This is a tiny app i made, that you would run locally on your workstation and it will dispatch osquery queries to the machines under your command. The commands are listed in the main root route of the app so you don't need to dig deep. And i really like osquery project, if you have never checked it out, you should probably take a look.

The only requirement is that your target machines should have osquery installed on them, thats it..

Standart Procedure

go get github.com/emirozer/exposq

Lets assume you are going to run exposq from your home directory(/home/user/). After running the command above, you need to create a file called targets.json in your /home/user/

Example formatting of targets.json file:

Important Notes : It expects a private key and you can give a key file specific to a target like the following json structure

{
    targets: [
        {
            "user": user,
            "ip": ip,
            "key": "key file",
        },
        {
            "user": user,
            "ip": ip
        }
    ],
    "key": "global key file"
}

After that just run:

$>exposq

Open up your browser and go

localhost:3000

And the main route will show you which queries you can dispatch :

Check if any of your machines are being used as a relay:

Check if any of your machines are a victim of mitm:

Check the uptime of your machines: