Strikeback with iplog and nmap
-
Many thanks Tom, that does the trick indeed :-)
-
Seems that in an hour, strikeback has seen hundreds of scans and probes.
But they're all coming from my LAN. Strikeback needs a "listen on interface _____" option to make it listen only on the outside interfaces.
-
Seems that in an hour, strikeback has seen hundreds of scans and probes.
It's a heck of a tool. I tested it for 1 minute last night and received 4300 entries.
IPLog gave lots of useful detail but I needed to reduce the noise.
Most data was Unbound initiated DNS traffic.
Apr 12 10:06:41 UDP: dgram to port 59305 from b.gov-servers.net (209.112.123.30):53 (514 data bytes) Apr 12 10:06:41 UDP: dgram to port 21314 from a.gov-servers.net (69.36.157.30):53 (514 data bytes) Apr 12 10:06:41 UDP: dgram to port 48480 from ns2.nasa.gov (198.116.4.185):53 (455 data bytes) Apr 12 10:06:41 UDP: dgram to port 26425 from ns1.nasa.gov (198.116.4.189):53 (811 data bytes) Apr 12 10:06:41 UDP: dgram to port 62907 from ns3.nasa.gov (198.116.4.181):53 (451 data bytes)
I was confused because I had checked the Ignore DNS option
The problem was that I had left one of the Settings-> Ignore DNS Server boxes empty.
I populated all three w/ 0.0.0.0 and that filtered out DNS.To get rid of LAN, Torrent and VoIP chatter; I added```
ignore tcp from 192.168.1.0/24
ignore udp from 192.168.1.0/24
ignore udp dport 5000:65535**Note:** I found that saving a change under the Settings tab, rewrites /usr/local/etc/iplog.conf and wipes my custom entries.
-
First:
I really like that the conf file (/usr/local/etc/iplog.conf) is noted in the Settings tab.
It's a small thing but a big help.Second:
If the time comes to refine Strikeback a bit more, would you consider the following suggestions?Adding the Save and Clear Log buttons to the top of the Log Viewer page.
(I discovered that I can rack up thousands of log items quickly and would have to dive after the buttons.)Suggestion #2 - Option to reverse log entries.
Suggestion #3 - Option to auto-refresh the Log Viewer page.That aside, Strikeback is already a big help. Thank you for your time and your ingenuity in dev'ing it.
-
I've been having a couple of the same bugs, I saw earlier in the thread.
I may have debugged this one.
php: /packages/strikeback/strikeback.php: The command 'mkdir /var/run/iplog' returned exit code '1', the output was 'mkdir: /var/run/iplog: File exists'
I commented out line 170 in /packages/strikeback/strikeback.php so the code now reads like this:
if(isset($_POST['formSubmit'])) { // mwexec("mkdir /var/run/iplog"); mwexec("rm /var/log/iplog"); mwexec("touch /var/log/iplog"); mwexec("/usr/local/etc/rc.d/iplog restart");
I haven't seen the error since.
. -
Change the code this way to keep creating the folder if does not exists:
if(isset($_POST['formSubmit'])) { if (!is_dir('/var/run/iplog')) mkdir("/var/run/iplog", 0700, true); mwexec("rm /var/log/iplog"); mwexec("touch /var/log/iplog"); mwexec("/usr/local/etc/rc.d/iplog restart");
-
I will do that.
Your timing is good (for me anyway) - I have an almost identical problem here.
This error occurs when I try to launch a strikeback from the provided link.
php: /packages/strikeback/strikeback.php: The command 'mkdir /usr/local/www/packages/strikeback/reports' returned exit code '1', the output was 'mkdir: /usr/local/www/packages/strikeback/reports: File exists'
I'm looking at the statement that begins on line 59 of /usr/local/www/packages/strikeback/strikeback.php
if(isset($_GET[target])) { mwexec("mkdir /usr/local/www/packages/strikeback/reports"); //mwexec("/usr/local/bin/nmap -oX /usr/local/www/packages/strikeback/reports/".$_GET[target].".xml -vvsS -sU -sY -O ".$_GET[target]."> /dev/null 2>&1 &"); mwexec("/usr/local/bin/nmap -oX /usr/local/www/packages/strikeback/reports/".$_GET[target].".xml -vv -sS -sU -sY -O ".$_GET[target]); echo " \n"; }
I don't think it's checking for the existence of /usr/local/www/packages/strikeback/reports/ prior to the mkdir command.
So I nested a 2nd statement to folder check and that error seems to have gone.
if(isset($_GET[target])) { if (file_exists("/usr/local/www/packages/strikeback/reports")){ } else { mwexec("mkdir /usr/local/www/packages/strikeback/reports"); } //mwexec("/usr/local/bin/nmap -oX /usr/local/www/packages/strikeback/reports/".$_GET[target].".xml -vvsS -sU -sY -O ".$_GET[target]."> /dev/null 2>&1 &"); mwexec("/usr/local/bin/nmap -oX /usr/local/www/packages/strikeback/reports/".$_GET[target].".xml -vv -sS -sU -sY -O ".$_GET[target]); echo " \n"; }
But your code sample may work here as well. I need to look it over a moment.
-
Is this pakage working or not?
Shows version 0.1 Beta in pfsense and 1.0 Beta here ?
What version is it now and is there a change log ?
-
This was asked a couple of times last year but I don't think anyone knew the answer.
Did anyone attempt to port Strikeback over to AMD64?
Could there be a beta ver stashed away that we could git to? -
I still have plans to complete this project. Work/School just is the priority right now.
-
This was asked a couple of times last year but I don't think anyone knew the answer.
Did anyone attempt to port Strikeback over to AMD64?
Could there be a beta ver stashed away that we could git to?I've been waiting on the answer to that also, see several attempts at asking and no answer…
-
I've been waiting on the answer to that also, see several attempts at asking and no answer…
It look like it need just iplog and nmap
You can try to add it using pkg_add -f http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/amd64/8.1-RELEASE/packages/All/package_name.tbz
and copy installed xml,php,js files from an i386 version.
-
Hi!
Which record i have to use to set a size of logfile in /usr/local/etc/iplog.conf?
Thanx. -
Clicking an IP in Strikeback gives this error now
New site coming soon…
Visit orlando.dnstools.com or houston.dnstools.com for the old site.I went into /usr/local/www/packages/strikeback/strikeback.php and changed all instances of
http://dnstools.com/...
into
http://orlando.dnstools.com/...
and that fixed it.
I also tested houston.dnstools.com; it works as well