Archive

Archive for December, 2008

Playing with Python – nmap XML port frequency

December 16th, 2008 1 comment

Two Python libraries have caught my attention lately, the first is lxml and the second is matplotlib. Ideally I wanted to write something short, just to get a feel for the basics of them. The goal was figuring out what I could do quickly so that I could play around with arguments and output, yet still have an actual result. I also wanted a nicely formatted useful XML file to parse. I ended up going with nmap's XML output. I also decided that I would plot the frequency of ports in the file.

Is this useful... perhaps? I could see a sys admin wanting a count of specific open ports on the network or a pen tester wanting to know the most common ports on a target network.

The python script is extremely basic and is called via nmap_port_frequency.py <XML Input> <png Output>. The result is an image similar to this:

The above image is the output from scanning three hosts.

Categories: IT, Python, Security, Tools Tags: , , , , ,

New Wordpress Theme

December 15th, 2008 No comments

The old site layout worked well for the last 2+ years, however I decided I needed something new. Certain lines were being cut off and I wanted to utilize page layout a little more.

Here's the result... using the iNove theme.

Categories: Site Related Tags: , ,

The Power of hexdump

December 15th, 2008 No comments

One of my favourite new commands has become hexdump. From time to time I go through my nepenthes hexdump folder to take a look at what I've recently seen.

These hexdumps on their own are fairly useless:

treguly@ns:/home/nepenthes/hexdumps$ cat ffa6fd1e9b143a4bd5ac705a570e3b21.bin
D CKFDENECFDEFFCFGAAAAAAAAAAAAAAAA EGFCEPEOFECACACACACACACACACACAAA
ÿSMBrSÈÿþbPC NETWORK PROGRAM 1.0LANMAN1.0Windows for Workgroups 3.1aLM1.2X002LANMAN2.1NT LM 0.12

However, when you make use of hexdump it becomes much more readable.

treguly@ns:/home/nepenthes/hexdumps$ hexdump -C ffa6fd1e9b143a4bd5ac705a570e3b21         .bin
00000000  81 00 00 44 20 43 4b 46  44 45 4e 45 43 46 44 45  |...D CKFDENECFDE|
00000010  46 46 43 46 47 41 41 41  41 41 41 41 41 41 41 41  |FFCFGAAAAAAAAAAA|
00000020  41 41 41 41 41 00 20 45  47 46 43 45 50 45 4f 46  |AAAAA. EGFCEPEOF|
00000030  45 43 41 43 41 43 41 43  41 43 41 43 41 43 41 43  |ECACACACACACACAC|
00000040  41 43 41 43 41 41 41 00  00 00 00 85 ff 53 4d 42  |ACACAAA......SMB|
00000050  72 00 00 00 00 18 53 c8  00 00 00 00 00 00 00 00  |r.....S.........|
00000060  00 00 00 00 00 00 ff fe  00 00 00 00 00 62 00 02  |.............b..|
00000070  50 43 20 4e 45 54 57 4f  52 4b 20 50 52 4f 47 52  |PC NETWORK PROGR|
00000080  41 4d 20 31 2e 30 00 02  4c 41 4e 4d 41 4e 31 2e  |AM 1.0..LANMAN1.|
00000090  30 00 02 57 69 6e 64 6f  77 73 20 66 6f 72 20 57  |0..Windows for W|
000000a0  6f 72 6b 67 72 6f 75 70  73 20 33 2e 31 61 00 02  |orkgroups 3.1a..|
000000b0  4c 4d 31 2e 32 58 30 30  32 00 02 4c 41 4e 4d 41  |LM1.2X002..LANMA|
000000c0  4e 32 2e 31 00 02 4e 54  20 4c 4d 20 30 2e 31 32  |N2.1..NT LM 0.12|
000000d0  00                                                |.|
000000d1

Of course, you could always pipe any output you have into hexdump. I have to say that I only really like it with the -C option, otherwise I haven't found a use for it yet.

Categories: IT, Tools Tags: ,

IP Resolution with nmap

December 7th, 2008 No comments

A question came to the nmap-dev mailing list regarding resolving IP Addresses in bulk. Doug replied with a command to do just that.  I decided that it was handy to keep around but I wanted to clean it up a little, so I turned it into this:

nmap -sL $1 2>/dev/null |
perl -ne 'print unless /^Host [\d.]+ /' |
grep 'not scanned' |
cut -d ' ' -f 2,3 |
sed -e 's/\(.*\) (\(.*\))/\2 resolves to \1/'

Which leads to output similar to this:

198.133.219.10 resolves to fed.cisco.com
198.133.219.11 resolves to asp-web-sj-1.cisco.com
198.133.219.12 resolves to asp-web-sj-2.cisco.com
198.133.219.13 resolves to fedtst.cisco.com
198.133.219.14 resolves to www.netimpactstudy.com
198.133.219.15 resolves to deployx-sj.cisco.com
198.133.219.16 resolves to contact-sj1.cisco.com
198.133.219.17 resolves to scc-sj-1.cisco.com
198.133.219.18 resolves to scc-sj-2.cisco.com
198.133.219.19 resolves to scc-sj-3.cisco.com
198.133.219.20 resolves to jmckerna-test.cisco.com
198.133.219.21 resolves to events.cisco.com
198.133.219.22 resolves to bam-prod-1.cisco.com
198.133.219.23 resolves to redirect.cisco.com
198.133.219.25 resolves to www.cisco.com
198.133.219.26 resolves to partners.cisco.com

Categories: IT, Tools Tags: , ,

An Example of the “Awesomeness” that is the Internet

December 2nd, 2008 2 comments

I came across this blog post on the Official Google Blog, which discusses a YouTube Symphony. This is one of the coolest things I've seen online in a long, long time. Perhaps it's the music lover in my that makes me simply love the idea, to the point that it makes me sad that I pawned my trumpet while I was in college. I do have a few other instruments and a few potentially "unique" ideas to submit. Either way I'm excited to submit a couple of videos to this and possibly convince my wife to as well.

Categories: Personal Tags: , , ,

Why Netbooks ARE Good Enough

December 1st, 2008 4 comments

Michael Arrington has an interesting post over at TechCrunch. It's a post that has drawn some controversy, controversy that I wanted to add to. Michael identifies three reasons why Netbooks aren't good enough and to put it plainly... he's wrong. I purchased my netbook (ASUS EEE PC 900) for traveling. I absolutely hate lugging around a full size laptop (and on occasion, two full size laptops). It does everything I want it to and then some.

Michael had three complaints. They were:

  1. Screen Size
  2. Keyboard
  3. Processing Power

So let's take a look at each of these (btw, I'm typing this entire post on my netbook).

Screen Size

I think this is the most interesting as Michael uses a screenshot from a Mac to demonstrate what you see on a Netbook... he's simply cropped the photo.

Here's his post (with the title showing) and he's correct, you don't see a lot.

However, I can easily scroll down with my mouse (Michael mentions that you need to use the trackpad or keyboard to scroll and that means taking your eyes of the screen... I don't know but I can scroll with either and my eyes never leave the screen... in addition, I always travel with a physical mouse.) So here's the article if you scroll to the start of the text, more than enough is displayed at once.

Keyboard

Up next was the keyboard, which Michael describes as 80-85% of the size of a regular keyboard. This is probably true, however the comment that no adult can type on it is bullshit. I'm not a small guy, and I definitely don't have small hands, yet I can type just fine. As proof... here's a online typing test screenshot... again done on my netbook

Processing Power

These netbooks definitely aren't loaded with processing power... but I'm not going to be running multiple virtual machines, 20 firefox tabs and a video game... I use it for email, word processing, surfing the net and occasionally a flash game. While it does slow down on certain flash games... so does my desktop. Netbooks are designed for Web 2.0... they don't need a lot of processing power because other than your browser not much will generally be happening locally.

Conclusion

In the end, netbooks are good enough... and they do exactly what they are designed to do. People may want to attach unintended labels to them and designate that they be used for tasks they weren't designed for... but that isn't the netbooks fault. I highly recommend a netbook to everyone that I talk to.

Categories: IT Tags: , , , , , ,