Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 5:09 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
PostPosted: Thu Oct 16, 2008 2:46 am 
Offline
Newbie

Joined: Tue Oct 14, 2008 8:31 pm
Posts: 28
When no nmap_subnet is given, nmap should automatically find out the local subnet, and scan all systems in the local subnet.

It should still be possible to override this in case you want to scan a remote subnet.

Reason: I would like to audit several networks behind firewalls, all with different subnets, and don't want to provide separate configuration files for each one of them.


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 16, 2008 5:00 am 
Offline
Contributor

Joined: Fri Sep 28, 2007 12:07 am
Posts: 189
true on the first point.

second point with hosts that across routers/firewalls on different subnets causes issues with nmap, as it cannot resolve MAC addresses in remote subnets (IP by design).

js

_________________
OA Deployment:
Windows 2003 with XAMPP install
80 Windows Servers
250 Windows workstations (mixed XP and 2000)
5 MACs
Multiple printers, switches, routers, firewalls, and other servers (ESX, AIX etc.)


Top
 Profile  
Reply with quote  
PostPosted: Sun Oct 19, 2008 10:02 pm 
Offline
Newbie

Joined: Tue Oct 14, 2008 8:31 pm
Posts: 28
I went ahead and implemented an nmap_linux.sh that will always use the local subnet. Tested on openSUSE 11, but it doesn't use unusual things, so it should run on any recent Linux distribution (with a kernel of at least 2.0)

What it does:
- nmap is now a two-step process. First, we find all hosts on the local subnet. Then we do an nmap on each host and submit it.
- it stores all results in variables, and the wget output gets sent straight to /dev/null so there are no leftover files to delete.

The only thing left to change is the OA_SUBMIT_BASEURL (the root of your OA Web site).

If you want to scan a remote instead of a local subnet, you have to explicitly the IP of that subnet.

#!/bin/bash

OA_SUBMIT_BASEURL=https://myoasite/openaudit

UTIL_IP=$(which ip)
# if the IP utility wasn't found, we have to rely on traditional guessing
# But most new Linux systems with kernel 2.0 or above should have the
# ip tool
if [ -z "$UTIL_IP" ]
then
SUBNETS=192.168.2.0/24
else
# the ip utility will tell us what we need to know.
# The line will start with the IP address in CIDR format
# If it is an external interface, it will also have our
# own IP at the end, with the src prefix. Without the src
# term, the line is something else, such as a local interface
SUBNETS=$($UTIL_IP route | grep "src" | awk '{ print $1; }' )
fi


# since admin_nmap_input.php can only accept info about one host at a time, let's
# first figure out what hosts there are, and then separately determine the data
# for each host
nmap_hosts=$(nmap -sP -oG - $SUBNETS | grep "Host" | sed "s/.* \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\).*/\1/")

for host in $nmap_hosts
do
# echo $host
nmap_output=$(nmap -v -O -oN - $host)
wget -q --no-check-certificate -O /dev/null --post-data="submit=submit&add=$nmap_output" $OA_SUBMIT_BASEURL/admin_nmap_input.php
done


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group