Monday, August 30, 2010

OD AutoAssess Network Script v0.1-beta

I have one bug left before I want to release a non-beta version, but if anyone can download the latest beta of the script here. Feel free to contact me if you find a bug or have a suggestion. Maybe you can fix the last bug I have open atm!

One change that you may need to install, traceroute is now run as well on hosts during the individual host scans. This is appended to the $HOST.nmap file.

USAGE: sh od-autoassess.sh options

Example:#sh od-autoassess.sh --client=joemama --range=192.168.0.0/24 --profile-only

Options:

--profile-only Only profile the network, run no vulnerability assessments and create no reports. Requires --client and --range or --zenity.
--zenity Get user information via zenity (GUI text fields) rather than as arguments. Ignores all other arguments when provided except --profile-only.
--client Name of the client whose network is being scanned.
--range IP range to be scanned.
--company-name Name that you would like the PDF reports created with.
--logo-path Path to the logo you want to customize reports with. Requires --company-name
--openvas-server IP address to a remote (or local) server for openvassd.
--openvas-port Port which openvassd will be listening on.
--openvas-user Username for openvassd server.
--openvas-pass Password for openvassd server.
--help Prints this help.

Monday, August 23, 2010

Added some small features

Added some small features to the OpenDiagnostics auto-assess script. A little better forensics, checks for common suspicious ports now and added a profile-only script (openvas/metasploit aren't run, only nmap and nikto). It is much faster, but only good for topological research.

New output is a bit more verbose will look similar to this...

Mapping network...

Scanning individual hosts...


 Scanning 192.168.0.1...
  --Suspicious port found: 53 ADM worm, li0n, MscanWorm, MuSka52
 Scanning 192.168.0.103...
  --Suspicious port found: 1234 KiLo, Ultors Trojan

...


In this example, 53 is a false-positive for my router (DNS). 1234 was `netcat -p 1234 -l` on my home server. Shouldn't catch most common ports like http/s, ftp, ssh, etc...

You can check out the latest source here.

Friday, August 20, 2010

Updated OpenDiagnostics Live CD and other news

Added puf
Added dsniff suite
Added od-autoassess script to /opt

Updated ClamAV and Metasploit

Removed some un-needed fluff, brought ISO down to 367mb.

You can get the CD here.

Also, added the network autoassessment scripts to code.google.com and you can update it on the CD using svn up on the fly (but I will update it as it is needed on the CD).

Saturday, August 7, 2010

QuakeCon!

Leaving for QuakeCon Monday morning! Hope to see some neat people there, it's always a blast.

If you are in the DFW area, I highly recommend checking it out!