Pbnj

From aldeid
Jump to: navigation, search

Description

PBNJ is a suite of tools to monitor changes on a network over time. It does this by checking for changes on the target machine(s), which includes the details about the services running on them as well as the service state. PBNJ parses the data from a scan and stores it in a database. PBNJ uses Nmap to perform scans.

Some PBNJ features:

  • Automated Internal/External Scans
  • Flexible Querying/Alerting System
  • Parsing Nmap XML results
  • Easy access to Nmap's data in a database (SQLite, MySQL or Postgres)
  • Distributed Scanning Consoles and Engines

It runs on Linux, BSD and Windows.

Installation

$ sudo apt-get install pbnj

Tools

Pbnj is a package that contains 3 tools:

Tutorial

This tutorial shows how to use PBNJ suite to compare scan results over time. The data will be saved in a MySQL database. To install MySQL, refer to this howto.

First create a new database:

$ mysql -u root -p
mysql> CREATE USER [email protected] IDENTIFIED BY  'PBNJPASSWORD';
mysql> CREATE DATABASE pbnj;
mysql> GRANT ALL PRIVILEGES ON  pbnj.* TO [email protected];

Create a .pbnj-2.0/ subdirectory in your home if it does not already exist:

$ mkdir -p ~/.pbnj-2.0/

Eventually backup your existing configuration file and copy the mysql configuration provided with the installation in your ~/.pbnj-2.0/ directory:

$ cd ~/.pbnj-2.0/
$ mv config.yaml config.yaml.bak
$ cp /usr/share/doc/pbnj/examples/mysql.yaml ./config.yaml 

Then edit the configuration file:

$ vim config.yaml

And adapt it accordingly to your configuration:

# YAML:1.0
# Config for connecting to a DBI database 
# SQLite, mysql etc
db: mysql
# for SQLite the name of the file. For mysql the name of the database
database: PBNJDB
# Username for the database. For SQLite no username is needed.
user: PBNJUSER
# Password for the database. For SQLite no password is needed.
passwd: "PASSWORD"
# Password for the database. For SQLite no host is needed.
host: localhost
# Port for the database. For SQLite no port is needed.
port: 3306

Save your file (:x in vim)

Now your scans should be saved in the MySQL database. Let's try to scan some host:

$ cd ~/
$ sudo scanpbnj 192.168.100.18

And output the results with outputpbnj.

$ outputpbnj -q latestinfo
Ssh-img013.png
Warning
This latest command didn't work for me, producing an error in option spec. Although, I was able to follow the tutorial.

Results should be saved in your database:

$ mysql -u pbnj -p
mysql> use pbnj;
mysql> show tables;
+----------------+
| Tables_in_pbnj |
+----------------+
| machines       |
| services       |
+----------------+
2 rows in set (0.00 sec)
mysql> SELECT ip, os FROM machines;
+----------------+-------------+
| ip             | os          |
+----------------+-------------+
| 192.168.100.18 | Linux 2.6.X |
+----------------+-------------+
1 row in set (0.00 sec)
mysql> SELECT service, state, port, protocol, version, banner FROM services;
+---------+-------+------+----------+-----------------------+--------------+
| service | state | port | protocol | version               | banner       |
+---------+-------+------+----------+-----------------------+--------------+
| ssh     | up    |   22 | tcp      | 5.3p1 Debian 3ubuntu4 | OpenSSH      |
| http    | up    |   80 | tcp      | 2.2.14                | Apache httpd |
+---------+-------+------+----------+-----------------------+--------------+
2 rows in set (0.00 sec)