Sunday, September 12, 2010

Added MBSA support (and other experimental things) to autoassess script

Please use --enable-mbsa, --mbsa-user, --mbsa-pass, and --mbsa-remote-path to perform a remote MBSA scan of a host on your network. It's pretty quick, a few seconds hang time per host run on. The report is saved in the mbsa folder of the scan archive.

A neat thing I added the other day, when public shares are found on a computer, the script will try to get a file list for each file in the share. It's super quick, so I left it alone and it runs on every scan. If something comes up, I can make this an optional thing.

I have also added _some_ experimental hydra support to the script for protocols such as ftp, ssh, and pop3. Please look at the code to see how to enable it, I won't take any bugs reports or complaints on speed when having these enabled.

Another small thing I added was the ability to email the scan archive to email@address.tld when the scan was finished using a local smtp server such as sendmail. (see --send-to)

I removed the --zenity option, I will be writing a GUI that is better suited to the options I have been adding.

Not sure if I have mentioned this previously, but a --print option has been added to automagically print pdf reports to the default printer. This can be a bad thing as a lot of paper can be used.

Optionally, you may define all of your variables in the .od-autoassessrc file in the user's home dir who is running.

Finally, for an example, if you wanted to run a single-host profile (no vulnerability scans) with MBSA enabled, your scan could look like this:

root@bperry-laptop:/opt/scripts/od-autoassess# sh od-autoassess.sh --client="Joe Badass" --single-host=192.168.0.102 --profile-only --enable-mbsa --mbsa-user=Test --mbsa-pass=password --mbsa-remote-path="C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsacli.exe"

Creating scan folder -> ~/scans/Joe Badass-2010-09-12-14:50

Using 192.168.0.102 in single-host scan...

Scanning individual hosts...

Scanning 192.168.0.102...
--Finding shared directories and drives...
--Trying to get file list for public share: C...
--Trying to get file list for public share: desktop...
--Running remote MBSA scan...
--Interesting port found: 139 NetBIOS Datagram Service
--Suspicious port found: 445 Nimda
--Interesting port found: 445 Microsoft-DS



Creating ZIP archive of scan...


Total time to analyze network:
0 minutes 57 seconds

Interesting port found on 192.168.0.102: 139 NetBIOS Datagram Service
Suspicious port found on 192.168.0.102: 445 Nimda
Interesting port found on 192.168.0.102: 445 Microsoft-DS


Scanned 1 hosts in total in 0 m 57 s.


root@bperry-laptop:/opt/scripts/od-autoassess#


So, in under a minute, you can have a pretty extensive source of information for the host at hand even without vulnerability scans.

You can see the latest code here.

No comments:

Post a Comment