Synergy! A world where tools communicate
Transcript of Synergy! A world where tools communicate
![Page 1: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/1.jpg)
Synergy! A world where the tools communicate
Joshua “Jabra” Abraham
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Joshua “Jabra” Abraham
Rapid7 LLC
Fall 2009
![Page 2: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/2.jpg)
Purpose of this talk
�Raising the bar on pentesting
�Build upon current tools
�Leverage XML to automate pentesting tasks
�Extract data for a correlation engine
�What we are doing today
OWASP
�What we are doing today
�High-level overview of an improved process (COE)
�Releasing several modules
2
![Page 3: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/3.jpg)
Encourage developers to
build tools with XML and APIs
OWASP
build tools with XML and APIs
3
![Page 4: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/4.jpg)
Agenda (Intense 25 minutes)
�Programming focused talk
�A boat load of XML and parsers
�Automating the “stupid” stuff…
�Several new modules
OWASP 4
![Page 5: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/5.jpg)
Flow is Key
�UNIX tools
�Program
�Shell script
�Data processing
�txt => manual
Tools
Human
Database
OWASP
�txt => manual
5
![Page 6: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/6.jpg)
Add the Manual Aspect
�Computers are good at doing specific tasks
�Identifying Open Ports, Finding XSS and Bruteforcing passwords
�Humans are good at doing non-specific task
�Reasoning based on context
OWASP
�Reasoning based on context
6
![Page 7: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/7.jpg)
Level the playing field
�All components are equal. However, some components are more equal than others.
�We will focus on automated testing
Automated Central Storage Manual Testing
OWASP 7
Automated Testing
Recon
Port Scan
Vulnerability Scan
Central Storage Engine
Correlation
Reporting
View/Modify/Delete Data
Manual Testing
Context Based
Focus Driven
Goal Oriented
![Page 8: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/8.jpg)
Techniques
Passive Testing
Recon
Active Testing
Vulnerability ScanningPort
Scanning
OWASP 8
-
Net::Hostname
Fierce
Fierce::Parser
Nikto
Nikto::Parser
Sslscan
Sslscan::Parser
Dirbuster
Dirbuster::Parser
Nmap
Nmap::Parser
![Page 9: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/9.jpg)
Programming Language
Sounds like Earl, but starts with a “P”
�The programming language is Perl
�The following are NOT programming languages:
� PERL, perl, Pearl
�Cross Platform
OWASP
�Cross Platform
�Built for Scripting and Object Orientation
�Libraries = modules
�Load a module: use My::Module;
�Docs
�perldoc perl
�perldoc My::Module9
![Page 10: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/10.jpg)
Setup Phase
�The rest of the talk will be all code!
�Loading the following modules:
use Nikto::Parser;
use Dirbuster::Parser;
OWASP
use Dirbuster::Parser;
use Sslscan::Parser;
use Fierce::Parser;
use Net::Hostname;
10
![Page 11: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/11.jpg)
Setup Phase
�Creating parser objects:
my $np = new Nikto::Parser;
my $dp = new Dirbuster::Parser;
my $sp = new Sslscan::Parser;
OWASP
my $sp = new Sslscan::Parser;
my $fp = new Fierce::Parser;
11
![Page 12: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/12.jpg)
Net::Hostname
�Resolves Hostnames for IPv4 and IPv6
my $h = Net::Hostname->new(hostname => “www.google.com”);
OWASP
print $h->resolveIPv4 . “\n”;
#64.233.169.104
print $h->resolveIPv6 . “\n”;
#2001:4860:b002::68
12
![Page 13: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/13.jpg)
Fierce (Network Reconnaissance tool)
�Built to find IPs owned by your target
�Version 1.0 built by Rsnake
�Version 2.0 re-written by Jabra
�Techniques
�Enumerate DNS servers and check for Zone Transfer
OWASP
�Enumerate DNS servers and check for Zone Transfer
�Enumerate prefixes, extensions and subdomains
�Virtual Host detection
�Check for MX records and Wildcards
�Reverse Lookups based on Hostnames
�Range enumeration based on subnet
�ARIN, ARPNIC, etc enumeration….13
![Page 14: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/14.jpg)
Fierce (Network Reconnaissance tool)
OWASP 14
![Page 15: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/15.jpg)
Fierce::Parser
�Fierce has many output formats
�TXT, HTML and XML
�Parse Data from Fierce XML
OWASP 15
![Page 16: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/16.jpg)
Fierce::Parser
my $parser = $np->parse_file(‘google.xml’);
my $node = $np->get_node(‘google.com’);
my $bf = $node->bruteforce;
print “Prefix Bruteforce:\n”;
OWASP 16
print “Prefix Bruteforce:\n”;
foreach my $n ( $bf->nodes ) {
print “Hostname:\t” . $n->hostname . “\n”;
print “IP:\t\t” . $n->ip . “\n”;
}
![Page 17: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/17.jpg)
Fierce::Parser
OWASP 17
![Page 18: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/18.jpg)
Dirbuster
�Web Application Traversing
�Identifying locations that do not require authorization
�Runs on Linux, Windows and BSD
�OWASP project!
OWASP
�OWASP project!
�New version has XML Output!
18
![Page 19: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/19.jpg)
Dirbuster::Parser
my $parser = $dp->parse_file(‘dirbuster.xml’);
my @results = $parser->get_all_results();
print “Directories:\n”;
foreach(@results) {
OWASP
foreach(@results) {
print “Path“ . $_->path . “\n”;
print “Type“ . $_->type . “\n”;
print “Response “ . $_->response_code . “\n”;
}
19
![Page 20: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/20.jpg)
Dirbuster::Parser
OWASP 20
![Page 21: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/21.jpg)
Encourage developers to
build tools with XML and APIs
OWASP
build tools with XML and APIs
21
![Page 22: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/22.jpg)
Sslscan
�SSL Cipher testing
�Similar to SSLDigger
�Sslscan runs on Linux, Windows and BSD
�XML Output
Supports both HTTPS and SMTP
OWASP
�Supports both HTTPS and SMTP
22
![Page 23: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/23.jpg)
Sslscan::Parser
my $parser = $sp->parse_file(‘domain.xml’);
my $host = $parser->get_host(‘domain.com’);
my $port = $host->get_port(‘443’);
foreach my $i ( grep($_->status =~ /accepted/,
OWASP
foreach my $i ( grep($_->status =~ /accepted/, @{ $port->ciphers }) ) {
print “sslversion “ . $i->sslversion . “\n”;
print “cipher “ . $i->cipher . “\n”;
print “bits “ . $i->bits . “\n”;
}23
![Page 24: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/24.jpg)
Sslscan::Parser
OWASP 24
![Page 25: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/25.jpg)
Nikto::Parser
�Options for usage:
�Scan and save XML for parsing later.
�Scan and parse XML inline
OWASP 25
![Page 26: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/26.jpg)
Nikto::Parser
my $parser = $np->parse_file(‘nikto.xml’);
my $h = $parser->get_host(‘127.0.0.1’);
my $p = $h->get_port(’80’);
print “Target is: “ . $h->ip . “:” . $p->port . “\n”;
OWASP
print “Target is: “ . $h->ip . “:” . $p->port . “\n”;
print “Banner is: “ . $p->banner . “\n\n”;
foreach my $v ( @{ $p->get_all_items(); } ) {
print $v->description . “\n\n”;
}
26
![Page 27: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/27.jpg)
Nikto::Parser
OWASP 27
![Page 28: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/28.jpg)
Results
�Nikto::Parser – parse Nikto data
�Sslscan::Parser – parse Sslscan data
�Fierce::Parser – parse Fierce data
Dirbuster::Parser – parse Dirbuster data
OWASP
�Dirbuster::Parser – parse Dirbuster data
�Net::Hostname – resolve hostnames
�All code will be available at:
�http://spl0it.org
28
![Page 29: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/29.jpg)
Summary
�Extracting Data for the Central Storage Engine…
�Many tools, we have the choice how
�Shell scripts, XML Parsers or manually
Automated Central Storage
OWASP 29
Automated Testing
Recon
Vulnerability Scan
Port Scan
Central Storage Engine
Correlation
Reporting
View/Modify/Delete Data
Manual Testing
Context Based
Focus Driven
![Page 30: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/30.jpg)
Encourage developers to
build tools with XML and APIs
OWASP
build tools with XML and APIs
30
![Page 31: Synergy! A world where tools communicate](https://reader031.fdocuments.us/reader031/viewer/2022020703/61fb3eab2e268c58cd5be10e/html5/thumbnails/31.jpg)
Contact Information
�Joshua “Jabra” Abraham
�http://spl0it.wordpress.com
OWASP
�http://spl0it.wordpress.com
�http://spl0it.org/files/talks/appsec09
�(Final version of the slides, demos and code)
31