflows with minimal effort.

With these goals in mind, twigs was developed as a python based, open source, CLI that supports easy discovery of the enterprise attack surface without requiring agents (in most cases) and without requiring sharing (storing) credentials with the ThreatWorx platform.