Giter Club home page Giter Club logo

procsock's Introduction

procsock / procsocksh

A simple tool to enumerate all sockets on a host and map them to their full argv values

Usage

procsocksh

The procsocksh tool is a data gathering tool, written as a simple shellscript. It is meant to be run from a central "admin" host, a machine that has SSH private keys to access many other hosts. The script uses an input file, consisting of IP addresses, and serially logs in to each machine, executes the command (without alocating a pty) and redirects output to the local system, into a specially named file. It is meant to be run against a large amount of hosts. It retrieves the output from the following commands:

  • lsof +c 0 -i4 -P -n -Fn -Fp -FT -F0
  • ps -e -o pid= -o user= -o comm= -o args=

The data retrieved is processed later by procksock

procsock

The procksock tool is written in Python and contains logic to join up the lsof and ps data such that given an IP and port, the user can quickly identify exactly what executable is running. For stability, you should use a Python virtual environment. One is built for you if you run make.

$ make
$ source venv/bin/activate
$ ./procsock -d testcase_in
$ cat output.json
...

Note the format of the testcase_in data. This must be data created by procksocksh as the filenames are parsed using regex. The flags to ps and lsof are also extremely important.

Suggested uses

This tool is most useful in enriching the results of a large port scans that are conducted regularly. A small web interface showing IP address and open ports, a network service banner, and the process name is a very valuable piece of data and helps in identifying vulnerable services, either proactively or in response to a high severity security advisory. Examples: perform a search for "tomcat" or "haproxy"...

Notes

This data is meant to be ingested into a database, alongside port scan data. It is then meant to be consumed via a web application.

Author

copyright [at] mzpqnxow.com

License

Copyright (C) 2017 [email protected] under the MIT license Please see COPYRIGHT for terms

procsock's People

Contributors

mzpqnxow avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.