From: johnadams (johnadams@apple.com)
Date: Thu Oct 30 2003 - 18:38:45 EST
Awhile back I wrote a program that would convert nmap scan output into
VRML3D worlds.
It's still on sourceforge as 'nmap3d':
http://sourceforge.net/projects/nmap3d/
Someone else has a similar too, but it runs in Java:
http://sourceforge.net/projects/scanmap3d/
-john
On Thursday, October 30, 2003, at 12:04 PM, Robert E. Lee wrote:
> One more thing to throw into this conversation:
>
> Dan Kaminsky - http://www.doxpara.com of Paketto Keiretsu fame is
> working on some very cool updates to the scanrand tool. Currently it
> has the ability to output to SQL servers, which allows for some very
> sophisticated data correlation queries. You can also dump this
> information into other various tools for graphical summaries of the
> information.
>
> Just for kicks you might want to check out the following dump output:
> http://www.dyadsecurity.com/sample_dump
>
>
> This is just a taste of the graphical representations that are possible
> with your scan output. As an additional ISECOM - http://www.isecom.org
> related project I am working with Dan on a front-end to his tools with
> an emphasis on how to graphically represent this data.
>
> For now, if you're interested in playing with it, I'd suggest you find
> a
> copy of one of Dan's more recent talks (check the Black Hat conference
> repositories). These talks contain enough information to start playing
> with the new scanrand stuff.
>
> Just a quick usage primer:
> To dump to a mysql DB, create a new database and user account with full
> permissions to the new db.
>
> Create a new table in your new database:
> create table demotable (abs_tv_sec integer unsigned, abs_tv_usec
> integer
> unsigned, rel_tv_sec integer unsigned, rel_tv_usec integer unsigned,
> stat char(5), src varchar(64), dst varchar(64), port integer unsigned,
> hopcount integer unsigned, trace_hop integer unsigned, qos integer
> unsigned, trace_src varchar(64), trace_dst varchar(64), trace_mid
> varchar(64));
>
> Kick off a listening scanrand thread that dumps directly to your
> database:
> scanrand2 -e -L -s key -t0 -T demotable -M1 | mysql -u <mysql username>
> -p "demodb"
>
> Now you can do any set of scans/traceroutes that you want and have it
> all dump directly to your scanrand listener and populate your mysql
> database:
> scanrand2 -i <ip to send from> -S -s key -b200k
> <ip_range_to_scan>:<ports_to_scan>
>
> Now for a good sample query:
> select hopcount,dst,port,stat,trace_mid from demotable where src="<ip
> you sent from>" and stat!="DOWN" order by dst,port;
>
> That query shows you ICMP error messages, and active TCP ports. It
> orders it by the destination, and then by the port on the destination.
> It also shows you your hopcount (distance), and the server IP that send
> the ICMP message back to you. The possible ways to represent this data
> are numerous, and will be very "pretty"/graphical soon.
>
> If you have any other questions about this particular project, I'll try
> to keep up to date with my email account :). Also, if you're
> interested
> in helping with the coding of the front-end stuff, I could definitely
> use additional volunteers.
>
> Thanks,
>
> Robert
>
> Robert E. Lee
> CTO, http://www.dyadsecurity.com
>
> 3400 Irvine Ave, Building 118
> Newport Beach, Ca 92660
> T (949) 486-6600
> F (949) 486-6001
> robert@dyadsecurity.com
>
>
>
>
> -----------------------------------------------------------------------
> ----
> Network with over 10,000 of the brightest minds in information security
> at the largest, most highly-anticipated industry event of the year.
> Don't miss RSA Conference 2004! Choose from over 200 class sessions and
> see demos from more than 250 industry vendors. If your job touches
> security, you need to be here. Learn more or register at
> http://www.securityfocus.com/sponsor/RSA_pen-test_031023
> and use priority code SF4.
> -----------------------------------------------------------------------
> -----
>
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT