Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations


Presentation on theme: "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP Synergy! A world where the tools communicate Joshua “Jabra” Abraham Rapid7 LLC AppSec 09 November 12, 2009

2 OWASP Purpose of this talk  Raising the bar on pentesting  Build upon current tools  Leverage XML to automate pentesting tasks  Extract data for a correlation engine  What we are doing today  High-level overview of an improved process (COE)  Releasing several modules and Fierce v2 Beta 2

3 OWASP Why should you care?  Focus on tasks that require context  More exciting  Better/Larger assessments  Reduce reporting time!!  Customer’s get better quality for less time  Raising the bar on the Industry 3

4 OWASP Things to remember about Automation  Can’t automate manual review  Not all tools can be automated  Manual testing required  Context: “P!A!S!S!W!0!R!D=test”  Working towards the goals of the assessment 4 Enumeration Port Scanning Vulnerability Scanning Manual Review and Additional Testing Analysis and Reporting

5 OWASP Encourage developers to build tools with XML and APIs 5

6 OWASP Flow Diagram of Tools  Fierce  Enumeration domain (company.com)  Found several hosts, the most interesting: test.company.com  Nmap  Looking for open Ports  Found an open HTTP service on 8080  Nikto  Scan HTTP service  Found interesting directory /admin  Dirbuster  Bruteforce directory  Found /admin/secret/ 6 FierceNmapNiktoDirbuster

7 OWASP Programming Language Sounds like Earl, but starts with a “P”  The programming language is Perl  The following are NOT programming languages:  PERL, perl, Pearl  Cross Platform  Built for Scripting and Object Orientation  Libraries = modules  Load a module: use My::Module;  Docs  perldoc perl  perldoc My::Module 7

8 OWASP Fierce (Network Reconnaissance tool)  Enumerate non-contiguous address space  Version 1.0 built by Rsnake  Version 2.0 re-written by Jabra  Techniques in version 2  Find NS, MX records, Reverse Lookups + Wildcards  Improved Zone Transfer Testing for all DNS Servers  New method of Enumeration for  prefixes, extensions and subdomains(ask me if you are curious)  New Virtual Host detection  Improved Range enum based on subnet (PTRname)  New ARIN, ARPNIC, etc enumeration…. 8

9 OWASP Zone Transfer, who has that enabled?..... Ns1.secure.netNs2.secure.net 9

10 OWASP Fierce (Network Reconnaissance tool) 10

11 OWASP Example Usage of the Perl Modules 11

12 OWASP Setup Phase  The rest of the talk will be all code!  Loading the following modules: use Nikto::Parser; use Dirbuster::Parser; use Sslscan::Parser; use Fierce::Parser; use Burpsuite::Parser; 12

13 OWASP Setup Phase  Creating parser objects: my $np = new Nikto::Parser; my $dp = new Dirbuster::Parser; my $sp = new Sslscan::Parser; my $fp = new Fierce::Parser; my $bp = new Burpsuite::Parser; 13

14 OWASP Fierce::Parser 14 my $parser = $np->parse_file(‘google.xml’); my $node = $np->get_node(‘google.com’); my $bf = $node->bruteforce; print “Prefix Bruteforce:\n”; foreach my $n ( $bf->nodes ) { print “Hostname:\t”. $n->hostname. “\n”; print “IP:\t\t”. $n->ip. “\n”; }

15 OWASP Dirbuster::Parser my $parser = $dp->parse_file(‘dirbuster.xml’); = $parser->get_all_results(); print “Directories:\n”; { print “Path“. $_->path. “\n”; print “Type“. $_->type. “\n”; print “Response “. $_->response_code. “\n”; } 15

16 OWASP Burpsuite::Parser my $parser = $bp->parse_file(‘burpsuite.xml’); = $parser->get_all_issues(); { print $_->name. “\n”; print “Severity:“. $_->severity. “\n\n”; print “Description:\n”. $_->issue_background. “\n”; print “Proof of Concept:\n”. $_->issue_detail. “\n”; print “Recommendation:\n”; print $_->remediation_background. “\n”; } 16

17 OWASP Sslscan::Parser  Options for usage:  Parse XML output  Scan and parse XML inline 17

18 OWASP Sslscan::Parser my $parser = $sp->parse_file(‘domain.xml’); my $host = $parser->get_host(‘domain.com’); my $port = $host->get_port(‘443’); foreach my $i ( grep($_->status =~ $port->ciphers }) ) { print “sslversion “. $i->sslversion. “\n”; print “cipher “. $i->cipher. “\n”; print “bits “. $i->bits. “\n”; } 18

19 OWASP Nikto::Parser  Options for usage:  Scan and save XML for parsing later.  Scan and parse XML inline 19

20 OWASP Nikto::Parser my $parser = $np->parse_file(‘nikto.xml’); my $h = $parser->get_host(‘ ’); my $p = $h->get_port(’80’); print “Target is: “. $h->ip. “:”. $p->port. “\n”; print “Banner is: “. $p->banner. “\n\n”; foreach my $v $p->get_all_items(); } ) { print $v->description. “\n\n”; } 20

21 OWASP Summary  Extracting Data for Reporting and/or Correlation 21 Automated Testing ReconVulnerability ScanPort Scan Central Storage Engine CorrelationReporting View/Modify/Delete Data Manual Testing Context BasedFocus Driven

22 OWASP Encourage developers to build tools with XML and APIs 22

23 OWASP Contact Information  Joshua “Jabra” Abraham    Updated slides will be online this weekend:    Code online!    (comments, suggestions and patches welcome!) 23

24 OWASP Fierce::Parser 24

25 OWASP Dirbuster::Parser 25

26 OWASP Burpsuite::Parser 26

27 OWASP Sslscan::Parser 27

28 OWASP Nikto::Parser 28


Download ppt "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."

Similar presentations


Ads by Google