Penetration Testing mailing list archives
Tool <was: Scanning tool that will track and report diffs>
From: "Joseph.Wulf" <Joseph.Wulf () prosync com>
Date: Thu, 26 Feb 2004 21:56:18 -0500
As a follow-up to all. Those that have requested the tool should find it awaiting them in their email in-boxes. Would ask those that do take a stab at testing it and/or actually using it, provide feedback either to me personally for to all here for the benefit of the group. Constructive criticism as well as encouraging feedback is always welcome. Enjoy! Also, hopefully this will spawn other initiatives throughout the community to pony up a little time and energy to polish YOUR products and offer them to the community when and where applicable. Finally, in the private requests I'd received, were some comments, statements and questions. I'll address them here for the benefit of all without attribution. :) - If you requested it, and haven't received it from me by now, then please write back and lets workout any email difficulties. :) Probable reasons include bad typing on my part (duh), a full mailbox on your part, or other nefarious internet botulism (nah). If my email to you bounced, I'll manually try a second time, but will await your next email to me to see what we can do about it if that second attempt also fails. - Yes, I anticipated I'd be bombarded with requests. <grin> I consider that part of "giving" back to the community I "take" from. - I'm personally not aware of any exportation-from-the-US restrictions on this set of csh and awk scripts. If someone is aware, PLEASE clue me in. This stuff is simply an expedited "process" that is scripted in csh and awk. In the LONG-run, I'll presume that no replies to this issue means its DEAD. - Feel free to still request if you haven't already. As I've said, I believe in sharing the wealth. Also, feel free to pass the ORIGINAL gzip'd archive to anyone you wish. I encourage you to also independently share any changes, modifications, enhancements, etc that you embellish, but please do so after already sharing the original scripts. Further, if you do make any changes to suit your environment, please send along a copy to me, for the package's further perfection. - One person stated they were going to see if it runs under Micro$loth's OS using "cygwin". that will be an interesting test. Would like to know your results and success. If anyone has some free/spare time (ha) to maybe try these scripts on some other OS then what I've had access to and provide me with the results. I'd LOVE to know if they work on a CRAY, but figure the odds. - One person asked about if this was a product I'd market or could be brought to market. A partial answer is that I made the decision years ago that this was going to be a tool that I'd ALWAYS make freely available to anyone who wishes it. After my years of effort to date and the numerous give-aways I've already done, I've no intention of changing my mind on this. Thank you for the idea (offer?) to help me make more money, but I personally see my current decision as being far more personally rewarding/satisfying. R, -Joe Wulf, CISSP ProSync Technology Group, LLC Senior IA Engineer (410) 772-7969 office -----Original Message----- From: Joseph.Wulf [mailto:Joseph.Wulf () prosync com] Sent: Wednesday, February 25, 2004 22:17 To: lists () venom600 org; pen-test () securityfocus com Subject: RE: Scanning tool that will track and report diffs Ben, I can offer a tool for the "baseline", at least for Unix systems. Its not something I've "marketed", but freely offer to anyone that would want them. I've developed a shell script, in csh and supported by 5 awk scripts, that will essentially list an entire Unix filesystem and pack it away for reference. On subsequent executions it will "diff" the current output with the most previous run and provide that as separate output. This has a fairly rich feature set and has some comparisons to "tripwire". The scripts will operate without modification on Sun Solaris 2.3+, all versions of Linux that I've had the opportunity to test it on (Red Hat especially), HP-UX 9.0+, DEC v4.0+, and AIX. Designed specifically for this function, but also to operate on as many systems as possible without change. There is also substantial documentation enclosed. The gzip'd tar file is 123k. I'll gladly share the scripts with anyone who is interested, send me an email directly and I'll send the gzip'd tar file back. If the list moderator or someone will identify a more appropriate method, I'll provide the scripts that way. R, -Joe Wulf, CISSP ProSync Technology Group, LLC Senior IA Engineer (410) 772-7969 office -----Original Message----- From: Ben Nelson [mailto:lists () venom600 org] Sent: Wednesday, February 25, 2004 17:19 To: pen-test () securityfocus com Subject: Scanning tool that will track and report diffs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm looking for a scanning tool that I can run on a regular basis which will: track all results in a database (optional) and report differences between scan runs (primary functionality I'm looking for). I started down the road of writing a python wrapper for nmap which used nmap's XML result output to plug into a MySQL database. But, I thought that this has got to be something that a lot of network auditors have a need for; which is usually a good indication that there may be a tool that already does it. Another bit of functionality that I think would be pretty useful is the ability to 'base-line' a set of systems and then notify when they deviate from this baseline. Any suggestions? - --Ben -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAPR843cL8qXKvzcwRAtvkAJ4zkrFWiDLlaLbFrvohI4IkKAwQ8ACgu1Ng J5iMid2wbOqd02/4DuvKFkk= =5as/ -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Scanning tool that will track and report diffs Ben Nelson (Feb 25)
- Re: Scanning tool that will track and report diffs R. DuFresne (Feb 26)
- Re: Scanning tool that will track and report diffs Scott M. Algatt (Feb 27)
- RE: Scanning tool that will track and report diffs Aditya, ALD [Aditya Lalit Deshmukh] (Feb 28)
- <Possible follow-ups>
- Re: Scanning tool that will track and report diffs Chris Kirschke (Feb 26)
- RE: Scanning tool that will track and report diffs Joseph.Wulf (Feb 26)
- Tool <was: Scanning tool that will track and report diffs> Joseph.Wulf (Feb 27)
- Re: Scanning tool that will track and report diffs Matt Bergen (Feb 27)
- Re: Scanning tool that will track and report diffs cloper (Feb 27)
- RE: Scanning tool that will track and report diffs Van Meter, John (Feb 27)