Penetration Testing mailing list archives
RE: Scanning tool that will track and report diffs
From: "Joseph.Wulf" <Joseph.Wulf () prosync com>
Date: Wed, 25 Feb 2004 22:16:58 -0500
Ben, I can offer a tool for the "baseline", at least for Unix systems. Its not something I've "marketed", but freely offer to anyone that would want them. I've developed a shell script, in csh and supported by 5 awk scripts, that will essentially list an entire Unix filesystem and pack it away for reference. On subsequent executions it will "diff" the current output with the most previous run and provide that as separate output. This has a fairly rich feature set and has some comparisons to "tripwire". The scripts will operate without modification on Sun Solaris 2.3+, all versions of Linux that I've had the opportunity to test it on (Red Hat especially), HP-UX 9.0+, DEC v4.0+, and AIX. Designed specifically for this function, but also to operate on as many systems as possible without change. There is also substantial documentation enclosed. The gzip'd tar file is 123k. I'll gladly share the scripts with anyone who is interested, send me an email directly and I'll send the gzip'd tar file back. If the list moderator or someone will identify a more appropriate method, I'll provide the scripts that way. R, -Joe Wulf, CISSP ProSync Technology Group, LLC Senior IA Engineer (410) 772-7969 office -----Original Message----- From: Ben Nelson [mailto:lists () venom600 org] Sent: Wednesday, February 25, 2004 17:19 To: pen-test () securityfocus com Subject: Scanning tool that will track and report diffs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm looking for a scanning tool that I can run on a regular basis which will: track all results in a database (optional) and report differences between scan runs (primary functionality I'm looking for). I started down the road of writing a python wrapper for nmap which used nmap's XML result output to plug into a MySQL database. But, I thought that this has got to be something that a lot of network auditors have a need for; which is usually a good indication that there may be a tool that already does it. Another bit of functionality that I think would be pretty useful is the ability to 'base-line' a set of systems and then notify when they deviate from this baseline. Any suggestions? - --Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAPR843cL8qXKvzcwRAtvkAJ4zkrFWiDLlaLbFrvohI4IkKAwQ8ACgu1Ng J5iMid2wbOqd02/4DuvKFkk= =5as/ -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Scanning tool that will track and report diffs Ben Nelson (Feb 25)
- Re: Scanning tool that will track and report diffs R. DuFresne (Feb 26)
- Re: Scanning tool that will track and report diffs Scott M. Algatt (Feb 27)
- RE: Scanning tool that will track and report diffs Aditya, ALD [Aditya Lalit Deshmukh] (Feb 28)
- <Possible follow-ups>
- Re: Scanning tool that will track and report diffs Chris Kirschke (Feb 26)
- RE: Scanning tool that will track and report diffs Joseph.Wulf (Feb 26)
- Tool <was: Scanning tool that will track and report diffs> Joseph.Wulf (Feb 27)
- Re: Scanning tool that will track and report diffs Matt Bergen (Feb 27)
- Re: Scanning tool that will track and report diffs cloper (Feb 27)
- RE: Scanning tool that will track and report diffs Van Meter, John (Feb 27)