Your SlideShare is downloading. ×
  • Like
Ear
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Ear

  • 306 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
306
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Transcript

  • 1. EAR(E)xtensible (A)pi for (R)econnaissance
  • 2. What/Why/How• Automatable Reconnaissance• Similar Maltego• Very early stage• Rails 2.3.8
  • 3. Pentesters care about• Organizations• Users• Domains• Devices (Hosts) / Services / Apps• Locations• etc...
  • 4. USAGEo = Organization.create :name => “masshackers” o.tasks o.run_task(“dns_tld_brute”)
  • 5. USAGEo = Organization.find_by_name(“masshackers”) o.children
  • 6. USAGEo = Organization.find_by_name(“masshackers”) o.domains o.devices o.users
  • 7. USAGEo = Organization.find_by_name(“masshackers”) o.run_task(“dns_tld_brute”) o.domains.each do |d| d.run_task(“dns_sub_brute”) end
  • 8. Background Concepts• Database Schema / Objects• Active Record (Rails ORM)• Task Manager• Object Manager
  • 9. Background Concepts• ORM makes it easy to interact w/ a view of the world.• Keep track of things you care about, but for free
  • 10. Objects• Rails makes it simple to declare objects• Migration create_table "organizations" do |t| t.string "name" t.text "description" t.string "address" t.string "email_mask" end• Class Definition def Organization end
  • 11. Object Manager• Maintains relationships between objects• Who created who? (Parent / Child)
  • 12. Tasks• Methods to make sure they can operate on an object• Setup/Run/Cleanup• Create new objects!
  • 13. Task Manager• Maintains a list of known tasks• Lets us check to see if we can operate on an object• Runs task methods in the right order (setup / run / cleanup)• Records task runs
  • 14. Objects->Tasks• Each Task has a: • allowed_types • update_types • create_types• TaskManager checks these at task run time
  • 15. Tasks -> Objects• Task has a create_object method • creates the object • uses the object manager to maintain parent child relationships
  • 16. Interacting• Rails isn’t just a web framework• script/console is super-powerful• interact directly with models
  • 17. demo!