I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.
May 022011
I created Project RF to have a reporting framework that provides consistent reports for various vulnerability scanning tools. The project started with support for Nessus back when I would parse nbe files. I’ve since included reporting for eEye Retina, Nmap, HP WebInpect, AppScan AppDetective, Kismet, and GFI Languard. This project is still in its alpha stages as I’m not a top notch web program developer. Scan results are exported to XML which is then uploaded, parsed, and imported into a backend MySQL database. I have found this framework very useful in generating reports for my workpapers. I still continue to work on this project even though I’m no longer an auditor. Recently I stripped it down to just Nessus and I rewrote the Nessus portion to support the .nesses v2 xml output. Installation and setup instructions can be found here.
This framework supports many options for report generation and executive reporting.
Feb 242011
I put together a Technical Assessment Plan that can be used to conduct external fingerprinting using the tools and utilities that a penetration tester would use. The assessment plans are structured in a way to help with the documentation of evidence for inclusion in a work-paper process. The plan provides helpful information on how to install, configure, and use the tools to obtain the evidence needed for an engagement. The Technical Assessment Plans that I have created can be found here.
Nov 062009
As an auditor I liked to quickly analyze my Nmap scan results by parsing the XML output produced and loading it into my favorite spreadsheet application.
From there I could sort by host, port, service, or operating system for analysis. The parsed results are a lot easier to add to reports and workpapers. Just remember to keep the original Nmap results.
I’ve developed a LAMP framework to parse and load Nmap results into a database for reporting and analysis. However if you are just looking to quickly parse the results of individual scans I’ve got a Perl script for you!
First a quick blurb on getting installing Perl and and Nmap-Parser module.
Windows
Download ActivePerl from the Active State website: https://www.activestate.com/activeperl/downloads/
Once ActivePerl is installed you will need to install the Nmap Parser written by Anthony Persaud.
From the Command Prompt enter the following command:
C:\>ppm install nmap-parser
Downloading Nmap-Parser-1.19...done
Downloading XML-Twig-3.32...done
Unpacking Nmap-Parser-1.19...done
Unpacking XML-Twig-3.32...done
Generating HTML for Nmap-Parser-1.19...done
Generating HTML for XML-Twig-3.32...done
Updating files in site area...done
21 files installed
Linux
For Ubuntu/Debian you can install the package.
#apt-get install libnmap-parser-perl
For every Linux distro you can install the package via CPAN.
#perl -MCPAN -e 'install Nmap::Parser'
Copy the following Perl code below and save it as nmap_parse.pl.
#!/usr/bin/perl
use Nmap::Parser;
my $np = new Nmap::Parser;
my $infile = @ARGV[0];
$np->parsefile($infile);
#GETTING SCAN INFORMATION
print "Scan Information:\n";
my $si = $np->get_session();
print
'Number of services scanned: '.$si->numservices()."\n",
'Start Time: '.$si->start_str()."\n",
'Finish Time: '.$si->time_str()."\n",
'Scan Arguments: '.$si->scan_args()."\n";
print "Host Name,Ip Address,MAC Address,OS Name,OS Family,OS Generation,OS Accuracy,Port,Service Name,Service Product,Service Version,Service Confidence\n";
for my $host ($np->all_hosts()){
for my $port ($host->tcp_ports()){
my $service = $host->tcp_service($port);
my $os = $host->os_sig;
print $host->hostname().",".$host->ipv4_addr().",".$host->mac_addr().",".$os->name.",".$os->family.",".$os->osgen().",".$os->name_accuracy().",".$port.",".$service->name.",".$service->product.",".$service->version.",".$service->confidence()."\n";
}
}
Save the above code and run it from the command line as follows:
C:\>nmap_parse.pl nmap_scan_output.xml >> results.csv
Additional Information
ppm – Perl Package Manager, version 4
http://docs.activestate.com/activeperl/5.10/bin/ppm.html
ActiveState CPAN PPM Repository
http://ppm4.activestate.com/
Nmap Parser
http://search.cpan.org/dist/Nmap-Parser/Parser.pm