Nmap Development mailing list archives

Re: New feature. ZenMap AS, IP ranges and DNS names.

From: "Bruno G. San Alejo" <bgs1714 () ono com>
Date: Sat, 20 Nov 2010 07:49:07 +0100

Hello, actually I didn't make myself clear at all (it was late at night).

I was thinking into getting myself busy and doing a GUI tool that
starting with an IP, domain, or site (mail, web, etc, ...) performs ALL
of these in sequence:

        -DNS resolves,
        -whois, with NS record and with mail resolve.
        -DNS transfer
        -IP range
        -AS, looking glasses, RIPE info, maybe even BGP info (like BGPlay, Hermes)
        -DNS brute force with custom list names.
        -identification of cloud-based IPs/services (IPs/services not actually
owned/operated by the domain itself but contracted in the cloud and so
physically different in terms of sys-admin, firewalls rules, IDSs, ... )
This just by hostname indication, not actual port mapping.
        -show the info in a nice graphical interface (that's why I used Maltego
as an example)
        -detect different physical networks in the actual domain (through
different IP ranges, IP, subnetting, whois info, AS info, RW locations,
virtual host info) and show them accordingly in a different topology/and
or color.
        -sort those IPs based in that physical topology so that they can be
used with other tools like Nmap, Nessus, Metasploit (through file
submission or just direct run of the tool, specially in Nmap and
metasploit) and so that tunning can be set particular to each network
(even when they belong to the same domain)

        Keep in mind that I'm being a little vague here since I'm just looking
for stuff to keep me busy and have not a definite idea in mind. And
basically wants to give a domain and get back a nice graph showing IP
ranges, ASs (this name is just great, who the Hell came up with it?),
services (mail.thehost.com, smtp.thehost.com, ...), shared hosted IPs,
... and have those related between each other.

        So, I thought that maybe some of these DNS exploration stuff could be
added to Zenmap since what I'm actually talking about is those
engagements where actually a nice GUI showing arrows (like Maltego does)
helps you to get the topology at a glance.

        Regards.



Fyodor wrote:

On Fri, Nov 12, 2010 at 11:48:50PM +0100, Bruno G. San Alejo wrote:

     Hi, I was just wondering.... I'd like something like Maltego (but open
source) so that I can research AS, expand DNS names, get IP ranges and
have the graphical interface to correlate those. that would be useful to
pinpoint IP ranges and (n)map networks.

     I was thinking into just going for it since I'm unemployed right now
and need to get busy, but I was actually thinking in terms of a open
source Maltego.  I wonder if this would be a interesting thing to have
in Zenmap or ...


Hi Bruno.  Don't be discouraged by the lack of response on this list,
as it might just be a sign that few here use that particular
proprietary tool.  The Maltego page (http://www.paterva.com/web5/)
calls it "an open source intelligence and forensics application", but
they are describing the "intelligence" it uses as open source rather
than the application itself.

Anyway, Maltego seems to be about finding connections in large data
sources and visualizing them.  For example, maybe they have a domain
whois database on their server so you can connect a domain name with
others owned by the same people.  If we had a full map of the
connections on social networking sites like facebook, I'm sure we
could mine some particularly fascinating information.  Maltego isn't
an easy application to wrap your head around (even when reading their
web pages), but I did see a presentation by Roelof years ago at
CanSecWest when he was developing the idea.

I don't think something as complex as Maltego belongs in Zenmap, but
parts of it might be useful there.  Also, Nmap NSE scripts could be
use to collect data which is then viewed with a standalone "open
source Maltego" tool.  I hope you pursue this, and please keep us
informed :).

You might also look at Palantir (http://www.palantirtech.com) for some
ideas on data analysis and visualization.  They're apparently very
good at it (but also proprietary).

Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

New feature. ZenMap AS, IP ranges and DNS names. Bruno G. San Alejo (Nov 12)
- Re: New feature. ZenMap AS, IP ranges and DNS names. Fyodor (Nov 16)
  - Re: New feature. ZenMap AS, IP ranges and DNS names. Bruno G. San Alejo (Nov 19)