h4x the planet!

I’m doing quite a bit of onsite testing at the minute and I currently have nessus results for 30+ /24 networks.  It can be quite time consuming to weed out the crap findings of each file so i wrote a quick and dirty python script to combine the .nessus output for each range:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

#! /usr/bin/python
import xml.dom.minidom
import urllib2
import urllib
import os
import time
import sys
 
def main():
        #write out the start of the xml shizzle
        fileHandle = open ( 'combined.nessus', 'a' )
        fileHandle.write ( '<?xml version="1.0" ?>\n<NessusClientData>\n<Report>\n<ReportName>Combined</ReportName>\n' )
 
        #list the  files
        fileList = []
        counter = 0
        for root, subFolders, files in os.walk(sys.argv[1]):
                for file in files:
                        fileList.append(os.path.join(root,file))
 
        #enumerate the files and pick out the .nessus files
        for fname in fileList:
                if ('nessus' in fname) and ('combined.nessus' not in fname) :
                        counter += 1
                        print "Parsing: " + fname
                        from xml.dom import minidom
                        xmldoc = minidom.parse(fname)
                        reflist = xmldoc.getElementsByTagName('ReportHost')
                        for x in range(0 , reflist.length):
                                fileHandle.write ( reflist[x].toxml() )
 
        #write the end of the xml
        fileHandle.write ( '</Report> \n </NessusClientData>')
        fileHandle.close()
        print 'Combined a total of ' + str(counter) + ' files.'
 
if __name__ == '__main__':
 
    main()

  combine_nessus.py (1.4 KiB, 59 hits)

Give the script your top level directory as the first argument and it will recusively find the .nessus files and ouput a file called combined.nessus then you can import it into the nessus client / parse as you normally would, job done

update:pasted the wrong code snippet, the attachment was correct tho!

Update 2: found and issue where by if you had the script generate the output file in the same directory that the .nessus files are the script would eat its own head, added a quick check.

I have my iPhone plugged into the A5 using the Audi AMI function but it seems that the between the mighty Apple and Audi none of them thought of normalising the audio tracks.  The result being bleeding ears as the audio levels jump from a low to high track!

No problem to fix tho if your using Linux, literally 5 commands ( 4 if you don’t want to screen it ):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

user@host:~$ apt-cache search mp3 | grep volume
normalize-audio - adjusts the volume of WAV, MP3 and OGG files to a standard volume level
user@host:~$ sudo apt-get install normalize-audio
[sudo] password for user:
Reading package lists... Done
Building dependency tree
Reading state information... Done
....snip....
ldconfig deferred processing now taking place
user@host:~$ normalize-audio --help
Usage: normalize-audio [OPTION]... [FILE]...
Normalize volume of multiple audio files
....snip....
Report bugs to chrisvaill@gmail.com.
user@host:~$ screen -S mp3_normal
user@host:~$ find /media/storage/music/ -iname \*.mp3  -exec  normalize-audio {} \;
Computing levels...
 Chocolate.mp3      99% done, ETA 00:00:00 (batch  99% done, ETA 00:00:00)
Applying adjustment of -4.82dB to /media/storage/music/Snow Patrol/Final Straw/Chocolate.mp3...
find: ânormalize-audioâ terminated by signal 11ch   0% done, ETA 00:00:00)
Computing levels...
 Tiny Little Fract  99% done, ETA 00:00:00 (batch  99% done, ETA 00:00:00)
Applying adjustment of -5.55dB to /media/storage/music/Snow Patrol/Final Straw/Tiny Little Fractures.mp3...
find: ânormalize-audioâ terminated by signal 11ch   0% done, ETA 00:00:00)
Computing levels...
 Gleaming Auction.  61% done, ETA 00:00:02 (batch  61% done, ETA 00:00:02)
[ctrl+a+d]
user@host:~$ echo $profit

Job done!

Im getting shot my Mazda 3 and getting a rather spanking Audi A5 Sline:

Im looking to sell the mazda around the end of Feb so if you know anyone after one give me a shout.

Some pictures of the Mazda here:

Linky

The car is 1.5 years old with 20K miles on the clock and 9 months tax with the following spec

Petrol 1.6 Ltr

Leather bound steering wheel and gear stick
6 CD Changer
Piano black interior
Parrot hands free kit
Rear parking sensors

Cheers

Nino

Dear facebook devs/admins

I have little to no interest in the following areas:

what random animal has been on on a farm
what random crop somone is growing
what random item someone is looking for on Mafia wars
who someone is whacking on mafia wars
how close someone is coming to being a vampire
what someone’s score is on some random jewel bashing game
how someone has adopted some “super poke pet” and it’s giving me a poke ( I think this one borders on sexual harassment and genticially modified animals)
Please, please create a block all applications option!

Many thanks

I’ve started to listen to podcasts on the the iPhone something I’ve never been into before.

There’s quite a few IT security and pentest podcasts on iTunes, some of the podcasts I’m listening to are:

“Security Now”
One of the more popular podcasts, It’s got some quite good content however they’re heavly sponsored by the same companies so each show has the same 25 minutes singing the joys of “go to my pc” and Citrix. I suppose they need cash from somewhere. Each podcast lasts around 90+ minutes which is perfect for the commute to work and the updates are pretty frequent.

“Network Security Podcast”
Again has a lot of good content however the host and co host tend to ramble on about random stuff. They talk about some non tech subjects such as disaster recovery etc. The shows last around 30-45 minutes and the updates vary from 1-2 weeks.

“PaulDotCom Security Weekly”
I have downloaded these but not managed to get listening to them yet!

If you have any suggestions drop me a comment on the blog )

Nino