.

How to manage information (scan outputs) for large networks

<<

HellAdmin

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 10, 2013 8:58 am

Post Wed Jul 10, 2013 9:13 am

How to manage information (scan outputs) for large networks

Dear EH-Net Users.

I am relatively new to Pentesting and have a problem that I need help with:

Currently I am investigating the security of my companys internal network, which is relatively huge (around that 1300 clients and around 100 servers).

As a first step I already did a network and service discovery using NMAP and got the result / output (-oA).

Now I want to manage all the information in one tool to have a better overview, to correlate results with other tools and to search inside the "database".

BUT, so far I cannot find any tool that is really suitable.
I know of Magictree, Keepnote and Dradis and tried them all.

MagicTree
Currently to complex for me

Keepnote
No import modules available

Dradis
Seemed to be what I needed (Importers available and a tree structure) but this tool (the import plugins) is simply not working.
The Gemfile problem could be solved easily, buth then I get multiple error when trying to import the NMAP result.

It´s hard for me to believe that there is no tool available offering a simple tree structure and import of XML-based outputs from the most well-known pentest tools plus a search feature.

I would be appreciated to hear how you solve this point in your daily work for large networks.

Thank you guys...
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Wed Jul 10, 2013 10:28 am

Re: How to manage information (scan outputs) for large netwo

Strangely enough, I've been building a tool for a while that does just this.

It's not ready to be released yet - but essentually you import all of the data into http://www.splunk.com/ and then this uses some regexs to pull out the data and display it nicely.

I'd have a look into Splunk (free for up to 500MB of data per day) for your requirements, it's not hard to write a few queries to pull out all of the data you want.
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Wed Jul 10, 2013 12:05 pm

Re: How to manage information (scan outputs) for large netwo

@HellAdmin I can import Nmap scans into Dradis without any problems. What are the errors you are getting?
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

HellAdmin

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 10, 2013 8:58 am

Post Thu Jul 11, 2013 1:34 am

Re: How to manage information (scan outputs) for large netwo

@m0wgli: I use Dradis on Kali Linux and installed it out of the Kali Repositories.

When trying to upload my NMAP results, I couldn´t see any results in the WebApp, so I tried running it on command line, with the following "result":

root@KaliLinux:/usr/lib/dradis/server# bundle exec thor dradis:upload:nmap /root/MH_10.152.16.0_22.xml
/usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/RedCloth-4.2.8/lib/redcloth.rb:10: Use RbConfig instead of obsolete and deprecated Config.
/usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/sqlite_adapter.rb:470:in `table_structure': Could not find table 'configurations' (ActiveRecord::StatementInvalid)
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/sqlite_adapter.rb:351:in `columns'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/connection_adapters/schema_cache.rb:12:in `block in initialize'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `yield'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `default'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:228:in `columns'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/model_schema.rb:237:in `columns_hash'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/locking/optimistic.rb:129:in `locking_enabled?'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:169:in `exec_queries'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:159:in `block in to_a'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/explain.rb:31:in `logging_query_plan'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation.rb:158:in `to_a'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:377:in `find_first'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:122:in `first'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:105:in `find'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/relation/finder_methods.rb:101:in `find'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/activerecord-3.2.0/lib/active_record/querying.rb:5:in `find'
from /usr/lib/dradis/server/lib/core/configurator.rb:44:in `get'
from /usr/lib/dradis/server/lib/core/configurator.rb:64:in `method_missing'
from /usr/lib/dradis/server/vendor/plugins/html_export/init.rb:4:in `block in <class:Plugin>'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/plugin.rb:82:in `eval'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/plugin.rb:82:in `block in <class:Plugin>'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:30:in `instance_exec'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:30:in `run'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:55:in `block in run_initializers'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:54:in `each'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/initializable.rb:54:in `run_initializers'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/application.rb:136:in `initialize!'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/railties-3.2.0/lib/rails/railtie/configurable.rb:30:in `method_missing'
from /usr/lib/dradis/server/config/environment.rb:5:in `<top (required)>'
from /usr/lib/dradis/server/vendor/plugins/nmap_upload/lib/tasks/thorfile.rb:10:in `require'
from /usr/lib/dradis/server/vendor/plugins/nmap_upload/lib/tasks/thorfile.rb:10:in `nmap'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:22:in `run'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/invocation.rb:118:in `invoke_task'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor.rb:263:in `dispatch'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/base.rb:389:in `start'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/runner.rb:34:in `method_missing'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:22:in `run'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/task.rb:108:in `run'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/invocation.rb:118:in `invoke_task'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor.rb:263:in `dispatch'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/lib/thor/base.rb:389:in `start'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/thor-0.14.6/bin/thor:6:in `<top (required)>'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/bin/thor:23:in `load'
from /usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/bin/thor:23:in `<main>'
<<

HellAdmin

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 10, 2013 8:58 am

Post Thu Jul 11, 2013 1:36 am

Re: How to manage information (scan outputs) for large netwo

@UKSecurityGuy:

Thanks for your hint. Will give Splunk a try.
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Fri Jul 12, 2013 4:35 pm

Re: How to manage information (scan outputs) for large netwo

HellAdmin wrote:@m0wgli: I use Dradis on Kali Linux and installed it out of the Kali Repositories....


Out of interest, I tried this on an old Kali Linux VM from when it was first released. Installing via the repositories, I encountered both problems you did.

However, on a different Kali Linux VM (using a recent ISO) where Dradis was already included, the web interace works. Although the command line isn't working.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software