Follow the instructions at Getting Started - BlindEye
Follow the instructions at Getting Started - BlindEyes
This example uses native bash, so you must be running Linux.
Make sure you start the Controller and at least one Node and that the Node is defined through the web interface so the Controller can see it in the database.
In BlindEyes click on Job Output Triggers then Create Job Output Trigger.
Name: Nmap Host List Trigger
Type: javascript
script:
if(jobName.equals('nmapHostList')){ var nmap = '#HOST# -T5 -O -oX #HOST#_#TIME#.xml'; executionGroups.add('linux'); jobParameters.put('nmapOptions', nmap); var hosts = jobOutput.split(','); var i; for(i in hosts){ if(hosts[i] != ''){ /*log.info('extracted HOST: ' + hosts[i]);*/ jobParameters.put('HOST', hosts[i]); Utils.createNewPluginJob('com.blindeyes.plugins.nmap.scanner.NmapScanner', 'nmapXmlScan', executionGroups, jobParameters); } } }
Create a new Job Output Trigger like in the previous step and use the following values:
Name: Nmap Xml Scan Trigger
Type: javascript
script:
if(jobName.equals('nmapXmlScan')) { jobParameters.put('input', jobOutput); executionGroups.add('linux'); Utils.createNewPluginJob('com.blindeyes.plugins.nmap.parser.NmapParser', 'nmapXmlParse', executionGroups, jobParameters); }
Create a new Job in the Web Interface. The Job's name must correspond to the jobName in the first trigger we created and the other way around.
name: nmapHostList
type: bash (native)
Add the following Parameter after you've created the Job:
name: script
value:
nmap -sL 127.0.0.1 | awk 'NF==5 {print $2}' | tr '\n' ','
With this script, only one host is going to be returned: our own computer. If you are familar with Nmap you can easily modify this script to scan the entire subnet your computer is on and return all of the hosts.
To clarify what this script does it does an nmap list scan for the given IP range, pull out the hostname from the results and translates all new lines to commas, thus creating a comma separated list of available hosts in the given subnet.
Don't forget to Activate the Job so the controller can see it in the database.
Controller Output:
run-controller: [java] 20:30:59,107 INFO BlindEyesSecureController:52 - BlindEyes secure controller now accepting connections... [java] 20:31:00,614 INFO NodeDetector:44 - Found new node: 1 [java] 20:31:20,633 INFO JobDetector:45 - Found new job: 1 [java] 20:31:22,674 INFO RoundRobinMaxJobScheduler:73 - currentNumberJobsRunning: 0 [java] 20:31:22,682 INFO RoundRobinMaxJobScheduler:89 - Found new job to assign: [name: nmapHostList, type: bash, id: 1, status: new] [java] 20:31:22,691 INFO RoundRobinMaxJobScheduler:108 - Sending job: [name: nmapHostList, type: bash, id: 1, status: new] to node: IpAddress: 127.0.0.1 hostname: localhost port: 7000 status: running [java] 20:31:23,107 INFO BlindEyesSecureController:80 - New connection recieved from /127.0.0.1:38691 [java] 20:31:23,254 INFO IncomingCommandControllerHandler:90 - Job: 1 has completed, recieved Ouput from Node [java] 20:31:30,639 INFO JobDetector:45 - Found new job: 12 [java] 20:31:31,195 INFO RoundRobinMaxJobScheduler:73 - currentNumberJobsRunning: 0 [java] 20:31:31,199 INFO RoundRobinMaxJobScheduler:89 - Found new job to assign: [name: nmapXmlScan, type: plugin, id: 12, status: new] [java] 20:31:31,202 INFO RoundRobinMaxJobScheduler:108 - Sending job: [name: nmapXmlScan, type: plugin, id: 12, status: new] to node: IpAddress: 127.0.0.1 hostname: localhost port: 7000 status: running [java] 20:31:41,028 INFO BlindEyesSecureController:80 - New connection recieved from /127.0.0.1:38696 [java] 20:31:41,121 INFO IncomingCommandControllerHandler:90 - Job: 12 has completed, recieved Ouput from Node [java] 20:31:50,659 INFO JobDetector:45 - Found new job: 13 [java] 20:31:51,684 INFO RoundRobinMaxJobScheduler:73 - currentNumberJobsRunning: 0 [java] 20:31:51,688 INFO RoundRobinMaxJobScheduler:89 - Found new job to assign: [name: nmapXmlParse, type: plugin, id: 13, status: new] [java] 20:31:51,691 INFO RoundRobinMaxJobScheduler:108 - Sending job: [name: nmapXmlParse, type: plugin, id: 13, status: new] to node: IpAddress: 127.0.0.1 hostname: localhost port: 7000 status: running [java] 20:31:53,716 INFO BlindEyesSecureController:80 - New connection recieved from /127.0.0.1:38700 [java] 20:31:53,810 INFO IncomingCommandControllerHandler:90 - Job: 13 has completed, recieved Ouput from Node
nmapHostList Output:
nmapXmlScan Output:
nmapXmlParse Output:
Click on Search under Nmap in the left navigation then change the start date to be less than when you ran the scan and click search and you will see the results of the scan.