########################################################################## # package SomaData.pm # This Perl module contains variable definitions for the Soma project # V Who When What # --------------------------------------------------------------------------- # 1.4.6 skendric 02-13-2009 Fiddle with route hash names # 1.4.5 skendric 01-21-2009 Consult WINS when querying for NetBIOS names # 1.4.4 skendric 07-03-2008 Add %voipRoute # 1.4.3 skendric 06-16-2008 Add more constants # 1.4.2 skendric 06-09-2008 Add Net-SNMP support # 1.4.1 skendric 04-11-2007 Add constants # 1.4.0 skendric 02-26-2006 Add wimpySnmp* variables # 1.3.9 skendric 09-24-2005 Add SCCA-specific network definition # 1.3.8 skendric 08-25-2005 Add ifAdminStatus and WAP variables # 1.3.7 skendric 07-25-2005 Add LDAP server-related variables # 1.3.6 skendric 07-09-2005 Change @skipNode to @router_node # 1.3.5 skendric 06-14-2005 Add $wallJackSheet, remove %wallJack # 1.3.4 skendric 02-17-2005 Add %ports # 1.3.3 skendric 02-14-2005 Add syslog, Excel variables # 1.3.2 skendric 02-13-2005 Add %excludeRoute # 1.3.1 skendric 02-11-2005 Add %nessusIncludeRoute, remove %nessusHoles # 1.3.0 skendric 02-09-2005 Convert %hostname to %nodename # 1.2.9 skendric 02-04-2005 Add %nessusHoles # 1.2.8 skendric 02-01-2005 %dnsname becomes 'shared' # 1.2.7 skendric 01-23-2005 Add more Nessus exclude variables # 1.2.6 skendric 01-12-2005 Add DNS variable # 1.2.5 skendric 01-12-2005 Add Nessus exclude variables # 1.2.4 skendric 01-03-2005 Add more Nessus variables # 1.2.3 skendric 11-20-2004 Add Nessus variables # 1.2.2 skendric 09-12-2004 Add nmap variables # 1.2.1 skendric 09-04-2004 Add netBiosMac, skipNode # 1.2.0 skendric 08-28-2004 Add thread/serial modes # 1.1.2 skendric 08-26-2004 Add thread processing variables # 1.1.1 skendric 08-25-2004 More database-related variables # 1.1.0 skendric 07-19-2004 Add database-related variables # 1.0.6 skendric 07-13-2004 Add CAM related variables # 1.0.5 skendric 07-02-2004 Add ARP related variables # 1.0.4 skendric 06-18-2004 Add esx/rtr_suffixes # 1.0.3 skendric 06-18-2004 Add Plebian SNMP concept # 1.0.2 skendric 06-06-2004 Add $referenceRouter # 1.0.1 skendric 06-05-2004 Remove subroutines # 1.0.0 skendric 06-04-2004 First version # # # # Authors: Stuart Kendrick # # Source: http://www.skendric.com/device/soma # # This software is available under the GNU GENERAL PUBLIC LICENSE, see # http://www.fsf.org/licenses/gpl.html # package FHCRC::VDOPS::SomaData; #### Load modules #### use strict; use warnings; use threads; use threads::shared; use English; use Exporter; use Readonly; use Switch; #### Set-up export stuff #### our @ISA = qw(Exporter); our @EXPORT = qw( $dbDriver $dbHost $dbName $dbPort $dbRoPass $dbRoUser $dbRwPass $dbRwUser $dbiDebug $dbiTrace $debug $fping_backoff $fping_binary $fping_interval $fping_max $fping_retries $fping_timeout $grabhosts $job $ldapBase $ldapBindDN $ldapBindPW $ldapPort $ldapTLS $logNessusSkips $logSkippedRoutes $nessusAddrChunk $nessusHost $nessusPass $nessusPluginDir $nessusPort $nessusPrefs $nessusFavScanner $nessusTLS $nessusUser $nmap $nmap_exclude_file $nmapParam $ping_count $ping_timeout $poe_ping_max $processArpTimeout $processCamTimeout $processCharTimeout $processDnsTimeout $processHostSnmpTimeout $processIfAdminTimeout $processNetbiosTimeout $processNessusTimeout $processNmapTimeout $processVlanTimeout $processWAPTimeout $referenceRouter $snmp_max_rep $snmp_max_msg_size $snmp_module $snmp_non_rep $snmp_port $snmp_retries $snmp_timeout $snmp_translate $syslog_facility $syslog_host $syslog_port $syslog_priority $syslog_socket $thrMode $thrWait $wallJackFile $wallJackSheet $wins_file @esx_suffixes @ldapServer @mib_dir @mib_file @nessusScanner @router_node @rtr_suffixes @skip_name @snmp_read_list @snmp_read_plebian @snmp_version_list @snmp_version_plebian @suffixes @wap_suffixes @wimpy_snmp_read_list @wimpy_snmp_version_list %arp %cam %dnsname %error %esx %excludeRoute %ifAdminStatus %includeRoute %monkRoute %nessusExcludeAddr %nessusExcludeNode %nessusExcludeString %nessusExcludeRoute %nessusExcludeSuffix %nessusIncludeRoute %netBiosMac %netBiosName %netBiosUser %nmapExcludeRoute %nodename %osName %osVendor %osVersion %ports %routeTable %rtr %snmp_read %snmp_version %sysDescr %sysObjectID %wap %wapClients %wins %vlan %voipRoute $INTEGER $KILOBYTE $GIGABYTE $MEGABYTE $SIXTYFOURBIT $THIRTYTWOBIT $TOCKS $APOSTROPHE $BANG $COLON $COMMA $CR $DASH $DOT $DOUBLE_QUOTE $EMPTY_STR $HASH $cd11IfAssignedSta_oid $dot1dTpFdbAddress_oid $dot1dTpFdbPort_oid $dot1dBasePortIfIndex_oid $ifAdminStatus_oid $ifDescr_oid $ifOperStatus_oid $ifName_oid $ipNetToMediaPhysAddress_oid $ipRouteMask_oid $vtpVlanState_oid $NA $QUERY $SINGLE_QUOTE $SLASH $SPACE $TILDE $sysDescr_oid $sysObjectID_oid ); # Hashes are keyed by IP addresses ##### Declare exported thread-safe variables #### # shared hashes are keyed by IP address unless otherwise noted our %arp : shared; # ifDescr 'dash' MAC address our %error : shared; # Place to gather error messages our %dnsname : shared; # DNS names keyed by IP address our %nodename : shared; # gethostbyaddr($ip) our %netBiosMac : shared; # MAC address of workstation, acquired # via a NetBIOS name look-up our %netBiosName : shared; # NetBIOS name of workstation service our %netBiosUser: shared; # NetBIOS name of logged on user our %osName : shared; # 'org_name' keyed by 'os_name' our %osVendor : shared; # IP address keyed by 'org_name' (typically, # I throw away the IP address information, # when it comes time to update Soma) our %osVersion : shared; # String which looks as follows: # "os_name,version,revision,version_name" # keyed by the IP address of ethernet switches our %snmp_read : shared; # SNMP read community string our %snmp_version : shared; # SNMP version our %sysDescr : shared; # Contents of sysDescr.0 our %sysObjectID : shared; # Contents of sysObjectID.0 our %vlan : shared; # Hash of strings listing vlans (seperated by # spaces), keyed by esx ##### Declare exported thread-unaware variables our %cam; # Hash of references to a data structure # (string) containing the VLAN <-> MAC Address # <-> ifName information, keyed by esx our $dbDriver; # DBD name of driver our $dbHost; # Name of machine hosting $dbName our $dbName; # Name of the database holding Soma data our $dbPort; # Port on $dbHost listening for $dbName connections our $dbRoPass; # Password associated with $dbRoUser our $dbRwPass; # Password associated with $dbRwUser our $dbRoUser; # Database username which has read-only # privileges to $dbName our $dbRwUser; # Database username which has read-write # privileges to $dbName our $dbiDebug; # DBI debug level our $dbiTrace; # File name used to log DBI tracing our $debug; # Debug level our %excludeRoute; # Hash of subnet masks keyed by route which # low-key data collection routines will ignore our %esx; # Switch names keyed by IP address our @esx_suffixes; # The string(s) which terminates ethernet switch # names our $fping_backoff; # Backoff factor for fping invocations our $fping_binary; # Location of fping binary our $fping_interval; # Interval in milliseconds between the pings # which fping emits. Must be root to set this # below 10 our $fping_max; # Maximum number of hosts to ping per fping pass our $fping_retries; # Number of times fping will retry an # unresponsive target -- current version of fping # restricts this value to the range 1-3 our $fping_timeout; # Time in seconds which fping will wait before # declaring a ping missed our $grabhosts; # Command to use to acquuire hosts table our %ifAdminStatus; # Hash of references to hashes: ifName => {status}, # where status is either 1 (up), 2 (dn), or 3 # (testing), keyed by esx our %includeRoute; # List of major networks used to filter route table our $job; # Interactive or batch our $ldapBase; # Base from which to perform LDAP searches our $ldapBindDN; # binddn for LDAP binds our $ldapBindPW; # password to use in conjunction with ldapBinDN our $ldapPort; # TCP port to which to send LDAP traffic our $ldapTLS; # Boolean for enabling ldaps our @ldapServer; # Hostnames or IP addresses of LDAP servers our $logNessusSkips; # Boolean for whether or not I log a 'Nessus # skip event', the situation where I avoid # scanning an address because it belongs to # one of the *nessusExclude variables our $logSkippedRoutes; # Boolean for whether or not 'skip_networks' # logs a 'skipped this route' event our @mib_dir; # Directories to search when looking for MIB files our @mib_file; # List of MIB files to load (or simply 'ALL') our %monkRoute; # List of routes belonging to MonkNet; unlikely # to contain interesting nodes our $nessusAddrChunk; # Number of addresses to hand to a nessus thread our $nessusFavScanner; # The name of the port scanner nasl to use # (if empty, will use *all* port scanners) our $nessusHost; # Host housing nessusd our $nessusPass; # Password for $nessusUser our $nessusPluginDir; # Directory where Nessus plugins live our $nessusPort; # Port on which nessusd is listening our $nessusPrefs; # Reference to a hash of Nessus preferences our %nessusExcludeAddr; # Hash of garbage strings keyed by IP address ... # the Nessus scan routines will skip any # IP address listed here. The garbage strings # are ignored our %nessusExcludeNode; # Hash of garbage strings keyed by nodenames ... # the Nessus scan routines will skip any # nodename listed here. The garbage strings # are ignored our %nessusExcludeRoute; # Hash of routes/masks which Nessus will not scan our %nessusExcludeString; # Hash of strings within nodenames which Nessus # will not scan ... values define conditions # ('all' means "never scan"; 'dos' means "don't # scan with DoS plugins"; 'safe' means "don't # scan with 'safe' plugins"). I haven't actually # implemented the code which will use the values # yet ... at the moment, the existence of a key # translates into "never scan" our %nessusExcludeSuffix; # Hash of suffixes of nodenames which Nessus # will not scan; see above for definition of # values our %nessusIncludeRoute; # Hash of routes/masks which Nessus will scan our @nessusScanner; # List of NASLs which are port scanners our $nessusTLS; # Boolean for enabling TLS mode our $nessusUser; # Username for logging into nessusd our $nmap; # Location of nmap binary our $nmap_exclude_file; # File containing a list of hosts to be excluded # from nmap os detection our %nmapExcludeRoute; # Hash of routes/masks which Nmap will not scan our $nmapParam; # Parameters handed to nmap our $ping_count; # Number of pings to send before giving up our $ping_timeout; # Seconds to wait before declaring a ping lost our $poe_ping_max; # Maximum number of outstanding pings for # POE::Component::Client::Ping's heap our %ports; # Data structure holding ports, slots, and vlans, our $processArpTimeout; # Influences how long I wait for a router's # ARP table to reach me our $processCamTimeout; # Influences how long I wait for a switch's # CAM table to reach me our $processCharTimeout; # Influences how long I wait for a device # to respond to snmp_char queries our $processDnsTimeout; # Influences how long I wait for DNS look-ups our $processHostSnmpTimeout; # Influences how long I wait for get_host_snmp # to walk a subnet our $processIfAdminTimeout; # Influences how long I wait for a switch's # ifAdminStatus table to reach me our $processNetbiosTimeout; # Influences how long I wait for get_netbios_name # to walk a subnet our $processNessusTimeout; # Influences how long I wait for gather_nessus_vuln # to walk a subnet our $processNmapTimeout; # Influences how long I wait for the # get_nmap_os_guess to walk a subnet our $processVlanTimeout; # Influences how long I wait for a switch's # VLAN table to reach me our $processWAPTimeout; # Influences how long I wait for a WAP's # associated client table to reach me our $referenceRouter; # IP address of a router whom we can query # for a complete route table our %route; # Sequential integers keyed by IP routes our @router_node; # If an IP address ends in one of these numbers, # I skip it. I use this to skip router addresses, # which, in my environment, typically employ # the same MAC address on multiple interfaces ... # Soma can't handle this, so I skip them our %routeTable; # IP subnet masks keyed by routes our %rtr; # Router names keyed by IP address our @rtr_suffixes; # The string(s) which terminates router names our @skip_name; # If a nodename contains one of these strings, # I skip it when building lists based on suffixes our $snmp_module; # Either net-snmp 'SNMP' or Towne's 'Net::SNMP' our @snmp_read_list; # List of possible SNMP read community strings # for gear we own our @snmp_read_plebian; # List of possible SNMP read community strings # for gear we don't own our $snmp_timeout; # Time to wait before declaring a request lost our $snmp_translate; # 0 or 1: the SNMP.pm UseSprintValue parameter our @snmp_version_list; # List of possible SNMP versions (1, 2c, 3) # for gear we own our @snmp_version_plebian; # List of possible SNMP versions (1, 2) for # gear we don't own our $snmp_max_msg_size; # Maximum size of SNMP PDU in bytes our $snmp_max_rep; # Maximum number of iterations over the repeating # variables: an snmpbulkwalk parameter our $snmp_non_rep; # Number of supplied variables that should not be # iterated over: an snmpbulkwalk parameter our $snmp_port; # UDP port on which remote SNMP daemon is listening our $snmp_retries; # Number of requests to send before giving up our @suffixes; # Strings terminating devices we own our $syslog_facility; our $syslog_host; our $syslog_port; our $syslog_priority; our $syslog_socket; # Socket type to use when sending msgs to syslog; # not used under Windows. See 'perldoc Sys::Syslog' # for details our $thrMode; # Boolean which determines whether or not # to spawn parallel threads our $thrWait; # Initial number of seconds to wait for # a collection of threads to complete our %voipRoute; # Hash of subnet masks keyed by route which # identify the VoIP subnets our $wallJackFile; # Name of CSV or XLS file containing switch, # slot, port, jack information our $wallJackSheet; # Name of sheet within $wallJackFile (only # relevant if $wallJackFile is in XLS format) our %wap; # WAP names keyed by IP address our %wapClients; # Hash of references to arrays of MAC addresses, # keyed by WAP hostname our @wap_suffixes; # The string(s) which terminates wireless access # point names our @wimpy_snmp_read_list; # List of 8 character SNMP strings our @wimpy_snmp_version_list; # List of possible SNMP versions (1, 2c, 3) # associated with wimpy_snmp_read_list our %wins; # Hash of WINS names keyed by IP address our $wins_file; # Location of file containing a dump of the # WINS database # Declare/Define Constants Readonly our $KILOBYTE => 1024; Readonly our $GIGABYTE => 1073741824; Readonly our $MEGABYTE => 1048576; Readonly our $SIXTYFOURBIT => 18446744073709551616; Readonly our $THIRTYTWOBIT => 4294967296; Readonly our $TOCKS => 6000; # Num of TimeTicks in a minute Readonly our $APOSTROPHE => q{'}; Readonly our $BANG => q{!}; Readonly our $COLON => q{:}; Readonly our $COMMA => q{,}; Readonly our $CR => q{\n}; Readonly our $DASH => q{-}; Readonly our $DOT => q{.}; Readonly our $DOUBLE_QUOTE => q{"}; Readonly our $EMPTY_STR => q{}; Readonly our $HASH => q{#}; Readonly our $cd11IfAssignedSta_oid => q{.1.3.6.1.4.1.9.9.272.1.1.1.8.1.2}; Readonly our $dot1dTpFdbAddress_oid => q{.1.3.6.1.2.1.17.4.3.1.1}; Readonly our $dot1dTpFdbPort_oid => q{.1.3.6.1.2.1.17.4.3.1.2}; Readonly our $dot1dBasePortIfIndex_oid => q{.1.3.6.1.2.1.17.1.4.1.2}; Readonly our $ifAdminStatus_oid => q{.1.3.6.1.2.1.2.2.1.7}; Readonly our $ifDescr_oid => q{.1.3.6.1.2.1.2.2.1.2}; Readonly our $ifOperStatus_oid => q{.1.3.6.1.2.1.2.2.1.8}; Readonly our $ifName_oid => q{.1.3.6.1.2.1.31.1.1.1.1}; Readonly our $ipNetToMediaPhysAddress_oid => q{.1.3.6.1.2.1.4.22.1.2}; Readonly our $ipRouteMask_oid => q{.1.3.6.1.2.1.4.21.1.11}; Readonly our $sysDescr_oid => q{.1.3.6.1.2.1.1.1.0}; Readonly our $sysObjectID_oid => q{.1.3.6.1.2.1.1.2.0}; Readonly our $vtpVlanState_oid => q{.1.3.6.1.4.1.9.9.46.1.3.1.1.2}; Readonly our $NA => q{n/a}; Readonly our $QUERY => q{?}; Readonly our $SINGLE_QUOTE => q{'}; Readonly our $SLASH => q{/}; Readonly our $SPACE => q{ }; Readonly our $TILDE => q{~}; #### Define special variables #### # Set AUTOFLUSH to true to support printing the "!" progress marks $OUTPUT_AUTOFLUSH = 1; #### Define exported variables #### # Interactive or batch if (-t STDIN) { $job = 'interactive' } else { $job = 'batch' } # Database $dbDriver = 'dbi:Pg'; $dbHost = 'localhost'; $dbName = 'soma'; $dbPort = '5432'; $dbRoUser = 'username'; $dbRoPass = 'password'; $dbRwUser = 'another-username'; $dbRwPass = 'another-pasword'; # Debug stuff $dbiDebug = 0; # Levels 0 - 15 $dbiTrace = 'dbiTraceFile.log'; $debug = 0; # 10 = Enable insane subroutine tracing # 9 = Enable large SELECT debugging # 8 = Enable per IP/MAC/Port debugging # 7 = Enable insert/update/delete debugging # 6 = Enable Data::Dumping SNMP variables # 5 = Enable dumping snmp_packets # 4 = Enable absurd debugging: dump huge var # 3 = Enable grody debugging: dump big var # 2 = Enable verbose debugging: dump small var # 1 = Enable basic debugging: subroutine trace # 0 = Disable debugging $SNMP::verbose = $debug; # Enable/disable SNMP error messages $SNMP::dump_packet = 1 if $debug == 5; # Excel stuff #$wallJackFile = '/home/soma/etc/port2jack.csv'; $wallJackFile = '/home/soma/etc/port2jack.xls'; $wallJackSheet = 'PortsAndJacks'; # IP Space %includeRoute = ( '10.7.0.0' => '255.255.0.0', '10.112.0.0' => '255.255.0.0', '10.201.0.0' => '255.255.0.0', '10.202.0.0' => '255.255.0.0', '10.203.0.0' => '255.255.0.0', '76.18.94.0' => '255.255.224.0', '10.12.0.0' => '255.255.0.0', ); %excludeRoute = ( '10.12.0.0' => '255.255.254.0', '10.12.4.0' => '255.255.248.0', '10.12.8.0' => '255.255.252.0', '10.12.253.0' => '255.255.255.0', ); %monkRoute = ( '10.112.0.0' => '255.255.0.0', ); %voipRoute = ( '10.7.0.0' => '255.255.0.0', ); # Host binaries $grabhosts = '/bin/cat /etc/hosts'; #$grabhosts = '/usr/bin/niscat hosts.org_dir'; # Reference Router $referenceRouter = '10.12.8.205'; # LDAP stuff $ldapBase = 'dc=company,dc=com'; $ldapBindDN = 'username@company.com'; $ldapBindPW = 'password'; $ldapPort = 10389; $ldapTLS = 1; @ldapServer = qw/ad00 ad01 ad02 ad03/; # Logging stuff $logSkippedRoutes = 1; # Name strings @esx_suffixes = qw/-esx/; @rtr_suffixes = qw/-rtr/; @suffixes = qw/-ap -agw -dgw -emu -esx -hvac -kvm -mc -pdu -rad -rtr -ups -vpn/; @wap_suffixes = qw/-ap/; # Nessus stuff $nessusAddrChunk = 20; %nessusExcludeNode = ( ); %nessusExcludeAddr = ( ); %nessusExcludeRoute = ( ); %nessusIncludeRoute = ( ); %nessusExcludeString = ( 'hp1' => 'all', 'hp2' => 'all', 'hp3' => 'all', 'hp4' => 'all', 'hp5' => 'all', 'hp6' => 'all', 'hp7' => 'all', 'lj1' => 'all', 'lj2' => 'all', 'lj3' => 'all', 'lj4' => 'all', 'lj5' => 'all', 'lj6' => 'all', 'lj7' => 'all', 'printer' => 'all', 'ricoh' => 'all', 'rtr' => 'all', ); %nessusExcludeSuffix = ( '-ap' => 'all', '-bat' => 'dos', '-dcp' => 'all', '-emu' => 'dos', '-esx' => 'all', '-ips' => 'all', '-mon' => 'dos', '-netport' => 'dos', '-pdu' => 'dos', '-rad' => 'all', '-rtr' => 'all', '-ups' => 'dos', ); $nessusFavScanner = 'nessus_tcp_scanner.nes'; $nessusHost = 'nessus.company.com'; $nessusPass = 'password'; $nessusPluginDir = '/opt/nessus/lib/nessus/plugins'; $nessusPort = 1241; $nessusPrefs = { auto_enable_dependencies => 'yes', checks_read_timeout => '1', ntp_proto => '1.2', ping_hosts => 'yes', port_range => '1-65535', optimize_test => 'yes', safe_checks => 'no', 'Brute force login (Hydra)[entry]:Number of simultaneous connections :' => '4', 'Brute force login (Hydra)[file]:Logins file :' => '', 'Brute force login (Hydra)[file]:Passwords file :' => '', 'Brute force login (Hydra)[checkbox]:Brute force telnet :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force FTP :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force POP3 :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force IMAP :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force cisco :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force cisco-enable :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force VNC :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force SOCKS 5 :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force rexec :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force NNTP :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force HTTP :' => 'no', 'Brute force login (Hydra)[entry]:Web page to brute force :' => '', 'Brute force login (Hydra)[checkbox]:Brute force ICQ :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force PCNFS :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force SMB :' => 'no', 'Brute force login (Hydra)[checkbox]:Brute force LDAP :' => 'no', 'SMB use host SID to enumerate local users[entry]:Start UID :' => '1000', 'SMB use host SID to enumerate local users[entry]:End UID :' => '1200', 'SMB use domain SID to enumerate users[entry]:Start UID :' => '1000', 'SMB use domain SID to enumerate users[entry]:End UID :' => '1200', 'Web mirroring[entry]:Number of pages to mirror :' => '200', 'Web mirroring[entry]:Start page :' => '/', 'SMB Scope[checkbox]:Request information about the domain :' => 'yes', 'NIDS evasion[radio]:TCP evasion technique :' => 'none', 'NIDS evasion[checkbox]:Send fake RST when establishing a TCP connection :' => 'no ', 'ftp writeable directories[radio]:How to check if directories are writeable :' => 'Attempt to store a file', 'HTTP NIDS evasion[entry]:HTTP User-Agent :' => '', 'HTTP NIDS evasion[checkbox]:Use HTTP HEAD instead of GET :' => 'no', 'HTTP NIDS evasion[radio]:URL encoding :' => 'none', 'HTTP NIDS evasion[radio]:Absolute URI type :' => 'none', 'HTTP NIDS evasion[radio]:Absolute URI host :' => 'none', 'HTTP NIDS evasion[checkbox]:Double slashes :' => 'no', 'HTTP NIDS evasion[radio]:Reverse traversal :' => 'none', 'HTTP NIDS evasion[checkbox]:Self-reference directories :' => 'no', 'HTTP NIDS evasion[checkbox]:Premature request ending :' => 'no', 'HTTP NIDS evasion[checkbox]:CGI.pm semicolon separator :' => 'no', 'HTTP NIDS evasion[checkbox]:Parameter hiding :' => 'no', 'HTTP NIDS evasion[checkbox]:Dos/Windows syntax :' => 'no', 'HTTP NIDS evasion[checkbox]:Null method :' => 'no', 'HTTP NIDS evasion[checkbox]:TAB separator :' => 'no', 'HTTP NIDS evasion[checkbox]:HTTP/0.9 requests :' => 'no', 'HTTP NIDS evasion[entry]:Force protocol string :' => '', 'HTTP NIDS evasion[checkbox]:Random case sensitivity (Nikto only) :' => 'no', 'Unknown CGIs arguments torture[checkbox]:Send POST requests :' => 'no', 'SSH settings[entry]:SSH user name :' => 'sthg', 'SSH settings[password]:SSH password (unsafe!) :' => '', 'SSH settings[file]:SSH public key to use :' => '/home/soma/.ssh/id_dsa.pub', 'SSH settings[file]:SSH private key to use :' => '/home/soma/.ssh/id_dsa', 'SSH settings[password]:Passphrase for SSH key :' => '', 'Global variable settings[checkbox]:Enable experimental scripts :' => 'no', 'Global variable settings[checkbox]:Thorough tests (slow) :' => 'no', 'Global variable settings[radio]:Report verbosity :' => 'Normal', 'Global variable settings[radio]:Report paranoia :' => 'Normal', 'Global variable settings[radio]:Log verbosity :' => 'Normal', 'Global variable settings[entry]:Debug level :' => '0', 'Services[entry]:Number of connections done in parallel :' => '5', 'Services[entry]:Network connection timeout :' => '5', 'Services[entry]:Network read/write timeout :' => '5', 'Services[entry]:Wrapped service read timeout :' => '2', 'Services[file]:SSL certificate :' => '', 'Services[file]:SSL private key :' => '', 'Services[password]:PEM password :' => ' ', 'Services[file]:CA file :' => '', 'Services[radio]:Test SSL based services :' => 'All', 'Login configurations[entry]:HTTP account :' => '', 'Login configurations[password]:HTTP password (sent in clear) :' => '', 'Login configurations[entry]:NNTP account :' => '', 'Login configurations[password]:NNTP password (sent in clear) :' => '', 'Login configurations[entry]:FTP account :' => 'ftp', 'Login configurations[password]:FTP password (sent in clear) :' => 'guest', 'Login configurations[entry]:FTP writeable directory :' => '/pub', 'Login configurations[entry]:POP2 account :' => '', 'Login configurations[password]:POP2 password (sent in clear) :' => '', 'Login configurations[entry]:POP3 account :' => '', 'Login configurations[password]:POP3 password (sent in clear) :' => '', 'Login configurations[entry]:IMAP account :' => '', 'Login configurations[password]:IMAP password (sent in clear) :' => '', 'Login configurations[entry]:SMB account :' => 'stgh', 'Login configurations[password]:SMB password :' => 'secret', 'Login configurations[entry]:SMB domain (optional) :' =>'', 'Login configurations[checkbox]:Never send SMB credentials in clear text' => 'yes', 'Login configurations[checkbox]:Only use NTLMv2 :' => 'no', 'Login configurations[entry]:SNMP community (sent in clear) :' =>'', 'Misc information on News server[entry]:From address :' => 'Security Testing ', 'Misc information on News server[entry]:Test group name regex :' => 'f[a-z]\.tests?', 'Misc information on News server[entry]:Max crosspost :' => '7', 'Misc information on News server[checkbox]:Local distribution :' => 'yes', 'Misc information on News server[checkbox]:No archive :' => 'no', 'HTTP login page[entry]:Login page :' => '/', 'HTTP login page[entry]:Login form :' => '', 'HTTP login page[entry]:Login form fields :' => 'user=%USER%&pass=%PASS%', 'SMTP settings[entry]:Third party domain :' => 'example.com', 'SMTP settings[entry]:From address :' => 'nobody\@example.com', 'SMTP settings[entry]:To address :' => 'postmaster\@[AUTO_REPLACED_IP]', 'Ping the remote host[entry]:TCP ping destination port(s) :' => 'built-in', 'Ping the remote host[checkbox]:Do a TCP ping :' => 'no', 'Ping the remote host[checkbox]:Do an ICMP ping :' => 'yes', 'Ping the remote host[entry]:Number of retries (ICMP) :' => '1', 'Ping the remote host[checkbox]:Make the dead hosts appear in the report :' => 'no', 'Ping the remote host[checkbox]:Log live hosts in the report :' => 'no', 'Nmap (NASL wrapper)[radio]:TCP scanning technique :' => 'connect()', 'Nmap (NASL wrapper)[checkbox]:UDP port scan :' => 'no ', 'Nmap (NASL wrapper)[checkbox]:Service scan :' => 'no', 'Nmap (NASL wrapper)[checkbox]:RPC port scan :' => 'yes', 'Nmap (NASL wrapper)[checkbox]:Identify the remote OS :' => 'no', 'Nmap (NASL wrapper)[checkbox]:Use hidden option to identify the remote OS :' => 'no', 'Nmap (NASL wrapper)[checkbox]:Fragment IP packets (bypasses firewalls) :' => 'no', 'Nmap (NASL wrapper)[checkbox]:Get Identd info :' => 'no', 'Nmap (NASL wrapper)[checkbox]:Do not randomize the order in which ports are scanned :' => 'yes', 'Nmap (NASL wrapper)[entry]:Source port :' => '', 'Nmap (NASL wrapper)[radio]:Timing policy :' => 'Normal', 'Nmap (NASL wrapper)[entry]:Host Timeout (ms) :' => '1800000', 'Nmap (NASL wrapper)[entry]:Min RTT Timeout (ms) :' => '500', 'Nmap (NASL wrapper)[entry]:Max RTT Timeout (ms) :' => '1500', 'Nmap (NASL wrapper)[entry]:Initial RTT timeout (ms) :' => '1000 ', 'Nmap (NASL wrapper)[entry]:Ports scanned in parallel (max) :' => '', 'Nmap (NASL wrapper)[entry]:Ports scanned in parallel (min) :' => '', 'Nmap (NASL wrapper)[entry]:Minimum wait between probes (ms) :' => '', 'Nmap (NASL wrapper)[file]:File containing grepable results :' => '', 'Nmap (NASL wrapper)[entry]:Data length :' => '', "snmpwalk 'scanner'[entry]:Community name :" => 'public', "snmpwalk 'scanner'[radio]:SNMP protocol :" => '1', "snmpwalk 'scanner'[radio]:SNMP transport layer :" => 'udp', "snmpwalk 'scanner'[entry]:TCP/UDP port :" => '', "snmpwalk 'scanner'[entry]:Number of retries :" => '1', "snmpwalk 'scanner'[entry]:Timeout between retries :" => '10', "Netstat 'scanner'[checkbox]:Check found ports (intrusive) :" => 'no', 'Nmap[radio]:TCP scanning technique :' => 'connect()', 'Nmap[checkbox]:UDP port scan :' => 'no ', 'Nmap[checkbox]:Service scan :' => 'no', 'Nmap[checkbox]:RPC port scan :' => 'yes', 'Nmap[checkbox]:Identify the remote OS :' => 'no', 'Nmap[checkbox]:Use hidden option to identify the remote OS :' => 'no', 'Nmap[checkbox]:Fragment IP packets (bypasses firewalls) :' => 'no', 'Nmap[checkbox]:Get Identd info :' => 'no', 'Nmap[checkbox]:Do not randomize the order in which ports are scanned :' => 'yes', 'Nmap[entry]:Source port :' => '', 'Nmap[radio]:Timing policy :' => 'Normal', 'Nmap[entry]:Host Timeout (ms) :' => '1800000', 'Nmap[entry]:Min RTT Timeout (ms) :' => '500', 'Nmap[entry]:Max RTT Timeout (ms) :' => '1500', 'Nmap[entry]:Initial RTT timeout (ms) :' => '1000 ', 'Nmap[entry]:Ports scanned in parallel (max) :' => '', 'Nmap[entry]:Ports scanned in parallel (min) :' => '', 'Nmap[entry]:Minimum wait between probes (ms) :' => '', 'Nmap[file]:File containing grepable results :' => '', 'Nmap[entry]:Data length :' => '', }; @nessusScanner = qw/TLD_wildcard.nasl labrea.nasl netstat_portscan.nasl nmap.nasl snmpwalk_portscan.nasl/; $nessusTLS = 1; $nessusUser = 'username'; # Nmap stuff $nmap = '/opt/vdops/bin/nmap'; $nmap_exclude_file = '/home/soma/etc/exclude-from-os-detection'; $nmapParam = "-O --osscan_limit --fuzzy --excludefile $nmap_exclude_file"; #$nmapParam = "--host_timeout 80000 -O --osscan_limit --excludefile $nmap_exclude_file"; %nmapExcludeRoute = ( '10.12.0.0' => '255.255.254.0', '10.12.4.0' => '255.255.248.0', '10.12.8.0' => '255.255.252.0', '10.12.80.0' => '255.255.254.0', '10.12.253.0' => '255.255.255.0', ); # Ping stuff $fping_binary = '/usr/sbin/fping'; $fping_backoff = '1.0'; $fping_interval = 50; $fping_max = 100; $fping_retries = 1; $fping_timeout = 500; $ping_count = 1; $ping_timeout = 1; # Some system pings go into limbo if this value # is set to something other than an integer $poe_ping_max = 30; # Number of outstanding pings for the POE-based # ping routines # Skip Stuff @skip_name = qw/colo core gigapop internap mmz sat swamp/; @router_node = qw/0 1 2 3/; # Process timeouts $processArpTimeout = 4; $processCamTimeout = 14; $processCharTimeout = 10; $processDnsTimeout = .5; $processHostSnmpTimeout = 40; $processIfAdminTimeout = 20; $processNetbiosTimeout = 10; $processNessusTimeout = 1800; $processNmapTimeout = 40; $processWAPTimeout = 2; # SNMP Parameters # Optimize performance by sorting your community strings and SNMP version # list, most frequently used to the left, least frequently used to the right @mib_dir = qw ( /opt/vdops/share/snmp/mibs ); @mib_file = qw /ALL/; $snmp_max_rep = 1000; $snmp_max_msg_size = 65535; $snmp_module = 'Net::SNMP'; $snmp_translate = 0; $snmp_non_rep = 0; $snmp_port = 161; $snmp_retries = 1; switch ($snmp_module) { case 'SNMP' { $snmp_timeout = 30000000 } case 'Net::SNMP' { $snmp_timeout = 3 } } @snmp_read_list = qw /public not-secret/; @snmp_version_list = qw /2/; @wimpy_snmp_read_list = qw/public pub/; @wimpy_snmp_version_list = qw/1/; @snmp_read_plebian = qw/public insecure/; @snmp_version_plebian = qw/1/; # Syslog stuff $syslog_facility = 'local5'; $syslog_host = 'localhost'; $syslog_port = 514; # Only used if $syslog_host is defined $syslog_priority = 'info'; $syslog_socket = 'unix'; # Other possibilities include 'udp' and # 'stream'; depending on the flavor of Unix, # I've employed each of these # Thread stuff $thrMode = 1; $thrWait = 10; # WINS stuff $wins_file = '/home/soma/etc/wins.txt';