lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <7CDF1DDBDF91B486AB441763@utd49554.utdallas.edu>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Pattern matching search tool

--On Thursday, January 06, 2005 08:07:13 AM +0530 "ALD, Aditya, Aditya 
Lalit Deshmukh" <aditya.deshmukh@...ine.gateway.expertworks.net> wrote:
>
> Dear paul I think you answered your own question over here - its perl!

Yeah, I'm beginning to think that's what I'm going to have to do.

> However there is another tool ntop that I use quite a lot.
>
I apologize for the vague nature of my request.  I'm not looking for tools 
that can analyze network traffic.  I already have plenty of those.  I'm 
looking for tools that can search my network for *computers* that have 
*passive* (or active) content that I'd rather they didn't have.

The example I gave was phpBB.  If a worm named Santy comes out that attacks 
phpBB *specifically*, I'd like to know how many machines on my network have 
phpBB on them *regardless* of whether or not they have any active traffic.

There's a number of ways to do this manually.  You can Google for it, then 
check each box to see if it still has the installation (things change, you 
know.)  You could run nessus and correlate the data.  You could run nmap 
looking for the open ports (like 80) and then do some banner grabbing.

But all these methods involve labor *and* require that you react to an 
event.  I'm looking for something *proactive* that can "crawl" my network 
and report (by email or to mysql, etc.), that can be automated but allows 
me to do "special" searches if I want to.

Sort of a combination of ngrep, ntop, nessus, p0f, webcrawler, open port 
searcher, grep, find, locate, etc., etc.  A "Swiss army knife" discovery 
tool, if you will.

And the more I think about it, the more I feel a perl script coming on.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ