A tool to monitor the IP addresses and ports you have engaged with during a penetration test using the Nebula-Watcher tool
Project description
Nebula-Watcher
Welcome to the Nebula-Watcher
Content
Acknowledgement
First i would like to thank the All-Mighty God who is the source of all knowledge, without Him, this would not be possible.
Why?
Nebula-Watcher offers a method for ethical hackers to monitor the IP addresses and ports that they have engaged with during a penetration test. It serves as a visual tool to ensure comprehensive coverage of all intended IP addresses and ports under examination.
Features
- Parses NMAP scan results (in plain text format) from a specified directory and returns only IP addresses with open ports.
- Monitors network connections and matches them against the parsed NMAP scan results.
- Generates a visual diagram depicting the activity, with different colors indicating the type of connection.
- Periodically updates the diagram, maintaining a history of the ethical hacking activity.
Example
Before connecting to port 443:
After connecting to port 443:
Dependencies
Installation
The easiest way to get started is to use the docker image.
Docker:
Pulling the image:
docker pull berylliumsec/nebula_watcher:latest
Running the image docker image :
docker run --network host -v directory_that_contains_nmap_results/nmap_plain_text:/app/results -v where/you/want/the/diagram:/app/output berylliumsec/nebula_watcher:latest
To change the diagram name from the default:
docker run --network host -v directory_that_contains_nmap_results/nmap_plain_text:/app/results -v where/you/want/the/diagram:/app/output berylliumsec/nebula_watcher:latest python3 nebula_watcher.py --diagram_name /app/your_diagram_name
PIP:
pip install nebula-watcher
To run nebula-watcher simply enter:
nebula-watcher
Usage
Utilizing Nebula-Watcher is straightforward. Simply execute the tool, whether through the installed pip package or Docker. It will then autonomously monitor the IP addresses and ports you've engaged.
Options:
- --results_dir : Specify the directory containing NMAP scan results. (Default: ./results)
- --diagram_name : Specify the name for the generated diagram. (Default: hacking_activity)
- --clear_state : Use this flag if you want to start the script without using the previous state. This can be helpful for debugging purposes.
- --help: display the above options.
IMPORTANT
-
Ensure that your plain-text NMAP results are located within a directory titled results situated in the current working directory. If you intend to utilize a custom directory, please reference the aforementioned options for guidance.
-
By default, the generated diagram will be saved in the current working directory with the name ethical_hacking_activity.png. However, you have the flexibility to specify an alternate filename, as detailed in the provided options.
-
In cases where there is a significant number of IP addresses with open ports, it might be necessary to zoom into the diagram for clarity.
-
The monitoring tool creates a state.json file in the current working directory. This ensures the preservation of states even post-closure of the monitoring tool.
-
For accurate results, it is recommended to initiate Nebula-Watcher only after completing your general scans. Initiating beforehand may lead to the tool interpreting that all IPs and ports have been engaged during testing.
How It Works
- The script first parses the NMAP scan results to identify open ports on different IP addresses.
- It then monitors live network connections on the machine it's running on.
- When a network connection matches an IP and port from the NMAP results, the color of the arrow goes from red to blue on the diagram.
- The diagram is periodically updated to reflect the current state of the network connections.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file nebula-watcher-0.4.tar.gz
.
File metadata
- Download URL: nebula-watcher-0.4.tar.gz
- Upload date:
- Size: 8.4 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c6ea1687e936d6f42856ea50c39c67694fa7ee4979d007b6b4df31dbc910b9b8 |
|
MD5 | 556af611a35f5bc6d71be3ab21e90c2c |
|
BLAKE2b-256 | da4c18b2674527a91df435ca49754f5e512db53d805ad094ae592f5437835178 |
File details
Details for the file nebula_watcher-0.4-py3-none-any.whl
.
File metadata
- Download URL: nebula_watcher-0.4-py3-none-any.whl
- Upload date:
- Size: 8.4 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/4.0.2 CPython/3.11.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e2b56d2377e0d5ad5fe1d517d923bc56cc8e635e26840c87a91f66ea3e19c9aa |
|
MD5 | e7efb883379bf9f5f8dc0e4314c7665b |
|
BLAKE2b-256 | 1ba29c5adedb12b11a6e0f5980d620f7e1d5a3af5e24e112cd0b681a982e13a6 |