Friday, February 4, 2011

MagicTree

Description

MagicTree is a tool developed in Java by Gremwell. It enables to organize data gathered during a pentest. The tool also enables to launch commands (Nmap, Nikto, ...) for a better integration of the results. Here are some of the features:

* Automatic creation of nodes from netblock address
* Drag and drop objects from the tree
* Launch CLI-based tools (Nmap, Nikto, ...) from MagicTree
* Import results from other tools (Nessus, ...)
* Sort findings by severity
* Generate reports (*.odt, *.docx)
* And much more...

This article introduces the basics of the tool. For a more complete documentation, please refer to http://www.gremwell.com/magictreedoc/.
Installation
Java

You will need to install Java. Under *ubuntu, edit your /etc/apt/sources.list file and uncomment these 2 repositories:

deb http://archive.canonical.com/ubuntu lucid partner
deb-src http://archive.canonical.com/ubuntu lucid partner

Then update your local repositories and install Java:

$ sudo apt-get update
$ sudo apt-get install sun-java6-plugin

Install MagicTree

$ mkdir -p /pentest/misc/magictree/
$ cd /pentest/misc/magictree/
$ wget http://www.gremwell.com/dist/1381.5c2a7c0734ce8c65ba59f3c2b8884470/MagicTree-1381.jar

Usage
Start MagicTree

To start MagicTree, simply issue following command:

$ cd /pentest/misc/magictree/
$ java -jar MagicTree-1381.jar

You should see following screen:



Create, rename and delete nodes
Automatic creation

To automatically create a node from a netblock (e.g. 192.168.100.0/24), select "Node > Auto Create" from the menu. Then, enter the netblock with the CIDR form.
Manual creation
Manually create nodes

* To create a node from the root, right click on the top node and select:
o "Create child > Branch Node" to create a new branch
o "Create Child > Simple Node" to create an object (e.g. host)
* To rename an object, double click on it to edit the label.
* To delete an object, right click on it and select "Delete" from the menu.



Also notice that you can move any object by drag/drop-ing it.


Notice
The "testdata" branch node is generally used under "magictree" to store all the data related to the test. Sticking to the same tree structure is useful in several ways. Firstly, if you import XML from nmap, nessus, or other tools it will be under "testdata". If you manually create host nodes, you'll want the results of the scan to appear under the nodes you have created. Secondly, there are a number of scanned queries and what is called "methods" (a query and a command that use the query results) that generally work from the assumption that the data is under "/magictree/testdata".

Using tables


Tables enable to use a list of hosts in a command line (e.g. Nmap). In the example above, we use -iL $in to use the list of hosts/networks:

* -iL : Input from list of hosts/networks
* $in: Variable used to process data from the table

We also use an output to be able to get the results of our command:

* -oX : Output scan in XML format
* $out: Variable that will be processed to inject the results in the tree.




Click on "Console" to see the scan running (usefull to enter sudo password).

Once the scan is finished, select $out in the variables and click on "Import" to inject the results in the tree.
Import results from external tools

MagicTree enables to import Nessus results. Save your Nessus report in .nessus (Version 1 and Version 2) format and open the file in MagicTree.


Repo-browser

On the right hand side of the window frame there is a button that says "Repo Browser". Clicking on it opens the query and method repository. You can browse it by tags and execute queries and methods stored in it. You can also save the queries and commands that you use to the repository, to be able to quickly execute them later.


Generating Reports

Once you have completed your penetration tests, you can export the results in a *.odt (OpenOffice) or *.docx (MS Office) file. Select "Report > Generate Report" from the menu, and select one of the templates available in the ~/.magictree/report-templates/ directory.


Notice that if you use KDE (e.g. Kubuntu), you will get an error:

20:18.14 Report generation failed
java.lang.UnsupportedOperationException: Desktop API is not supported on the current platform
at java.awt.Desktop.getDesktop(Desktop.java:144)
at bU.b(SourceFile:277)
at bU.a(SourceFile:78)
at bU.a(SourceFile:24)
at cV.run(SourceFile:244)
at java.lang.Thread.run(Thread.java:636)
20:18.14 java.lang.UnsupportedOperationException: Desktop API is not supported on the current platform
at java.awt.Desktop.getDesktop(Desktop.java:144)
at bU.b(SourceFile:277)
at bU.a(SourceFile:78)
at bU.a(SourceFile:24)
at cV.run(SourceFile:244)
at java.lang.Thread.run(Thread.java:636)


t appears that the Java Desktop API that MagicTree is using to start OpenOffice does not work in KDE (it only works on Gnome). For more information on that issue, refer to http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6486393.

Although, the reports are successfully generated and saved in your ~/.magictree/tmp/ directory.

No comments:

Post a Comment