kimocrossman1 / opendlp Goto Github PK

I would like to skip scanning c:\documents and
settings\{ANYUSERNAME}*\Application Data\Adobe.

Is there any way to do that?

for example:
C:\Documents and Settings\joeuser\Application
Data\Adobe\Designer\en\objects\custom\U.S. Social Security Number.xfo
C:\Documents and Settings\anotheruser\Application
Data\Adobe\Designer\en\objects\custom\U.S. Social Security Number.xfo
C:\Documents and Settings\thirduser\Local Settings\Temporary Internet
Files\Content.IE5\U20AX2TQ\search[2].htm
C:\Documents and Settings\joeuser\Application
Data\Mozilla\Profiles\default\fwud9co5.slt\Cache\1FE01381d01

You clear the "Password" field when when editing a profile. It's easy to forget 
this and save the profile without a password. A JS warning if this field is 
blank might be helpful.

What steps will reproduce the problem?
1. Create new scan, choose either SMB Netbios name or IP address for server.
2.  Error in /var/log/apache2/error.log:

Filesys::smbclient::_write: fd is not of type SMBCFILEPtr at 
/usr/lib/Perl5/Filesys/SmbClient.pm line 347

What is the expected output? What do you see instead?

Doesn't deploy agent to begin scan

What version of the product are you using? On what operating system?
Virtualbox image converted to VMware ESXi 4 image

.

When installing the standalone package, not the VM, the db_admin file is 
missing.  Other files may be missing as well, but that is as far as I got in 
the installation

sir i m beginner..i have downloaded image and also virtualbox..i opend it in 
that..

with username opendlp and password opendlp..
then what to do sir !?
how to bring gui then firefox ? and how to start !?

Running the OpenDLP VM image results in a long list of dma errors upon boot up 
and the drive being mounted as read only when running.

tested using Oracle VM Virtualbox 3.2.8 on Debian "squeeze", x86_64
2.6.32-trunk-amd64 #1 SMP Sun Jan 10 22:40:40 UTC 2010 x86_64 GNU/Linux

all sha1 sums were correct before first run.

When do you think a vm for the newer build 0.3.1 or higher of OpenDLP will be 
released?  Or will there be one?

There is a need for installation document. Requirements to setup the
executable file and web management interface.

Of those who have gotten the agent to work, what was your average scan time?  I 
started my first test scan using the VM of my test victim a little over 3 hours 
ago and the scan status still reads "-1: Deploying", is this normal?

on a side note, does the agent require any other port than 443 be open on the 
VM image in order to run?

What steps will reproduce the problem?
1.At the test client, create some test documents.
2.At the server, create a New Regex expression /(secret|confidential)/i and use 
existing AMEX regex.
3.Create a New Profile (Windows - Agent) 
4.Create a New Scan with the profile.

What is the expected output? What do you see instead?
I expect OpenDLP to find the sensitive documents. There were no findings 
instead.

What version of the product are you using? On what operating system?
OpenDLP 0.4.1 in Virtual Box
Windows XP SP3 in Virtual Box  

Please provide any additional information below.
See attached.

I did everything as mentioned in the document. I am also getting the main page. 
I am able to enter the regex and also create profiles. But when i start to 
scan, it gave me internal error. The error from the apache logs shows as below.

[Fri Jun 24 18:41:41 2011] [error] [client 3.209.179.23] malformed header from 
script. Bad header=\tNo such file or directory: start-verify.html, referer: 
http://3.209.176.11/OpenDLP/startscan.html
[Fri Jun 24 18:42:15 2011] [error] [client 3.209.179.23] malformed header from 
script. Bad header=\tNo such file or directory: start-verify.html, referer: 
http://3.209.176.11/OpenDLP/startscan.html

What might be the issue ? Request your help at the earliest. 

Thank you

Best Regards.,
Bhavani

Hello, Andrew.

While installing client-side software I have some troubles.
Installation is successfull: the files are copied into target system, but at 
server the step shown as "-1: Deploying" always.

Uninstalling agent also successfull.

But I can't understand, why server doesn't receive answers from agent.

In target windows system I see service named as "winexesvc". It has status 
"running".

I can prepare WireShark dumps of installation and control processes, if it wiil 
be necessary.

What steps will reproduce the problem?
1.assemble files with 7zip
2.import appliance
3.change nic to host only
4.start VM

What is the expected output? What do you see instead?

expected: Ubuntu 10.0.4.1 LT OpenDLP tty1, OpenDLP login

error received:
fsck from util-linux-ng 2.17.2
/dev/sda1 has gone 216 days without being checked, check forced.
/dev/sda1: Resize inode not valid.

/dev/sda1:UNEXPECTED INCONSISTENCY: RUN fsck MANUALLY
mountall: fsck /[252] terminated with status 4
mountall: Filesystem has errors: /

What version of the product are you using? On what operating system?
0.2.2 on virtual box 4.0.4r70112

Please provide any additional information below.
I attached ubuntu installation iso to vm.  Booted to VM and ran command against 
/dev/sda1.  Typed 'y' to all fix actions.  The VM now boots to login.  I've 
downloaded the files on Ubuntu and W7, md5 and sha1 all files with associated 
checksums, they all check out.  I just need confirmation that this behavior is 
expected, I missed any mention of this in the readme, readme.original, or 
changelog. 

Will you have the newest version in a virtualbox or vmware download soon?

I donwloaded and extracted the vbox images using hjsplit and 7-zip.

I got the server up and running by starting the server.

For some reson I got in the browser:

Forbidden

You don't have permission to access /OpenDLP/ on this server.
Apache/2.2.14 (Ubuntu) Server at 10.0.0.50 Port 443

Apache and perl not playing well together.

Any ideas?
Any help would be apreciated.

Cheers
G

When editing a scan profile, a blank line in the "ZIP Extensions" field will 
cause the unzipper to attempt to unzip all files.

What steps will reproduce the problem?

1. Place simple text file with single CC# on Desktop
2. Copy document over to Program Files
3. Run Scan

What is the expected output? What do you see instead?

I expect Regex matches on both documents. Instead, I only see a match for the 
text file in Program Files. If removed from Program Files, file on Desktop is 
not picked up (False Negative?)

What version of the product are you using? On what operating system?

OpenDLP 0.4.2 - VirtualBox VM

Please provide any additional information below.

If the "C:\Documents and Settings\<USERNAME>\Desktop" directory is specified, 
then the file shows a regex match for the appropriate CC type.

If, however, I don't specify the path down to the Desktop... then no regex 
match. (I can specify the path all the way to "C:\Documents and 
Settings\<USERNAME>" without getting a match).

I first thought this might be an issue with the search not being fully 
recursive, but that doesn't seem to be the case as I can detect files outside 
of the Desktop. The credentials being used are the account owner credentials 
(local admin privs on target box).

Has anyone else noted this issue? Any ideas?

Thanks!

today,I installed the a new VM based on OpenDLP 0.4.1, when i start scan, the 
/var/log/apace2/error.log report following info :

HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
Filesys::SmbClient::_write: fd is not of type SMBCFILEPtr at 
/usr/local/lib/perl/5.10.1/Filesys/SmbClient.pm line 347.


I'm use SMBhash ,the hash value copy from website. assume i don't kown the 
target machine Administrator passwd, How can I scan the machine, thanks a lot.

Hi Guys, I have followed the client VM guide, but I can't locate the client.p12 
file within or any p.12 files within the VM.  Do I need to generate it?  if so 
can you please point me to the instructions and get them added to the install 
guide please...

thanks

dan

A sequence of numbers of a certain minimum and maximum length, if matches the 
Luhn checksum,  
should be considered a credit card number. This might be a little slower than 
regex but should 
catch all of the real ones.

The regex should also have the Luhn check applied if they match as well to cast 
out false positives.

If I want run scan again, I see the message: "Directory already exists, 
terminating deployment and scan attempt", but agent not starting.
Also after one scan there is no button for remove agent.
Summary: after scan I can't run another scan and I can't remove agent for 
install it again from web interface.

What steps will reproduce the problem?
1.OpenDLP functions properly and deploys agents with password 
2.Fails with error Filesys::smbclient::_write: fd is not of type SMBCFILEPtr at 
/usr/lib/Perl5/Filesys/SmbClient.pm line 347
when starting scan with passthehash
3.Pass the hash functions properly when done manually

Where should I look to narrow down the problem

Hi Andrew,

Thanks for the 4.0 update. The product is coming together nicely.

A new VM would be a great idea. Also some instructions on how to put the pieces 
together(It took my half a day to figure that out and hoepfully I am no dummy).

In presented this to a customer as a possible PCI-DSS solution. Their biggest 
challenge is maintaining mail and finding credit card data in emails.

Have you any guidance on scanning .pst files? Having the agent look at this 
would be a great advantage. Some commerial products in this space don't even 
have this type of support.

Cheers,
G

What steps will reproduce the problem?

1.downloaded all files 001,002,003,004
2.joined them into one zip, First using 7Zip and another using hjsplit, 
3.tried to unzip the last file OpenDLP-0.2.2-VM.7z (300Mb) using 7Zip and Winrar
4. no sucessful

On what operating system?
Win 7

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?
After initializing the scan, there is no output. Only response is the following:
"192.168.X.X: Trying to deploy (0 systems remain in queue)"

What version of the product are you using? On what operating system?
I m using OpenDLP 0.4.2 on windows7 (server) and windows 2003 and 2007(client).

Please provide any additional information below.

How am I supposed to get the Sc.exe file into a virtual system?

I'm running OpenDLP 0.2.2 in VirtualBox on a WinXP system to test.

Request 1:  It would be very beneficial to have the ability to schedule scans 
to occur at certain times.  Not sure if this is in the plans or not.

Request 2:  It appears in the 0.2.2 version that once a profile has been 
created there is no way to open the existing profile and view the settings or 
edit it.  Is this a future enhancement?

Request 3:  It appears in 0.2.2 that if a scan fails I could not delete it or 
cancel it.  I have a pause button or remove agent, but hitting those do nothing 
and the scan stays present until ? time.

What steps will reproduce the problem?
1. Create Scan Profile and deploy scan to client.
2. Wait until agent is deployed, check Scan Results
3. Inspect Status of agent, and log file of client.
4. Pause and then Uninstall the agent after an appropriate waiting time.

What is the expected output? What do you see instead?
Agent Status should eventually move past "-1 Deploying", and results should 
show up on the results page.

What version of the product are you using? On what operating system?
0.4.2. Server operating off provided Virtual Machine (Ubuntu), Client on 
Windows XP VM on VirtualBox.

Please provide any additional information below.
I apologize for starting a new thread on this one, but it's fundamentally 
different from the last problem (which was resolved), and I've spent almost a 
month trying to troubleshoot it with no change.

The agent successfully deploys and begins scanning. Unfortunately, the server 
will not move past the status "Deploying" nor receive results. The server will 
successfully send Pause and Uninstall commands to the client, however, no data 
from the agent seems to get back to the server.

Based on the various logs it looks like the server can successfully connect to 
the client, copy the opendlp files over, and initiate the scan. But the client 
can't seem to actually send results BACK. Apache logs show continuous POST 
requests by the client, but nothing actually changes on the server side, and 
the client log indicates that it gets stuck in a loop waiting for the server to 
answer.

The log file on the client suggests it successfully scans the client, 
identifies the appropriate test files, finishes the scan, and then enters a 
loop where it sends the server a request to uninstall it and waits for that to 
happen.

The majority of these transmissions from the client come back with a libcurl 
error of 0, but at least four times in a 20 minute period, it will return with 
error 23.

On the server side of things, the scan status never changes from -1. The apache 
log files confirm the client is sending numerous HTTP POST requests, and there 
are no new entries in the error log to suggest a malformed request or bad 
credentials.

>[Apache access log snippet]
>[redacted Client VM IP] - ddt [03/Oct/2011:17:30:12 -0400] "POST 
/OpenDLP/results/results.html HTTP/1.1" 200 1834 "-" "-"
>[redacted Client VM IP] - ddt [03/Oct/2011:17:30:13 -0400] "POST 
/OpenDLP/results/results.html HTTP/1.1" 200 1945 "-" "-"

[the above two lines randomly appear continuously, in no particular order, 
interrupted only by GET commands from the VM host when I load up or refresh the 
Results pages]

I've attached the complete client LOG file.

Any help that anyone can provide would be greatly appreciated.

It seemes that I can`t untar them because they aren`t archive files (tryed with 
7-zip). So my question is how can I use these files to create (or to load 
them?) a image that could be readable for virtualbox?

Hello,

This is not an issue i just would like to understand how agentless scan over 
SMB works.
If i understood well, when you run this type of scan, in order to perform the 
scan of the files itselves, the tool copied the files to OpenDLP server 
(/tmp/OpenDLP/1) over the network and scan the file.

After, the file(s) is(are) deleted from OpenDLP.

Is this correct?

So this kind of scan if bandwitdth consuming so...

Thanks help me to understand well.

Great tool in any case.

Regards,
Fabrice 

Hello Andrew!

How to use opendlp protection specially suffix files, such as .c .h .app. I 
appreciate your opendlp, I so to expect 0.4-VM release . Where to find example 
of opendlp?  
                    Thanks so much!

What steps will reproduce the problem?
1.  Start a scan from the web interface.
2.  `ps -ef | grep wine` returns current step of the scan.
3.  scan hangs here until a kill -9 and then hangs on each subsequent step.
4.  final hang is on the cmd.exe del /Q.  

What is the expected output? What do you see instead?

I expect the scans to finish automatically, the scan does complete, but manual 
intervention is required.


What version of the product are you using? On what operating system?
0.2.6 on CentOS 5.5

Please provide any additional information below.
Vanilla setup, but the db_admin_file and other relative paths were not working. 
 I had to hard code them in the HTML.

All hosts are on a domain, credentials are fine, running the winexe commands 
from the linux CLI works fine, aside from some syntax errors.  domain/username 
versus domain\username and some errant \"'s

What steps will reproduce the problem?
1. Installed VirtualBox
2. Imported OpenDLp files and booted up
3. signed into virtual machine with default password
4. Imported the Certificate into chrome, IE, firefox 4
5. Went to Ip address of VM box https://xxx.xxx.xxx.xxx

What is the expected output? What do you see instead?
I am expecting to get a login page when visiting the https://xxx.xxx.xxx.xxx 
site.  Instead I get prompted about the certificate, I accept and import it 
then I get a blank page, no text, nothing.

What version of the product are you using? On what operating system?

2011.05.06 - OpenDLP 0.3.1

Please provide any additional information below

What steps will reproduce the problem?
1. Run OpenDLP server VM and WinXP VM on VirtualBox at the same time
2. Open OpenDLP webpage on host computer,
3. Start New Scan on WinXP VM.

What is the expected output? What do you see instead?
I see the "Attempting to deploy..." message, and a warning not to navigate away 
from the page until it's done. It's never done. 

What version of the product are you using? On what operating system?
OpenDLP 0.4.1

Please provide any additional information below.
I'm fairly certain I'm just doing something wrong here, and it's not an issue 
with OpenDLP itself. I've set the Network Adapters on both VMs to Host Only 
(after previously having had them as Bridged). NetBIOS confirmed on WinXP VM. I 
make sure both VMs can see each other via ping. I've even turned off the 
Firewall in the WinXP VM. Each time it just hangs there.

What am I missing?

What steps will reproduce the problem?
1.downloaded all files 001,002,003,004
2.joined them into one zip --even tried extracting individually. 
3.started up virtual box 
4.imported
5.start vm fail error: failed to open session.
6.import to vmware workstation: ovf descriptor file could not be parsed.

What version of the product are you using? On what operating system?
newest

Please provide any additional information below.

What steps will reproduce the problem?
1. Create Profile - Scan Type: Windows Filesystem (agentless over SMB) 

2. Start New Scan - Select previously created profile - Input target IP Address

3. Wait for scan to complete

What is the expected output? What do you see instead?

I expect scan to start successfully, instead it remains stuck on "-1:Deploying"

What version of the product are you using? On what operating system?

OpenDLP 0.4.2 - VirtualBox VM

Please provide any additional information below.

I fired up Wireshark on the target host as well as starting a tcpdump within 
the OpenDLP VM. Inspection of both show no attempts to connect out to the 
target host via SMB (nor any other protocol).

Connecting to target host port 443 via telnet is successful and can be seen via 
packet captures.

Everything seems to be right setting wise, unless I am missing something. 

Also, because the scans don't complete I cannot delete them. Pausing and 
Killing don't seem to help.

Any ideas?

A co-worker pointed me to this project and I am very interested in it.
However when looking over the sample screen-shots it looks like any found
data is reported in full.  
This now creates an additional location where this information is stored.
Is there any chance that if data is found matching one of the expressions
that you are searching for the data can be masked and just given as a
partial display/report of what was found? 
i.e.
Mastercard | xxxxxxxxxxxx5594
Social_Security_Number_dashes | xxx-xx-4321

What steps will reproduce the problem?
1.View scan results:
2.select radio button for scan that contains 21 running scans
3.click "View Scan Details" button
4.Resulting page shows all 21 servers, but no "view results" buton

What is the expected output? What do you see instead?
Button at bottom to send the request to view results for a selected server

What version of the product are you using? On what operating system?
2.6

Please provide any additional information below.
I am not sure if this is specific to the number of servers, I only include that 
as that is the number I have.  I looked in the viewresults.html page and I can 
see that for some reason the code is not running line 364.  I am not very good 
with perl so I haven't quite figured out what is going on just yet.  I will 
mention that the last server in the list says it is running and scanning, but 
there is no status bar or approximate time remaining.  I hope this helps, I 
will continue to look at it and see if I can help  myself.  

Other than some little issues, very nice app.  Thanks you sharing it.

What steps will reproduce the problem?
1. Create Scan profile
2. Start scan on share
3. Scan never starts/stops and I can not remove it from active scans!

What is the expected output? What do you see instead?
Share scan to start, it does not.


What version of the product are you using? On what operating system?
Latest VM image

Please provide any additional information below.

I can give more information if Knew what the logs says, when I go to the logs 
section of the webgui it states invalid name. (we are just trying one share, so 
"\\1.2.3.4\Temp", I even tried "1.2.3.4\Temp" and it still failed.  

I tried searching for this but could not find any issues relating directly to 
this.

Thank you! (great program, I sae your talk in blackhat as well)

What steps will reproduce the problem?
1.enter a domain name containing an underscore in the profile config

Error: "Windows domain can only contain alphanumeric and dash characters"

What version of the product are you using? On what operating system?

0.2.2 Ubuntu-based VirtualBox VM released 2010.08.25

Client on Windows XP SP3

Question: Is it possible to add support for underscores in domain names?