I have one bug left before I want to release a non-beta version, but if anyone can download the latest beta of the script here. Feel free to contact me if you find a bug or have a suggestion. Maybe you can fix the last bug I have open atm!
One change that you may need to install, traceroute is now run as well on hosts during the individual host scans. This is appended to the $HOST.nmap file.
USAGE: sh od-autoassess.sh options
Example:#sh od-autoassess.sh --client=joemama --range=192.168.0.0/24 --profile-only
Options:
--profile-only Only profile the network, run no vulnerability assessments and create no reports. Requires --client and --range or --zenity.
--zenity Get user information via zenity (GUI text fields) rather than as arguments. Ignores all other arguments when provided except --profile-only.
--client Name of the client whose network is being scanned.
--range IP range to be scanned.
--company-name Name that you would like the PDF reports created with.
--logo-path Path to the logo you want to customize reports with. Requires --company-name
--openvas-server IP address to a remote (or local) server for openvassd.
--openvas-port Port which openvassd will be listening on.
--openvas-user Username for openvassd server.
--openvas-pass Password for openvassd server.
--help Prints this help.
Monday, August 30, 2010
Monday, August 23, 2010
Added some small features
Added some small features to the OpenDiagnostics auto-assess script. A little better forensics, checks for common suspicious ports now and added a profile-only script (openvas/metasploit aren't run, only nmap and nikto). It is much faster, but only good for topological research.
New output is a bit more verbose will look similar to this...
In this example, 53 is a false-positive for my router (DNS). 1234 was `netcat -p 1234 -l` on my home server. Shouldn't catch most common ports like http/s, ftp, ssh, etc...
You can check out the latest source here.
New output is a bit more verbose will look similar to this...
Mapping network... Scanning individual hosts... Scanning 192.168.0.1... --Suspicious port found: 53 ADM worm, li0n, MscanWorm, MuSka52 Scanning 192.168.0.103... --Suspicious port found: 1234 KiLo, Ultors Trojan ...
In this example, 53 is a false-positive for my router (DNS). 1234 was `netcat -p 1234 -l` on my home server. Shouldn't catch most common ports like http/s, ftp, ssh, etc...
You can check out the latest source here.
Friday, August 20, 2010
Updated OpenDiagnostics Live CD and other news
Added puf
Added dsniff suite
Added od-autoassess script to /opt
Updated ClamAV and Metasploit
Removed some un-needed fluff, brought ISO down to 367mb.
You can get the CD here.
Also, added the network autoassessment scripts to code.google.com and you can update it on the CD using svn up on the fly (but I will update it as it is needed on the CD).
Added dsniff suite
Added od-autoassess script to /opt
Updated ClamAV and Metasploit
Removed some un-needed fluff, brought ISO down to 367mb.
You can get the CD here.
Also, added the network autoassessment scripts to code.google.com and you can update it on the CD using svn up on the fly (but I will update it as it is needed on the CD).