Saturday, July 31, 2010

OD AutoAssessment Server Tutorial (w/ VirtualBox Appliance!)

I wrote up a quick tutorial on getting the AutoAssess Network Script running on a fresh Ubuntu 10.04 install, and since, to verify everything, I used a virtual machine, I have made an easy to use appliance (and small! 600 MB). If you plan on running the appliance on Linux, you will need to fix the Sound/Audio setting to not use Windows DirectSound.


Credentials are rooty/ytoor, then you can `sudo su` from there to get root. Try setting up a cronjob and letting it run for a month, see what things might be creeping up. I think this would be great for a geek dad who likes to keep his home network secure.


The auto-assess script is in /root (you need to be root to run the script anyway).
The following is an example on how to run it:

sh base_scan.sh local 192.168.0.0/24

'local' is the name of the location, or client, whomever, whatever. '192.168.0.0/24' is the IP range of YOUR network (you can find this out with ifconfig).


A short explanation of the files generated during the scan.

*.nkt are nikto files (the output of running nikto on a host on the network. This is useful for NAS drives, printers, routers, many things you wouldn't suspect).

*.nmap are nmap files, the output of a portscan and OS detection of the host at hand.

*.msf is the entire metasploit session. The end of the file is most important, it tells you how many exploit sessions were able to be opened during the scan and the vulnerability that was used.

*.db is the sqlite3 DB metasploit generates when performing it's scan. I keep this DB strictly for record-keeping, in case I need to go back to my scans for any reason.

*.pdf are the PDF files generated for average person use... main.pdf is a general overview whereas IP specific PDFs go into detail about each host.

network_ips and included are both lists of IP addresses on your network (included does not have the scanner host). The script removes its host from the lists of things to be scanned because it is a foreign host only on the network during the scan (in most of my uses anyway). This can be fixed by making openvas-client and the for loops in the script use network_ips instead of included.

If you have any comments or suggestions, feel free to contact me!