How SEIP bot can help Network Vulnerability Analysis

In my previous article, we discussed about the architecture of the Security Engineering Intern Project bot. In this article we discuss how this bot can help Security Engineers to automate scans and JIRA operations.

Automating Offensive Security Initial Reconnaissance Scans

Network Vulnerability Scanning is carried on by security teams to find out loopholes in targeted IP Spaces and extend to find out more information about potential service endpoints of web servers.

As we know, the SEIP bot is a dockerized version of an open-source python chatbot Will. It has a number of friendly plugins which range from DevOps, Productivity, and Monitoring. We have added our own plugin scripts to the chatbot to start NMAP scans of targeted IP spaces. For specific port scanning, we have added Simple Network Management Protocol (SNMP walk) and Nikto scans.

The chatbot gives a detailed list of host enumeration and service enumerations of a targeted IP Address and this information can be a part of the Initial Reconnaissance scan results to the Offensive Security Team at Viasat.

How does NMAP help Security Engineers?

NMAP is used to find out which hosts are running on in the network, which services are working and which type of filtering is active.

To use NMAP, security engineers need to download NMAP from source, open command prompt to set up the path and then start scanning IP spaces using NMAP. The chatbot does the same task effectively when the user adds a friendly command on the chat interface.

@SEIPBot IP <Targeted IP Space>

Security teams can also run on the fly NMAP scans using the chat application on their phone:

 

Specific Port scans – SNMP and Nikto

Simple Network Management Protocol – Service Monitoring

SNMP is helpful when security engineers are searching information to monitor hardware and software and manage network. It has read/write capabilities, collect in-depth information on how much resource bandwidth different services are using, and can perform scheduled polling to check health status of different services running in the network.

With the help of SNMP, engineers can get immediate incident responses if any server/firewall fails and it can help in re-allocation of resources immediately. SNMP walk collects all information in a tree-based structure and sends the results back to the user.

We have implemented SNMP walk inside the chatbot and it can run the scan using a simple command on the chat interface:

@SEIPbot SNMP <targeted SNMP IP space>

We can run SNMP scans through the chat mobile application:

 

Nikto – Web Vulnerability Scanner

Nikto is an open-source Perl-based web server scanning tool which helps in detecting web server vulnerabilities, including known dangerous files and programs, outdated server software, and other problems. It prints any cookies which are being received by the web server it is currently testing. This is one of the well-known server security testing tools which is used to test Intranet web servers.

We have added a python plugin script to add Nikto inside the chatbot. The Nikto scan checks for web service ports such as 80 and starts scanning the targeted web server. To start a Nikto scan, security team can add a friendly command on the chat interface.

@SEIPbot WEB <Targeted Web Server IP Address>

We can run Nikto scans through the chat mobile application:

JIRA API Integration with the SEIP Bot

We have added the JIRA API integration into the chatbot to poll our JIRA project periodically and retrieve new tickets. To further make life easy for a developer, I have added a few other functionalities – adding assignee to a ticket, getting full description of a ticket, adding comment on a ticket and changing the transition status of a ticket from open to resolved. All of these functionalities happen through a chat interface, thus improving efficiency and time reduction of manually interacting with JIRA console.

Example of getting full description of a ticket:

@SEIP bot <Project Key> <Issue Key> desc

Example of assigning user to a ticket:

@SEIP bot <Project Key> <Issue Key> <Assignee Name>

Example of adding comment to a ticket:

@SEIP bot <Project Key> <Issue Key> <”Add comment” >

Example of changing status of a ticket-

@SEIP bot <Project Key> <Issue Key> <status >

The status of a ticket can be in the form of  open -> progress -> resolve -> close: 

 

Thus, SEIP bot can help automate vulnerability scanning and JIRA ticketing operations in an effective way. It can help Viasat’s Security Engineering team to get scan results without the need to download heavy scanning tools. The security team can start scans from a mobile device without the need of using a computer. Also, the chatbot can be further extended to add more scanning tools for deeper investigation.

This is just a sneak peek to how bots can help teams be more collaborative, effective and have fun.

As I mentioned in my previous article, this has been a very fun and rewarding internship.  I learned a lot about software engineering, cybersecurity, cloud architectures, and working effectively with a diverse and distributed team.  To learn more about Viasat and their internship opportunities, visit:

https://viasat.com/careers/university/interns

 

Leave a Reply