Hey folks, probably you’ve heard about the IronGeek hardware Project called “programmable-hid-usb-keystroke-dongle”. This is a great project man ! Fortunately or unfortunately (it depends on your point of view) I’ve been working on quite the same project from 3 months, utilizing the same platform too. Now I gotta some interesting results too ;). Isn’t amazing ? I mean we felt the same need for automatic penetration testing and both of us realized a practical board, with the same chipset. So … why not collaborate together ? If IronGeek are reading me and if you are interested on collaborate together on what you’ve done, please contact me.
Anyway, the second step (at least to me), after automatized the in-site security procedures, is to automate the network service detector using a Black-Box approach. Why BB approach ? The answer is easy, it’s intuitive for all the people that are not accustomed with security. Just plug the BB to the network and here we go, it writes up to your private (or not) twitter channel the network results.
Ok, that is nice, but what does it do ?
Alright, the basic idea is to have a physical tool which is able to monitor the network services.
Why not a nagios running PC ?
1- Because a PC is expensive compared to ARDUINO
2- Because installing and configuring Nagios keeps much time
3- Nagios is very complete and for such reason … complex
Plug ‘n’ Play idea.
1- A system which keeps DHCP configurations
2- A system which automatically scans our network and automatically generates reports
3- A really cheap system
How it looks like (No Packaged showed here – packages are under constructions – {I like fashionable black boxes, not really “on-fly-ones” 😉 })
Hardware
1- ARDUINO 2009
2- Ethernet Shield
3- Ethernet cable
Software
Arduino Development Kit
Arduino DHCP library
Arduino Twitter Library
Step by Step Instructions:
1) Install Arduino Development kit
** If you don’t want to spent time to configure your libraries, take this package, unzip-it, and replace your libraries (/Resources/java/hardware/) **
4) Grab the code (sorry I should use SyntaxHighLighter, next time 😉 .. probably)
/****************************************************/
// Small Arduino Portable Port Scanner
// Don’t forget the Libraries.
// by Marco Ramilli, http://marcoramilli.blogspot.com
// Arduino uses digital pins 10, 11, 12, and 13 (SPI) to communicate with the W5100 on the ethernet shield. These pins cannot be used for general i/o.
#include
#include “Dhcp.h” //DhCP Library
#include //Twitter API
#include //Used for append strings
/****************************************************/
//Defult Network Configuration instances for the device
byte ip[] = { 192, 168, 2, 50 };
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
/****************************************************/
Twitter twitter(“TwitterUserName:TwitterPasswd”);//Username and Password for Twitter
byte basenetwork[] = { 192, 168, 2, 1 }; // Test a Class C network, put here the NetID, doesn’t matter what HostID you choose.
String msg;
/****************************************************/
void setup()
{
Serial.begin(9600);
delay(1000);
Serial.println(“DHCP Querying”);
//DHCP Settings …
if(!getNC()){
Ethernet.begin(mac, ip );
Serial.println(“Setting Default Network Configurations”);
}
}
void loop()
{
Serial.print(“connecting…”); printArray(&Serial, “.”, basenetwork, 4, 10);
msg=”Server:X.X.X.”; msg.append(basenetwork[3]); //building the twitter string
for(int port=0; port<= 100; port++){
Client client(basenetwork, port); // trying to connect 65535 !
if (client.connect()) {
Serial.print(“Port:”); Serial.print(port); Serial.println(” *OPEN* “);
msg.append(” Port:”);
msg.append(port);
msg.append(” OPEN “);
} else {
Serial.print(“Port:”); Serial.print(port); Serial.println(” CLOSED”);
}
client.flush();
client.stop();
}
msg.append(“->TESTED !”);
postonTwitter(msg); // sending host result on Twitter !
if(basenetwork[3] <= 254){
Serial.println(“Calculating new Address”);
basenetwork[3] = basenetwork[3] + 1;
}
else{
Serial.println(“Resetting Address”);
basenetwork[3] = 1;
}
}// end loop
/****************************************************/
//DHCP client
int getNC(){
int result = Dhcp.beginWithDHCP(mac);
if (result == 1){
byte buffer[6];
Dhcp.getLocalIp(buffer);
Serial.print(“ip address: “);
printArray(&Serial, “.”, buffer, 4, 10);
Dhcp.getSubnetMask(buffer);
Serial.print(“subnet mask: “);
printArray(&Serial, “.”, buffer, 4, 10);
Dhcp.getGatewayIp(buffer);
Serial.print(“gateway ip: “);
printArray(&Serial, “.”, buffer, 4, 10);
Dhcp.getDhcpServerIp(buffer);
Serial.print(“dhcp server ip: “);
printArray(&Serial, “.”, buffer, 4, 10);
Dhcp.getDnsServerIp(buffer);
Serial.print(“dns server ip: “);
printArray(&Serial, “.”, buffer, 4, 10);
Serial.print(“READY”);
return 1;
}else{
Serial.print(“No DHCP, Running in default conf”);
return 0;
}
}
/****************************************************/
//printArray funciton
void printArray(Print *output, char* delimeter, byte* data, int len, int base){
char buf[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
for(int i = 0; i < len; i++)
{
if(i != 0)
output->print(delimeter);
output->print(itoa(data[i], buf, base));
}
output->println();
}
/****************************************************/
int postonTwitter(char *message){
Serial.println(“connecting to TWITTER …”);
if (twitter.post(message)) {
int status = twitter.wait();
if (status == 200) {
Serial.println(“OK.”);
return 1;
} else {
Serial.print(“failed : code “);
Serial.println(status);
return 0;
}
} else {
Serial.println(“connection failed.”);
return 0;
}
}
/****************************************************/
Great post. I hope you can write more good stuff like this article.
Network Services RI
Nice Post !!
Its a very educational and informative content, i really like it……
In this competitive edge you need best security and safety solutions for your valuable data and in the market there are so many companies providing security services but you need the best Network Security Solutions and Information Security Assessment so centunosolutions.com is the perfect name for all the Penetration testing
Thanks
centunosolutions.com