Cashel β Firewall Compliance License
π₯ CASHEL β Firewall Configuration AuditorBuilt by a network security engineer, for network security engineers.Cashel audits firewall configurations and finds what your change process misses β overly permissive rules, missing deny-alls, insecure services, and more. Get a scored, categorized report with remediation guidance in seconds.Supported Vendors AWS Security Groups (JSON) Azure NSG (JSON) Cisco (text) Fortinet (text) Palo Alto Networks (XML) pfSense (XML) Free Features (Open Source) Web UI β browser-based, no terminal required Auto-detect vendor β identifies vendor from file content automatically Security scoring β every audit produces a 0β100 score: 100 β (HIGH Γ 10) β (MEDIUM Γ 3) Category badges β findings tagged by type: Exposure, Protocol, Logging, Hygiene, Redundancy Remediation guidance β every finding includes a plain-English fix Device tag system β name your devices (e.g. ASA01, FortiGate-HQ) for auto-versioned history tracking Score Trends chart β visualize security score over time per device with vendor and tag filters Live SSH connection β pull and audit a running config directly from Cisco, Fortinet, or Palo Alto devices Rule change diff β upload two configs of the same vendor to see exactly what was added, removed, and unchanged Audit History β browse saved audits with vendor filter, sort, and device search Archival reviews β compare any two saved audits: resolved findings, new issues, and delta scores Activity Log β full record of every audit, SSH attempt, and config diff, including failures PDF report export β color-coded findings with score box, category labels, and remediation text Light / dark / auto theme Docker Compose deployment β up in minutes CLI support Checks include: any/any permit rules, missing deny-all, permit rules missing logging, redundant/shadowed rules, Telnet management, unrestricted ICMP, any-application rules (Palo Alto), missing security profiles, disabled/unnamed/all-service policies (Fortinet), internet-facing policies missing UTM, WAN-facing any-source rules (pfSense), open ingress to 0.0.0.0/0 (AWS), default SGs with active rules, broad port ranges, inbound Any rules (Azure), and more.Paid License β Compliance ChecksUnlock framework-mapped compliance checks with specific control references: CIS Benchmark β Cisco, Palo Alto, Fortinet, pfSense PCI-DSS β with requirement numbers (e.g. PCI Req 1.3, Req 10.2) NIST SP 800-41 β with control references (e.g. NIST AC-6) Compliance findings appear in both the web UI and PDF report, clearly separated from standard audit findings.Getting StartedDocker Compose (recommended):git clone https://github.com/Shamrock13/cashel.git cd cashel docker compose up --build Open http://localhost:8080 β that's it.Cashel is open source (MIT). The compliance module requires a paid license key, activated via the web UI or CLI.
Get it β shamrock13.gumroad.com