Getting Started with BlindEyes and the BlindEye Web Interface

Prerequisite: Set up the BlindEye Web Interface and Set up BlindEyes

Follow the instructions at Getting Started - BlindEye

Follow the instructions at Getting Started - BlindEyes

This example uses native bash, so you must be running Linux.

Make sure you start the Controller and at least one Node and that the Node is defined through the web interface so the Controller can see it in the database.

2. Create the Job Output Trigger for handling the List of Hosts to Nmap scan

In BlindEyes click on Job Output Triggers then Create Job Output Trigger.

Name: Nmap Host List Trigger
Type: javascript
script:

if(jobName.equals('nmapHostList')){
	var nmap = '#HOST# -T5 -O -oX #HOST#_#TIME#.xml';
	executionGroups.add('linux');
	jobParameters.put('nmapOptions', nmap);

	var hosts = jobOutput.split(',');
	var i;
	for(i in hosts){
		if(hosts[i] != ''){
			/*log.info('extracted HOST: ' + hosts[i]);*/
			jobParameters.put('HOST', hosts[i]);
			Utils.createNewPluginJob('com.blindeyes.plugins.nmap.scanner.NmapScanner', 'nmapXmlScan', executionGroups, jobParameters);
		}
	}
}

3. Create the Job Output Trigger for handling the Completed Nmap Scans

Create a new Job Output Trigger like in the previous step and use the following values:

Name: Nmap Xml Scan Trigger
Type: javascript
script:

if(jobName.equals('nmapXmlScan')) {
	jobParameters.put('input', jobOutput);
	executionGroups.add('linux');
	Utils.createNewPluginJob('com.blindeyes.plugins.nmap.parser.NmapParser', 'nmapXmlParse', executionGroups, jobParameters);
}

4. Create the Intial Job which grabs a list of Hosts to scan and Activate the Job

Create a new Job in the Web Interface. The Job's name must correspond to the jobName in the first trigger we created and the other way around.

name: nmapHostList
type: bash (native)
Add the following Parameter after you've created the Job:
name: script
value:

nmap -sL 127.0.0.1 | awk 'NF==5 {print $2}' | tr '\n' ','

With this script, only one host is going to be returned: our own computer. If you are familar with Nmap you can easily modify this script to scan the entire subnet your computer is on and return all of the hosts.

To clarify what this script does it does an nmap list scan for the given IP range, pull out the hostname from the results and translates all new lines to commas, thus creating a comma separated list of available hosts in the given subnet.

Don't forget to Activate the Job so the controller can see it in the database.

5. Watch the Controller and Nodes to view the activity of Jobs.

Controller Output:

run-controller:
     [java] 20:30:59,107  INFO BlindEyesSecureController:52 - BlindEyes secure controller now accepting connections...
     [java] 20:31:00,614  INFO NodeDetector:44 - Found new node: 1
     [java] 20:31:20,633  INFO JobDetector:45 - Found new job: 1
     [java] 20:31:22,674  INFO RoundRobinMaxJobScheduler:73 - currentNumberJobsRunning: 0
     [java] 20:31:22,682  INFO RoundRobinMaxJobScheduler:89 - Found new job to assign: [name: nmapHostList, type: bash, id: 1, status: new]
     [java] 20:31:22,691  INFO RoundRobinMaxJobScheduler:108 - Sending job: [name: nmapHostList, type: bash, id: 1, status: new] to node: IpAddress: 127.0.0.1 hostname: localhost port: 7000 status: running
     [java] 20:31:23,107  INFO BlindEyesSecureController:80 - New connection recieved from /127.0.0.1:38691
     [java] 20:31:23,254  INFO IncomingCommandControllerHandler:90 - Job: 1 has completed, recieved Ouput from Node
     [java] 20:31:30,639  INFO JobDetector:45 - Found new job: 12
     [java] 20:31:31,195  INFO RoundRobinMaxJobScheduler:73 - currentNumberJobsRunning: 0
     [java] 20:31:31,199  INFO RoundRobinMaxJobScheduler:89 - Found new job to assign: [name: nmapXmlScan, type: plugin, id: 12, status: new]
     [java] 20:31:31,202  INFO RoundRobinMaxJobScheduler:108 - Sending job: [name: nmapXmlScan, type: plugin, id: 12, status: new] to node: IpAddress: 127.0.0.1 hostname: localhost port: 7000 status: running
     [java] 20:31:41,028  INFO BlindEyesSecureController:80 - New connection recieved from /127.0.0.1:38696
     [java] 20:31:41,121  INFO IncomingCommandControllerHandler:90 - Job: 12 has completed, recieved Ouput from Node
     [java] 20:31:50,659  INFO JobDetector:45 - Found new job: 13
     [java] 20:31:51,684  INFO RoundRobinMaxJobScheduler:73 - currentNumberJobsRunning: 0
     [java] 20:31:51,688  INFO RoundRobinMaxJobScheduler:89 - Found new job to assign: [name: nmapXmlParse, type: plugin, id: 13, status: new]
     [java] 20:31:51,691  INFO RoundRobinMaxJobScheduler:108 - Sending job: [name: nmapXmlParse, type: plugin, id: 13, status: new] to node: IpAddress: 127.0.0.1 hostname: localhost port: 7000 status: running
     [java] 20:31:53,716  INFO BlindEyesSecureController:80 - New connection recieved from /127.0.0.1:38700
     [java] 20:31:53,810  INFO IncomingCommandControllerHandler:90 - Job: 13 has completed, recieved Ouput from Node

6. View the Completed Output of all of the Jobs.

nmapHostList Output:

nmapXmlScan Output:

nmapXmlParse Output:

7. View the Nmap Scan in BlindEye

Click on Search under Nmap in the left navigation then change the start date to be less than when you ran the scan and click search and you will see the results of the scan.