Nmap Development mailing list archives
Re: New feature. ZenMap AS, IP ranges and DNS names.
From: "Bruno G. San Alejo" <bgs1714 () ono com>
Date: Sat, 20 Nov 2010 07:49:07 +0100
Hello, actually I didn't make myself clear at all (it was late at night). I was thinking into getting myself busy and doing a GUI tool that starting with an IP, domain, or site (mail, web, etc, ...) performs ALL of these in sequence: -DNS resolves, -whois, with NS record and with mail resolve. -DNS transfer -IP range -AS, looking glasses, RIPE info, maybe even BGP info (like BGPlay, Hermes) -DNS brute force with custom list names. -identification of cloud-based IPs/services (IPs/services not actually owned/operated by the domain itself but contracted in the cloud and so physically different in terms of sys-admin, firewalls rules, IDSs, ... ) This just by hostname indication, not actual port mapping. -show the info in a nice graphical interface (that's why I used Maltego as an example) -detect different physical networks in the actual domain (through different IP ranges, IP, subnetting, whois info, AS info, RW locations, virtual host info) and show them accordingly in a different topology/and or color. -sort those IPs based in that physical topology so that they can be used with other tools like Nmap, Nessus, Metasploit (through file submission or just direct run of the tool, specially in Nmap and metasploit) and so that tunning can be set particular to each network (even when they belong to the same domain) Keep in mind that I'm being a little vague here since I'm just looking for stuff to keep me busy and have not a definite idea in mind. And basically wants to give a domain and get back a nice graph showing IP ranges, ASs (this name is just great, who the Hell came up with it?), services (mail.thehost.com, smtp.thehost.com, ...), shared hosted IPs, ... and have those related between each other. So, I thought that maybe some of these DNS exploration stuff could be added to Zenmap since what I'm actually talking about is those engagements where actually a nice GUI showing arrows (like Maltego does) helps you to get the topology at a glance. Regards. Fyodor wrote:
On Fri, Nov 12, 2010 at 11:48:50PM +0100, Bruno G. San Alejo wrote:Hi, I was just wondering.... I'd like something like Maltego (but open source) so that I can research AS, expand DNS names, get IP ranges and have the graphical interface to correlate those. that would be useful to pinpoint IP ranges and (n)map networks. I was thinking into just going for it since I'm unemployed right now and need to get busy, but I was actually thinking in terms of a open source Maltego. I wonder if this would be a interesting thing to have in Zenmap or ...Hi Bruno. Don't be discouraged by the lack of response on this list, as it might just be a sign that few here use that particular proprietary tool. The Maltego page (http://www.paterva.com/web5/) calls it "an open source intelligence and forensics application", but they are describing the "intelligence" it uses as open source rather than the application itself. Anyway, Maltego seems to be about finding connections in large data sources and visualizing them. For example, maybe they have a domain whois database on their server so you can connect a domain name with others owned by the same people. If we had a full map of the connections on social networking sites like facebook, I'm sure we could mine some particularly fascinating information. Maltego isn't an easy application to wrap your head around (even when reading their web pages), but I did see a presentation by Roelof years ago at CanSecWest when he was developing the idea. I don't think something as complex as Maltego belongs in Zenmap, but parts of it might be useful there. Also, Nmap NSE scripts could be use to collect data which is then viewed with a standalone "open source Maltego" tool. I hope you pursue this, and please keep us informed :). You might also look at Palantir (http://www.palantirtech.com) for some ideas on data analysis and visualization. They're apparently very good at it (but also proprietary). Cheers, Fyodor
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New feature. ZenMap AS, IP ranges and DNS names. Bruno G. San Alejo (Nov 12)
- Re: New feature. ZenMap AS, IP ranges and DNS names. Fyodor (Nov 16)
- Re: New feature. ZenMap AS, IP ranges and DNS names. Bruno G. San Alejo (Nov 19)
- Re: New feature. ZenMap AS, IP ranges and DNS names. Fyodor (Nov 16)