January 27th, 2005, 05:25 AM
Ok guys and gals, bear with me here. I'm not new to the whole security deal, but I am new to home brewed tools and methods. I was sitting here thinking the other night about remote OS detection and the like. How much easier it is (from either side of the fence) to know almost certainly what is at the other end. I decided to put together a little script that would (kinda) do this.
Take a list of hosts, be it from a file, or an active pipe from stdin and strip down the garbage out of the hostnames to the pure MAC address. Then run the results against a database of known vendors. I got something put together that gets me this far:
nmap -sL 24.*.*.*/24 | sed -e 's/garbage//g' | sed -e 's/.more.garbage.net//g' | sed -e 's/ not scanned//g' >> /tmp/macandip
that leaves me with something like this
how in the f**K do I get the colons in there, or whatever. I'm tired, and my pot of coffee has run dry.
I'm a noob, all I need help with is the text manipulaiton and I'll have it. I know that theres shortcuts, etc, that I'm missing here, I'm just trying to get a little shove towards what to do next. I'll post the full deal when I get it done, if ever. Thanks for any help, rants, comments, etc...
January 27th, 2005, 05:41 AM
what good will knowing the mac address of something be if you are going for OS detection... MAC addresses are hard coded to your nic, so if you hit a nic you will know the brand of nic possibly (althought you would have to get a MAC range for EVERY vendor) but even then you wont know the OS. the most you could possibly guess is Mac or PC, and even that could be a stretch in some situations.
January 27th, 2005, 01:06 PM
While it might look like a small piece of information it could help with mapping a network. Routers will become pretty along with some other things. I would help get a picture and is quicker, cleaner and passive compared to an NMap Scan which will be detected by an IDS. However, the assumption is that a foothold has been gained on the network or it is an internal "job".
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides