SitRep Network Survey Tool

Site Contents:

• How does it work?
• What's the point?
• Features
• Usage
• Download
• Screenshots
• Roadmap
• Acknowledgements



How does it work?

Basically, the SitRep scanner module uses nmap to scan your network and logs the results for systems that match your predefined criteria (open ports). It then flags authorized servers (based on a user-defined list) and devices that look like printers. Once this process is completed it will timestamp the results and email you a report containing the relevant information, log the report locally, upload the report to an FTP site or upload the report to a MySQL database. The access module then interfaces with the MySQL database and allows you to view, search, modify and remove records via the web.



What's the point?

The most obvious use - and the reason I wrote it - is to track unauthorized servers on your network. If you need to monitor for things like peer-to-peer file sharing programs, web, FTP, SMTP or IRC servers simply set SitRep to run several times a day and seek the ports used by those applications. It will assemble a list of systems that meet the requested criteria and present them in a manageable format.



Features

Scanner script:
• Records IP addresses, hostnames and relevant ports with timestamp.
• Automatically flags authorized systems and printers.
• Will optionally determine and record the remote OS.
• Scan result reports can be emailed automatically.
• Scan result reports can be archived in plain text locally or remotely via FTP.
• Results can be stored locally or remotely in a MySQL database.

Web interface:
• The database interface is searchable and sortable.
• Database entries can be displayed in a printable report format.
• Access rights can be granted by IP address.
  Privilege levels currently supported: denied, read-only, modify or full control.



Usage

Untar/unzip the downloaded file in the directory of your choice (/usr/local/sitrep is used by the default configuration file). Run configure.pl and follow the prompts to generate a custom configuration, or edit sitrep.conf manually.

For more detailed instructions be sure to check the SitRep manual (forthcoming).



Screenshots

The following images are taken from the MySQL database web interface:

An entry being edited (213k)	A list of search results (209k)	The printable report window (215k)
Editing with the OS field turned on (349k)	Viewing records with OS display turned on (343k)




Roadmap

The following features (in no particular order) are slated for inclusion in upcoming releases:


• Addition of a MAC address field to the database along with the option to automatically populate it.
  The automatic population will be done via arp lookups after the scan has completed.
• An X11-based graphical interface.
  GUI clients for the MySQL interface, configuration script and on-demand scanning will be added.
• Allow plaintext report files to be viewed and edited with the (currently MySQL only) access module.
  I'm still thinking about this idea since it would require some major internal reworking. For now just run MySQL. ;)



Acknowledgements

• Fyodor (insecure.org)
  The author of nmap, without which this project wouldn't exist.
• The MySQL Project
  For the excellent database platform SitRep can use to store scan data.

Hosted by