Scalable Distributed Attack Platform

For continuous progress updates:-

search twitter for #sdap

There has been a good ammount of progress over the last few days some of the key advances are detailed below.

• XML Merging of nmap results has been completed.
• Unit tests have been written for the merging using XMLUnit.
• Discovered the db_autopwn feature in metasploit, should prove very useful.
  Using SQLite as the DBS, since neither postgres or MySQL are easily accessible on the cluster.
• Modified the autopwn feature to use the meterpreter instead of a generic command shell payload and also got it to run an auto script.
• Started to modify the scraper script written by hdm.
• Figured out running nessus from commandline.
  Although there may be issues with running Nessus on the cluster due to not being able to define the install directory and  having to run the server daemond.
• Currently running some tests with John the Ripper on the cluster, will definitly need to implement dJohn or similar.
• Have decided if time to connect to milworm to find more potential exploits.

In order to perform a merge of two XML files the following process takes place:-

1. First XML file is translated to an objective form using xstream.
2. Second XML file is translated to an objective form using xstream.
3. Using annotations that have been specified in the classes representing the XML files data structure, identifcations can be made on how the merge process takes place.
   The annotations are either specified per field or a default can be set on the class or a higher class and this will be used if no lower scoped annotation is visible.
4. New object representing the two merged files is produced.
5. Object translated back to XML using xstream.

When the system is implemented on the cluster OS fingerprinting can’t be used because of the lack of root privileges.

Error Message:

TCP/IP fingerprinting (for OS scan) requires root privileges.

Found out that by using “qhost”  (qhost – show the status of Grid Engine hosts, queues, jobs) comman it should be possible to get a lot of information out about the status of different nodes, this can then be used in the node selection process and original setup.