Tool <was: Scanning tool that will track and report diffs>

• Previous message: Blurred Vision: "Format String vuln in Inktomi Search4.0"
• In reply to: Joseph.Wulf: "RE: Scanning tool that will track and report diffs"
• Next in thread: Matt Bergen: "Re: Scanning tool that will track and report diffs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <lists@venom600.org>, <pen-test@securityfocus.com>
Date: Thu, 26 Feb 2004 21:56:18 -0500

As a follow-up to all. Those that have requested the tool should
find it awaiting them in their email in-boxes. Would ask those that do take
a stab at testing it and/or actually using it, provide feedback either to me
personally for to all here for the benefit of the group. Constructive
criticism as well as encouraging feedback is always welcome. Enjoy!

Also, hopefully this will spawn other initiatives throughout the community
to pony up a little time and energy to polish YOUR products and offer them
to the community when and where applicable.

Finally, in the private requests I'd received, were some comments,
statements and questions. I'll address them here for the benefit of all
without attribution. :)
- If you requested it, and haven't received it from me by now, then please
write back
   and lets workout any email difficulties. :) Probable reasons include
bad typing on
   my part (duh), a full mailbox on your part, or other nefarious internet
botulism (nah).
   If my email to you bounced, I'll manually try a second time, but will
await your next
   email to me to see what we can do about it if that second attempt also
fails.
- Yes, I anticipated I'd be bombarded with requests. <grin> I consider
that part of
   "giving" back to the community I "take" from.
- I'm personally not aware of any exportation-from-the-US restrictions on
this set of
   csh and awk scripts. If someone is aware, PLEASE clue me in. This stuff
is simply
   an expedited "process" that is scripted in csh and awk. In the LONG-run,
I'll presume
   that no replies to this issue means its DEAD.
- Feel free to still request if you haven't already. As I've said, I
believe in sharing
   the wealth. Also, feel free to pass the ORIGINAL gzip'd archive to
anyone you wish. I
   encourage you to also independently share any changes, modifications,
enhancements, etc
   that you embellish, but please do so after already sharing the original
scripts.
   Further, if you do make any changes to suit your environment, please send
along a copy
   to me, for the package's further perfection.
- One person stated they were going to see if it runs under Micro$loth's OS
using "cygwin".
   that will be an interesting test. Would like to know your results and
success. If
   anyone has some free/spare time (ha) to maybe try these scripts on some
other OS then
   what I've had access to and provide me with the results. I'd LOVE to
know if they work
   on a CRAY, but figure the odds.
- One person asked about if this was a product I'd market or could be
brought to market.
   A partial answer is that I made the decision years ago that this was
going to be a tool
   that I'd ALWAYS make freely available to anyone who wishes it. After my
years of effort
   to date and the numerous give-aways I've already done, I've no intention
of changing
   my mind on this. Thank you for the idea (offer?) to help me make more
money, but I
   personally see my current decision as being far more personally
rewarding/satisfying.

R,
-Joe Wulf, CISSP
 ProSync Technology Group, LLC
 Senior IA Engineer
 (410) 772-7969 office

-----Original Message-----
From: Joseph.Wulf [mailto:Joseph.Wulf@prosync.com]
Sent: Wednesday, February 25, 2004 22:17
To: lists@venom600.org; pen-test@securityfocus.com
Subject: RE: Scanning tool that will track and report diffs

Ben,

I can offer a tool for the "baseline", at least for Unix systems. Its not
something I've "marketed", but freely offer to anyone that would want them.
I've developed a shell script, in csh and supported by 5 awk scripts, that
will essentially list an entire Unix filesystem and pack it away for
reference.

On subsequent executions it will "diff" the current output with the most
previous run and provide that as separate output. This has a fairly rich
feature set and has some comparisons to "tripwire". The scripts will
operate without modification on Sun Solaris 2.3+, all versions of Linux that
I've had the opportunity to test it on (Red Hat especially), HP-UX 9.0+, DEC
v4.0+, and AIX. Designed specifically for this function, but also to
operate on as many systems as possible without change. There is also
substantial documentation enclosed. The gzip'd tar file is 123k.

I'll gladly share the scripts with anyone who is interested, send me an
email directly and I'll send the gzip'd tar file back. If the list
moderator or someone will identify a more appropriate method, I'll provide
the scripts that way.

R,
-Joe Wulf, CISSP
 ProSync Technology Group, LLC
 Senior IA Engineer
 (410) 772-7969 office
 
-----Original Message-----
From: Ben Nelson [mailto:lists@venom600.org]
Sent: Wednesday, February 25, 2004 17:19
To: pen-test@securityfocus.com
Subject: Scanning tool that will track and report diffs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm looking for a scanning tool that I can run on a regular basis which
will: track all results in a database (optional) and report differences
between scan runs (primary functionality I'm looking for). I started down
the road of writing a python wrapper for nmap which used nmap's XML result
output to plug into a MySQL database. But, I thought that this has got to
be something that a lot of network auditors have a need for; which is
usually a good indication that there may be a tool that already does it.
Another bit of functionality that I think would be pretty useful is the
ability to 'base-line' a set of systems and then notify when they deviate
from this baseline. Any suggestions?
- --Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAPR843cL8qXKvzcwRAtvkAJ4zkrFWiDLlaLbFrvohI4IkKAwQ8ACgu1Ng
J5iMid2wbOqd02/4DuvKFkk=
=5as/
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Blurred Vision: "Format String vuln in Inktomi Search4.0"
• In reply to: Joseph.Wulf: "RE: Scanning tool that will track and report diffs"
• Next in thread: Matt Bergen: "Re: Scanning tool that will track and report diffs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]