Monday, June 25, 2012

Scan Validation On Multi Address Devices



I received a email on this subject today. So I thought I would revive another chunk of concept code I did back in 2008.

Cheers m8



I seem to always be doing something creative now days with scan results but this one ... oh this one ... I was getting sick of doing by hand.

So .... here we go.

To simplify things I will toss out this example: Lets say we have 10 devices all with 10 addresses on each. We need to have 95% or better scan coverage but we shoot for 100% bar broken devices and such. The method we use allows that scanning a device on 1 of the addresses valid for all of them (flawed logic I know, don’t hate its not my logic).

What you get as tools: A systems inventory with a column of groupings (i.e  device 1, hostname, base IP address, etc.) and a column of all IP addresses. In addition you have scanner results, in my case Nessus .nbe files.

* Be careful to make virtual machines part of the base hosts group in your inventory*

How do you verify everything got scanned quickly and effectively?

(Keep in mind my scale is much bigger than 10 machines so it has to be automated)

Well I fist pull out the list of scanned IP addresses from Nessus (I have talked about this in other blog posts) and create scanned.txt a list of every IP address scanned.

awk -F ‘|’ ‘{print $3}’ *.nbe | sort -u > scanned.txt

I then create a inventory of just the two columns in a file called inventory.csv this is a list of Group, IP address in a csv.

At this point you are home free I have created a java app (download link above) to parse these two lists and give you ...... tada! A 3 column csv output from the command-line answering the question.

IP Address,  Device Interface Count, Addresses Scanned

Not only that, it will tell you how many items in the group, and on what addresses you scanned each address.

It’s fast, it’s quick, it’s dirty .... it works.

** Please not that I am not expert coder so if you have suggestions / modifications you see as helpful please post a comment. **

cheers all

Happy sampling

No comments:

Post a Comment