March 31, 2012

Seccubus v2 – ‘Cause I’m B. RightLad!

Posted in Uncategorized at 3:11 pm by dgcombs

 

Wouldn’t you rather be B. Rightlad than C. Lueless (PDF)? Or at the very least follow in his footsteps? I know I would. That’s why I downloaded the latest beta version of Seccubus v2 (BlackHat Edition) and set about putting it to work instead of staying late and getting in early like C. Lueless.
Seccubus is a tool to automate network vulnerability scans and coordinate their results using tools like Nessus, OpenVAS and NMAP. These tools are great! But they have one thing in common. They send back a huge, hard to read, hard to comprehend report. Seccubus on the other hand, gives you an easy to review list of findings stored in a MySQL database.
I decided to scan the 157 host IP addresses in a local DMZ. That’s a lot of work without Seccubus. Heck, even with Seccubus, it’s a lot of work to set it up. I decided to scan each IP individually. So now I needed a list of all the IP’s. Thanks, NMAP!
Then I wrote a small PERL script to insert each host IP scan into the DMZ WorkSpace of the database.

print “Opening $InputFile”;
open(INFILE, $InputFile) or die “No such File: $!\n”;
while (<INFILE>) {
chomp;
$HostIP = $_;
print “insert into scans set name=\”Nessus-$HostIP\”,scannername=\”Nessus\”,scannerparam=\”-u $ScannerUser -s $ScannerHost –policy $ScannerPolicy –hosts=\$HOSTS\”,targets=\”$HostIP\”,workspace_id=$WorkSpace;\n”;
}
close INFILE;

So now I had 157 scans in my DMZ-Workspace. But how do they run? Again, PERL to the rescue with a small script to create a crontab file for the Seccubus user. In fact, it looked remarkably like the MySQL input file.

print “Opening $InputFile”;
open(INFILE, $InputFile) or die “No such File: $!\n”;
my $x,$y = 0;
while (<INFILE>) {
chomp;
$HostIP = $_;
# Stagger the runs by five minutes beginning at midnight Saturday night
print “$x $y * * 0 /home/seccubus/bin/do-scan -w DMZ-Scans -s Nessus-$HostIP >> /home/seccubus/scanlogs\n”;
# increment $x by five – if it is 60 increment $y and reset $x to 0
$x += 5;
if ($x == 60) {
$y += 1;
$x = 0;
}
}
close INFILE;

 Now I can sit back, relax, play some Epic Mickey and let the machines do all the work. I’ll review the findings on Monday and maybe even put together a little graph. Something with GnuPlot, maybe. Along the lines of
Showcase_plot
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: