A tool to monitor and visualize network connections based on Nmap scan results.
Project description
Nebula Watcher
Welcome to the Nebula Watcher
Content
Acknowledgement
First i would like to thank the All-Mighty God who is the source of all knowledge, without Him, this would not be possible.
Why?
Nebula Watcher offers a method for ethical hackers to monitor the IP addresses and ports they've engaged with during a penetration test. It serves as a visual tool to ensure comprehensive coverage of all intended IP addresses and ports under examination.
Features
- Parses NMAP scan results (in plain text format) from a specified directory.
- Monitors network connections and matches them against the parsed NMAP scan results.
- Generates a visual diagram depicting the activity, with different colors indicating the type of connection.
- Periodically updates the diagram, maintaining a history of the ethical hacking activity.
Before connecting to port 443:
After connecting to port 443:
Dependencies
Installation
The easiest way to get started is to use the docker image. Please note that the ZAP model is NOT supported in the docker image. If you would like to use ZAP please install the package using pip.
PRO TIP: Regardless of if you are using the docker or pip version, always run nebula in the same folder so that it doesn't have to download the models each time you run it.
Docker:
Pulling the image:
docker pull berylliumsec/nebula-watcher:latest
Running the image:
docker run -v $(pwd):/app berylliumsec/nebula-watcher:latest
PIP:
pip install nebula-watcher
To run nebula simply enter:
nebula-watcher
Options:
--results_dir : Specify the directory containing NMAP scan results. (Default: ./results) --diagram_name : Specify the name for the generated diagram. (Default: hacking_activity) --clear_state : Use this flag if you want to start the script without using the previous state. This can be helpful for debugging purposes.
A state file named state.json is written to the current working directory to preserve states even when you close the monitoring tool.
How It Works
- The script first parses the NMAP scan results to identify open ports on different IP addresses.
- It then monitors live network connections on the machine it's running on.
- When a network connection matches an IP and port from the NMAP results, the color of the arrow goes from red to blue on the diagram.
- The diagram is periodically updated to reflect the current state of the network connections.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file nebula-watcher-0.1.tar.gz.
File metadata
- Download URL: nebula-watcher-0.1.tar.gz
- Upload date:
- Size: 4.8 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7d631bb054d3ec8680eeac8acefc119d7b644f253a35e79b08b05a296d02f85c |
|
| MD5 | 25baebaae0e0c6f5d43b727302d860a5 |
|
| BLAKE2b-256 | d58d60dd2a38009fc0c4fc4c47e99bcef512c535f4aa30ac9f08809a83c1f0e3 |
Provenance
File details
Details for the file nebula_watcher-0.1-py3-none-any.whl.
File metadata
- Download URL: nebula_watcher-0.1-py3-none-any.whl
- Upload date:
- Size: 4.8 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9504918c12308f7b585408e4c8d550af1e27851a837d7d8aad29e5a8192ab938 |
|
| MD5 | 7090ee04ced1993f3bec4e00e876002e |
|
| BLAKE2b-256 | d0444dfe0833338156be3876b67e60965a6369af0dd0bdd90edf5a3b49f2c650 |
