How to manage information (scan outputs) for large networks

Viewing 5 reply threads
  • Author
    Posts
    • #8514
      HellAdmin
      Participant

      Dear EH-Net Users.

      I am relatively new to Pentesting and have a problem that I need help with:

      Currently I am investigating the security of my companys internal network, which is relatively huge (around that 1300 clients and around 100 servers).

      As a first step I already did a network and service discovery using NMAP and got the result / output (-oA).

      Now I want to manage all the information in one tool to have a better overview, to correlate results with other tools and to search inside the “database”.

      BUT, so far I cannot find any tool that is really suitable.
      I know of Magictree, Keepnote and Dradis and tried them all.

      MagicTree
      Currently to complex for me

      Keepnote
      No import modules available

      Dradis
      Seemed to be what I needed (Importers available and a tree structure) but this tool (the import plugins) is simply not working.
      The Gemfile problem could be solved easily, buth then I get multiple error when trying to import the NMAP result.

      It´s hard for me to believe that there is no tool available offering a simple tree structure and import of XML-based outputs from the most well-known pentest tools plus a search feature.

      I would be appreciated to hear how you solve this point in your daily work for large networks.

      Thank you guys…

    • #53245
      UKSecurityGuy
      Participant

      Strangely enough, I’ve been building a tool for a while that does just this.

      It’s not ready to be released yet – but essentually you import all of the data into http://www.splunk.com/ and then this uses some regexs to pull out the data and display it nicely.

      I’d have a look into Splunk (free for up to 500MB of data per day) for your requirements, it’s not hard to write a few queries to pull out all of the data you want.

    • #53246
      m0wgli
      Participant

      @HellAdmin I can import Nmap scans into Dradis without any problems. What are the errors you are getting?

    • #53247
      HellAdmin
      Participant

      @m0wgli: I use Dradis on Kali Linux and installed it out of the Kali Repositories.

      When trying to upload my NMAP results, I couldn´t see any results in the WebApp, so I tried running it on command line, with the following “result”:

      root@KaliLinux:/usr/lib/dradis/server# bundle exec thor dradis:upload:nmap /root/MH_10.152.16.0_22.xml
      /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/RedCloth-4.2.8/lib/redcloth.rb:10: Use RbConfig instead of obsolete and deprecated Config.
      /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/sqlite_adapter.rb:470:in `table_structure’: Could not find table ‘configurations’ (ActiveRecord::StatementInvalid)
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/sqlite_adapter.rb:351:in `columns’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/schema_cache.rb:12:in `block in initialize’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `yield’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `default’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `columns’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:237:in `columns_hash’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/locking/optimistic.rb:129:in `locking_enabled?’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:169:in `exec_queries’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:159:in `block in to_a’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/explain.rb:31:in `logging_query_plan’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:158:in `to_a’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:377:in `find_first’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:122:in `first’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:105:in `find’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:101:in `find’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/querying.rb:5:in `find’
      from /usr/lib/dradis/server/lib/core/configurator.rb:44:in `get’
      from /usr/lib/dradis/server/lib/core/configurator.rb:64:in `method_missing’
      from /usr/lib/dradis/server/vendor/plugins/html_export/init.rb:4:in `block in ‘
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/plugin.rb:82:in `eval’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/plugin.rb:82:in `block in ‘
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:30:in `instance_exec’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:30:in `run’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:55:in `block in run_initializers’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:54:in `each’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:54:in `run_initializers’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/application.rb:136:in `initialize!’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/railtie/configurable.rb:30:in `method_missing’
      from /usr/lib/dradis/server/config/environment.rb:5:in `’
      from /usr/lib/dradis/server/vendor/plugins/nmap_upload/lib/tasks/thorfile.rb:10:in `require’
      from /usr/lib/dradis/server/vendor/plugins/nmap_upload/lib/tasks/thorfile.rb:10:in `nmap’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:22:in `run’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/invocation.rb:118:in `invoke_task’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor.rb:263:in `dispatch’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/base.rb:389:in `start’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/runner.rb:34:in `method_missing’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:22:in `run’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:108:in `run’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/invocation.rb:118:in `invoke_task’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor.rb:263:in `dispatch’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/base.rb:389:in `start’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/bin/thor:6:in `’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/bin/thor:23:in `load’
      from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/bin/thor:23:in `’

    • #53248
      HellAdmin
      Participant

      @UKSecurityGuy:

      Thanks for your hint. Will give Splunk a try.

    • #53249
      m0wgli
      Participant

      @HellAdmin wrote:

      @m0wgli: I use Dradis on Kali Linux and installed it out of the Kali Repositories….

      Out of interest, I tried this on an old Kali Linux VM from when it was first released. Installing via the repositories, I encountered both problems you did.

      However, on a different Kali Linux VM (using a recent ISO) where Dradis was already included, the web interace works. Although the command line isn’t working.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?