How to manage information (scan outputs) for large networks

This topic contains 5 replies, has 3 voices, and was last updated by  m0wgli 6 years, 2 months ago.

  • Author
    Posts
  • #8514
     HellAdmin 
    Participant

    Dear EH-Net Users.

    I am relatively new to Pentesting and have a problem that I need help with:

    Currently I am investigating the security of my companys internal network, which is relatively huge (around that 1300 clients and around 100 servers).

    As a first step I already did a network and service discovery using NMAP and got the result / output (-oA).

    Now I want to manage all the information in one tool to have a better overview, to correlate results with other tools and to search inside the “database”.

    BUT, so far I cannot find any tool that is really suitable.
    I know of Magictree, Keepnote and Dradis and tried them all.

    MagicTree
    Currently to complex for me

    Keepnote
    No import modules available

    Dradis
    Seemed to be what I needed (Importers available and a tree structure) but this tool (the import plugins) is simply not working.
    The Gemfile problem could be solved easily, buth then I get multiple error when trying to import the NMAP result.

    It´s hard for me to believe that there is no tool available offering a simple tree structure and import of XML-based outputs from the most well-known pentest tools plus a search feature.

    I would be appreciated to hear how you solve this point in your daily work for large networks.

    Thank you guys…

  • #53245
     UKSecurityGuy 
    Participant

    Strangely enough, I’ve been building a tool for a while that does just this.

    It’s not ready to be released yet – but essentually you import all of the data into http://www.splunk.com/ and then this uses some regexs to pull out the data and display it nicely.

    I’d have a look into Splunk (free for up to 500MB of data per day) for your requirements, it’s not hard to write a few queries to pull out all of the data you want.

  • #53246
     m0wgli 
    Participant

    @helladmin I can import Nmap scans into Dradis without any problems. What are the errors you are getting?

  • #53247
     HellAdmin 
    Participant

    @m0wgli: I use Dradis on Kali Linux and installed it out of the Kali Repositories.

    When trying to upload my NMAP results, I couldn´t see any results in the WebApp, so I tried running it on command line, with the following “result”:

    root@KaliLinux:/usr/lib/dradis/server# bundle exec thor dradis:upload:nmap /root/MH_10.152.16.0_22.xml
    /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/RedCloth-4.2.8/lib/redcloth.rb:10: Use RbConfig instead of obsolete and deprecated Config.
    /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/sqlite_adapter.rb:470:in `table_structure’: Could not find table ‘configurations’ (ActiveRecord::StatementInvalid)
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/sqlite_adapter.rb:351:in `columns’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/schema_cache.rb:12:in `block in initialize’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `yield’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `default’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `columns’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:237:in `columns_hash’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/locking/optimistic.rb:129:in `locking_enabled?’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:169:in `exec_queries’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:159:in `block in to_a’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/explain.rb:31:in `logging_query_plan’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:158:in `to_a’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:377:in `find_first’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:122:in `first’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:105:in `find’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:101:in `find’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/querying.rb:5:in `find’
    from /usr/lib/dradis/server/lib/core/configurator.rb:44:in `get’
    from /usr/lib/dradis/server/lib/core/configurator.rb:64:in `method_missing’
    from /usr/lib/dradis/server/vendor/plugins/html_export/init.rb:4:in `block in ‘
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/plugin.rb:82:in `eval’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/plugin.rb:82:in `block in ‘
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:30:in `instance_exec’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:30:in `run’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:55:in `block in run_initializers’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:54:in `each’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:54:in `run_initializers’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/application.rb:136:in `initialize!’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/railtie/configurable.rb:30:in `method_missing’
    from /usr/lib/dradis/server/config/environment.rb:5:in `’
    from /usr/lib/dradis/server/vendor/plugins/nmap_upload/lib/tasks/thorfile.rb:10:in `require’
    from /usr/lib/dradis/server/vendor/plugins/nmap_upload/lib/tasks/thorfile.rb:10:in `nmap’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:22:in `run’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/invocation.rb:118:in `invoke_task’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor.rb:263:in `dispatch’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/base.rb:389:in `start’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/runner.rb:34:in `method_missing’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:22:in `run’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:108:in `run’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/invocation.rb:118:in `invoke_task’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor.rb:263:in `dispatch’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/base.rb:389:in `start’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/bin/thor:6:in `’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/bin/thor:23:in `load’
    from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/bin/thor:23:in `’

  • #53248
     HellAdmin 
    Participant

    @uksecurityguy:

    Thanks for your hint. Will give Splunk a try.

  • #53249
     m0wgli 
    Participant

    @helladmin wrote:

    @m0wgli: I use Dradis on Kali Linux and installed it out of the Kali Repositories….

    Out of interest, I tried this on an old Kali Linux VM from when it was first released. Installing via the repositories, I encountered both problems you did.

    However, on a different Kali Linux VM (using a recent ISO) where Dradis was already included, the web interace works. Although the command line isn’t working.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?