Security Advancements at the Monastery

Gordon Lyon (Fyodor), network security expert and creator of Nmap (“Network Mapper”), was on Risky Business podcast discussing his new book, “Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning.” The book has been extremely well received by the security community. To quote Richard Bejtlich, Director of Incident Response for General Electric and author of multiple must-have security books, “If you use Nmap, for any reason, you should buy this book. Everyone (except author Fyodor) will learn something about network reconnaissance from this text.”

Fyodor also discussed the recently developed Zenmap. To call Zenmap a GUI interface for Nmap does not do it justice. Take a look at the network topology map generated by Zenmap:

Clicking on a grouped node will ungroup it and showing details such as:

To quote from the insecure.org site

The new Zenmap Network Topology feature provides an interactive, animated visualization of the hosts on a network and connections between them. The scan source is (initially) in the center, with other hosts on a series of concentric circles which represent the number of hops away they are from the souce. Nodes are connected by lines representing discovered paths between them. Read the full details (and oogle the pretty pictures) in our article on Surfing the Network Topology. Special thanks go to João Medeiros, David Fifield, and Vladimir Mitrovic for their tireless work in developing and integrating this new feature.

Another exciting new Zenmap feature is scan aggregation, which allows you to combine the results of many Nmap scans into one view. When one scan is finished, you may start another in the same window. Results of the new scan are seamlessly merged into one view.

The Zenmap User’s Guide provides additional details. The point is that Zenmap is very different from previous GUIs. It comes with the latest version of Nmap. A word of caution: running the program may generate errors, depending on whether Python knows about SQLite. On my system, the version of Python installed with the OS did not know about SQLite. After pulling down Nmap, configuring, and installing, running Zenmap generated the following error message:

Original exception was:
Traceback (most recent call last):
File “/usr/local/bin/zenmap”, line 102, in ?
import zenmapGUI.App
File “/usr/local/lib/python/site-packages/zenmapGUI/App.py”, line 47, in ?
from zenmapCore.UmitDB import UmitDB
File “/usr/local/lib/python/site-packages/zenmapCore/UmitDB.py”, line 33, in ?
raise ImportError(_(“No module named dbapi2.pysqlite2 or sqlite3″))
ImportError: No module named dbapi2.pysqlite2 or sqlite3

To deal with the problem, install SQLite by following my previous post “Introduction to SQLite.” Pull down Python 2.6.1, not 3.0. Trying to use Python 3 will cause all sorts of compatibility issues. Reconfigure Python so it is sees SQLite, and install the software. Make sure to install PyGTK that matches the Python version that is installed. Upgrading versions may cause dependency problems with many libraries already installed (depending on your OS), including:

• PyGTK – lets you to easily create programs with a graphical user interface using the Python programming language.
• Pycairo – a set of Python bindings for the cairo graphics library.
• pygobject -provides a convenient wrapper for the GObject+ library for use in Python programs, and takes care of many of the boring details such as managing memory and type casting.
• GTK+ – a highly usable, feature rich toolkit for creating graphical user interfaces which boasts cross platform compatibility and an easy to use API.
• JasPer – provides a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard (i.e., ISO/IEC 15444-1).
• cairo – a 2D graphics library with support for multiple output devices.
• Poppler – a PDF rendering library based on the xpdf-3.0 code base.
• zlib – a software library used for data compression.
• libffi – a portable foreign function interface library.
• libgsf – a utility library for reading and writing structured file formats.
• pixman – a library that provides low-level pixel manipulation features such as image compositing and trapezoid rasterization.
• OpenJPEG – an open-source JPEG 2000 codec written in C language.
• Pango – a library for laying out and rendering of text, with an emphasis on internationalization.
• ATK – provides the set of accessibility interfaces that are implemented by other toolkits and applications.
• GLib – provides the core application building blocks for libraries and applications written in C.
• Glade3 – a RAD tool to enable quick & easy development of user interfaces for the GTK+ toolkit and the GNOME desktop environment.
• Libcroco – an effort to build a generic Cascading Style Sheet (CSS) parsing and manipulation toolkit that can be used by GNOME applications in need of CSS support.
• librsvg – a high performance SVG rendering library associated with the Gnome Project.

You will receive plenty of messages telling you what needs to be upgraded. Upgrade, go back to Nmap, configure, make and install. You should now have a running version of Zenmap. Getting back to SQLite. Scan results are automatically stored in the database zenmap.db. Check it out and since the data is easily accessible, think about you might integrate and automate. We will come back to this idea in future posts.