Skip to main content

A tool to monitor the IP addresses and ports you have engaged with during a penetration test using the Nebula-Watcher tool

Project description

Nebula-Watcher

Welcome to the Nebula-Watcher

nebula

Content

Acknowledgement

First i would like to thank the All-Mighty God who is the source of all knowledge, without Him, this would not be possible.

Why?

Nebula-Watcher offers a method for ethical hackers to monitor the IP addresses and ports that they have engaged with during a penetration test. It serves as a visual tool to ensure comprehensive coverage of all intended IP addresses and ports under examination.

Features

  • Parses NMAP scan results (in plain text format) from a specified directory and returns only IP addresses with open ports.
  • Monitors network connections and matches them against the parsed NMAP scan results.
  • Generates a visual diagram depicting the activity, with different colors indicating the type of connection.
  • Periodically updates the diagram, maintaining a history of the ethical hacking activity.

Example

Before connecting to port 443:

Before

After connecting to port 443:

After

Dependencies

Installation

The easiest way to get started is to use the docker image.

Docker:

Pulling the image:

docker pull berylliumsec/nebula_watcher:latest

Running the image docker image :

docker run --network host -v directory_that_contains_nmap_results/nmap_plain_text:/app/results -v where/you/want/the/diagram:/app/output  berylliumsec/nebula_watcher:latest

To change the diagram name from the default:

docker run --network host -v directory_that_contains_nmap_results/nmap_plain_text:/app/results -v where/you/want/the/diagram:/app/output  berylliumsec/nebula_watcher:latest python3 nebula_watcher.py --diagram_name /app/your_diagram_name

PIP:

pip install nebula-watcher

To run nebula-watcher simply enter:

nebula-watcher

Usage

Utilizing Nebula-Watcher is straightforward. Simply execute the tool, whether through the installed pip package or Docker. It will then autonomously monitor the IP addresses and ports you've engaged.

Options:

  • --results_dir : Specify the directory containing NMAP scan results. (Default: ./results)
  • --diagram_name : Specify the name for the generated diagram. (Default: hacking_activity)
  • --clear_state : Use this flag if you want to start the script without using the previous state. This can be helpful for debugging purposes.
  • --help: display the above options.

IMPORTANT

  • Ensure that your plain-text NMAP results are located within a directory titled results situated in the current working directory. If you intend to utilize a custom directory, please reference the aforementioned options for guidance.

  • By default, the generated diagram will be saved in the current working directory with the name ethical_hacking_activity.png. However, you have the flexibility to specify an alternate filename, as detailed in the provided options.

  • In cases where there is a significant number of IP addresses with open ports, it might be necessary to zoom into the diagram for clarity.

  • The monitoring tool creates a state.json file in the current working directory. This ensures the preservation of states even post-closure of the monitoring tool.

  • For accurate results, it is recommended to initiate Nebula-Watcher only after completing your general scans. Initiating beforehand may lead to the tool interpreting that all IPs and ports have been engaged during testing.

How It Works

  • The script first parses the NMAP scan results to identify open ports on different IP addresses.
  • It then monitors live network connections on the machine it's running on.
  • When a network connection matches an IP and port from the NMAP results, the color of the arrow goes from red to blue on the diagram.
  • The diagram is periodically updated to reflect the current state of the network connections.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nebula-watcher-0.4.tar.gz (8.4 MB view details)

Uploaded Source

Built Distribution

nebula_watcher-0.4-py3-none-any.whl (8.4 MB view details)

Uploaded Python 3

File details

Details for the file nebula-watcher-0.4.tar.gz.

File metadata

  • Download URL: nebula-watcher-0.4.tar.gz
  • Upload date:
  • Size: 8.4 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.6

File hashes

Hashes for nebula-watcher-0.4.tar.gz
Algorithm Hash digest
SHA256 c6ea1687e936d6f42856ea50c39c67694fa7ee4979d007b6b4df31dbc910b9b8
MD5 556af611a35f5bc6d71be3ab21e90c2c
BLAKE2b-256 da4c18b2674527a91df435ca49754f5e512db53d805ad094ae592f5437835178

See more details on using hashes here.

File details

Details for the file nebula_watcher-0.4-py3-none-any.whl.

File metadata

  • Download URL: nebula_watcher-0.4-py3-none-any.whl
  • Upload date:
  • Size: 8.4 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.6

File hashes

Hashes for nebula_watcher-0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 e2b56d2377e0d5ad5fe1d517d923bc56cc8e635e26840c87a91f66ea3e19c9aa
MD5 e7efb883379bf9f5f8dc0e4314c7665b
BLAKE2b-256 1ba29c5adedb12b11a6e0f5980d620f7e1d5a3af5e24e112cd0b681a982e13a6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page