Monday, August 23, 2010

Added some small features

Added some small features to the OpenDiagnostics auto-assess script. A little better forensics, checks for common suspicious ports now and added a profile-only script (openvas/metasploit aren't run, only nmap and nikto). It is much faster, but only good for topological research.

New output is a bit more verbose will look similar to this...

Mapping network...

Scanning individual hosts...


 Scanning 192.168.0.1...
  --Suspicious port found: 53 ADM worm, li0n, MscanWorm, MuSka52
 Scanning 192.168.0.103...
  --Suspicious port found: 1234 KiLo, Ultors Trojan

...


In this example, 53 is a false-positive for my router (DNS). 1234 was `netcat -p 1234 -l` on my home server. Shouldn't catch most common ports like http/s, ftp, ssh, etc...

You can check out the latest source here.
Posted by Brandon Perry at 5:34 PM
Labels: ,