command line to execute. cmd: string; ## Provide standard in to the program. stdin: string &default=""; ## If additional files are required to be ## read in as part of the output of the ## command, they can be defined here. read_files: set[string] &optional; ## The unique id for tracking executors. uid: string &default=unique_id(""); };
command line to execute. cmd: string; ## Provide standard in to the program. stdin: string &default=""; ## If additional files are required to be ## read in as part of the output of the ## command, they can be defined here. read_files: set[string] &optional; ## The unique id for tracking executors. uid: string &default=unique_id(""); };
command line to execute. cmd: string; ## Provide standard in to the program. stdin: string &default=""; ## If additional files are required to be ## read in as part of the output of the ## command, they can be defined here. read_files: set[string] &optional; ## The unique id for tracking executors. uid: string &default=unique_id(""); };
command line to execute. cmd: string; ## Provide standard in to the program. stdin: string &default=""; ## If additional files are required to be ## read in as part of the output of the ## command, they can be defined here. read_files: set[string] &optional; ## The unique id for tracking executors. uid: string &default=unique_id(""); };
command line to execute. cmd: string; ## Provide standard in to the program. stdin: string &default=""; ## If additional files are required to be ## read in as part of the output of the ## command, they can be defined here. read_files: set[string] &optional; ## The unique id for tracking executors. uid: string &default=unique_id(""); };
from the program. exit_code: count &default=0; ## Was the command terminated with a signal? signal_exit: bool &default=F; ## Each line of standard out. stdout: vector of string &optional; 7
from the program. exit_code: count &default=0; ## Was the command terminated with a signal? signal_exit: bool &default=F; ## Each line of standard out. stdout: vector of string &optional; ## Each line of standard error. stderr: vector of string &optional; 7
from the program. exit_code: count &default=0; ## Was the command terminated with a signal? signal_exit: bool &default=F; ## Each line of standard out. stdout: vector of string &optional; ## Each line of standard error. stderr: vector of string &optional; ## If additional files were requested to be ## read, the content of those files. files: table[string] of string_vec &optional; }; 7
if this host has a history of notifications/ suspensions. • Check LDAP to see if the user is a student or a faculty member. • Check Identity Finder to see if the system has PII. 11
{ if ( rec$port_num != 3389/tcp ) return; local cmd = "/opt/nessus/bin/nasl -‐t %s " + "/opt/nessus/lib/nessus/plugins/ms12-‐020.nbin"; when ( local result = Exec::run([$cmd=fmt(cmd, rec$host)]) ) { for ( i in result$stdout ) { if ( /Success/ in result$stdout[i] ) print fmt("%s is vulnerable to MS12-‐020", rec$host); } } }
{ if ( rec$port_num != 3389/tcp ) return; local cmd = "/opt/nessus/bin/nasl -‐t %s " + "/opt/nessus/lib/nessus/plugins/ms12-‐020.nbin"; when ( local result = Exec::run([$cmd=fmt(cmd, rec$host)]) ) { for ( i in result$stdout ) { if ( /Success/ in result$stdout[i] ) print fmt("%s is vulnerable to MS12-‐020", rec$host); } } }
{ if ( rec$port_num != 3389/tcp ) return; local cmd = "/opt/nessus/bin/nasl -‐t %s " + "/opt/nessus/lib/nessus/plugins/ms12-‐020.nbin"; when ( local result = Exec::run([$cmd=fmt(cmd, rec$host)]) ) { for ( i in result$stdout ) { if ( /Success/ in result$stdout[i] ) print fmt("%s is vulnerable to MS12-‐020", rec$host); } } }
{ if ( rec$port_num != 3389/tcp ) return; local cmd = "/opt/nessus/bin/nasl -‐t %s " + "/opt/nessus/lib/nessus/plugins/ms12-‐020.nbin"; when ( local result = Exec::run([$cmd=fmt(cmd, rec$host)]) ) { for ( i in result$stdout ) { if ( /Success/ in result$stdout[i] ) print fmt("%s is vulnerable to MS12-‐020", rec$host); } } }
{ if ( rec$port_num != 3389/tcp ) return; local cmd = "/opt/nessus/bin/nasl -‐t %s " + "/opt/nessus/lib/nessus/plugins/ms12-‐020.nbin"; when ( local result = Exec::run([$cmd=fmt(cmd, rec$host)]) ) { for ( i in result$stdout ) { if ( /Success/ in result$stdout[i] ) print fmt("%s is vulnerable to MS12-‐020", rec$host); } } }
with a callback that is called every time a previously unseen file is seen. global monitor: function( dir: string, callback: function(fname: string), poll_interval: interval );
with a callback that is called every time a previously unseen file is seen. global monitor: function( dir: string, callback: function(fname: string), poll_interval: interval );
creds work to SSH into their system! Someone ran Windows Updates! Send them a pizza. (github.com/coryarcangel/Pizza- Party-0.1.b) Have Bro make phone calls. “Is your open recursive DNS server running?” 19 Fun with Bro!
creds work to SSH into their system! Someone ran Windows Updates! Send them a pizza. (github.com/coryarcangel/Pizza- Party-0.1.b) Have Bro make phone calls. “Is your open recursive DNS server running?” > net send win2k The 21st century called... 19 Fun with Bro!