/brisket

Brisket is a collection of frontend scripts for masscan, zmap, and nmap, in addition data manipulation scripts

Primary LanguageRubyOtherNOASSERTION

##Brisket

###About

The primary purpose of this application is to scan, store, and prepare Cloud Server Provider (CSP) guest/instance/host data for further statistical and trend analysis.

Description

See the position paper for a sneak peak into what this project was created for.

Scanner Placement

Scanners are hosted in several North American, European, and Asia/Pacific countries (blue). The main analysis server (a.k.a. CloudCooker) is located in the US (black). ###Requirements Each script has different requirements but you should be able to run bundle install to install the gems listed in the Gemfile.

###Usage ####trim.rb Cooking Note: You must trim the brisket before adding the rub to it.

Used to prepare the scan configuration file with the appropriate set of ports for the scan.


$ sudo ./trim.rb ports masscan

Where ports is one of the following options:

  • remote - common remote access server ports
  • apps - common application server ports
  • www - common web server ports
  • mail - common mail ports
  • ms - common Microsoft ports
  • db - common database ports
  • special - special ports for selective scanning
  • all - all of the above ports

e.g.


$ sudo ./trim.rb remote masscan

####rub.rb Cooking Note: Once trimmed, the brisket must be seasoned.

Used to call the scanner and export the results in the appropriate results date directory and file.


$ sudo ./rub.rb region scanner

Where region is one of the following options:

  • apac
  • europe
  • us_east
  • us_west
  • us_all
  • south_america
  • all

and where scanner is one of the following options:

  • masscan - the masscan scanner
  • nmap - the nmap scanner
  • nmap_virtual - the nmap scanner with configurations for virtual interfaces
  • zmap - the zmap scanner

e.g.


$ sudo ./rub.rb apac masscan

####mop.rb Keep it moist if you want to win!

Script to convert the various results formats into a common .csv file format.


$ sudo ./mop.rb scanner date

Where scanner is one of the following options:

  • masscan - the masscan scanner
  • nmap - the nmap scanner
  • zmap - the zmap scanner

and where date is the date directory that contains the scanner results files to convert in M/D/YYYY format.

e.g.


$ sudo ./mop.rb masscan 2/3/2014

Note - For March 2, 2014 the directory structure would be 2014/3/2 and should be entered as 2/3/2014.

####injector.rb Add marinade to the brisket to keep it moist on the inside...

Script to archive, transfer, and cleanup scan data. All scanner results are archived using tar and bzip2. The daily archive file is transferred to the CloudCooker for futher processing. Local scan results and the daily archive are deleted upon transmission to the CloudCooker.


$ sudo ./injector.rb

####fixins.rb Cooking Note: It just ain't a BBQ without some proper fixins to make the meal complete.

This script downloads and unpacks the most recent GeoLiteCity database file for use in converting IP addresses to latitude and longitude data.


$ sudo ./fixins.rb city

###Contact

To provide any feedback or ask any questions please reach out to Andrew Hay on Twitter at @andrewsmhay.