Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 11:30 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
PostPosted: Sun Oct 21, 2012 7:47 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
NOTE - this is not finished and will likely NOT work as is.
Just putting it out here for people to look at, hack on and give feedback...

Two new scripts - audit_subnet_windows and nmap_windows.

I have slightly changed the naming convention for scripts. If the script name ends in _windows then it is meant to be run from a Windows machine. I will apply the same logic to Linux and OSX scripts. If anyone has an idea for a naming convention for scripts, please do post.

"audit subnet windows" will take a subnet and mask on the command line (read the documentation in the script) and attempt to ping (or use nmap) to determine if there is a device at a given address within the subnet. If there is, it will start audit_nmap (if nmap is installed) or audit_windows (if nmap not installed). There is an option to explicitly NOT use nmap, even if it is installed.

"nmap windows" will attempt to determine the type of device (a Windows machine, or not). If it thinks it is a Windows machine, it will start "audit windows", if not it will test to see if SNMP is installed, then stop (as I said - not finished). This does not (yet) submit details on a non-Windows machine to the OAv2 server.

Note that you will need to rename the scripts to *.vbs from *.txt.

Have a play and please leave feedback below :-)

UPDATE - nmap_windows updated.


Attachments:
File comment: rename to nmap_windows.vbs
nmap_windows.txt [7.92 KiB]
Downloaded 332 times
File comment: old version.
nmap_windows.txt [4.6 KiB]
Downloaded 322 times
File comment: rename to audit_subnet_windows.vbs
audit_subnet_windows.txt [15.01 KiB]
Downloaded 343 times

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.
Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 22, 2012 12:47 pm 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Haven't tried these yet but it might be good for a subnet scan to have a skip list. Someone, somewhere has a subnet they want to scan but not some particular subset. Maybe you could accept IP ranges in addition to subnets.


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 22, 2012 7:59 pm 
Offline
Site Admin
User avatar

Joined: Mon Jun 07, 2004 11:48 am
Posts: 1964
Location: Brisbane, Australia
IP Ranges should be really easy.
Leave it with me.
:)

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 23, 2012 7:22 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1259
Both scripts don't handle script paths with spaces.
nmap_windows should handle the single argument case of "nmap_windows <ip>".

nmap_windows has Option Explicit set so you need to Dim "shell" from line 183.

Should make it clear in the documentation that the scan needs to be run from a machine within the target subnet.

Lots of use of split to parse the nmap data. This breaks when you have data with spaces in it. Should use instr, left, mid, etc for some of these.
Example MAC Address line:
[code]MAC Address: 00:00:00:00:00:00 (Konica Minolta Holdings)[/code]
Ugly parse code but the idea is there
[code]' test for MAC Address
if (instr(lcase(line), "mac address:") = 1) then
line_split = split(line)
system_mac_address = line_split(2)
system_manufacturer = mid(line, instr(line,"(")+1,instr(line,")")-instr(line,"(")-1)
end if[/code]

Another one that split doesn't handle well
[code]Device type: general purpose[/code]
Or at least you should split on ": " rather than " ".


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group