outputpbnj.1p

Langue: en

Version: 2006-11-06 (debian - 07/07/09)

Section: 1 (Commandes utilisateur)

NAME

  OutputPBNJ - a program to query a PBNJ 2.0 database.
 
 

SYNOPSIS

  outputpbnj [Query Options] [Database Options] [General Options]
 
 

DESCRIPTION

  OutputPBNJ uses a query yaml config file to execute queries against 
  the PBNJ 2.0 database. OutputPBNJ returns the result in various 
  output types (csv, tab and html).
 
 
  Apart of PBNJ 2.0 suite of tools to monitor changes on a network.
 
 

OPTIONS

  Usage: outputpbnj [Query Options] [Config Options] [General Options]
  Query Options:
    -q  --query <name>     Perform sql query
    -t  --type <type>      Output Type [csv,tab,html]
    -f  --file <file>      Store the result in file otherwise stdout
        --both             Print results and store them in a file
        --dir <dir>        Store the result in this directory [def .]
 
 
    -l  --lookup <name>    Lookup description based on name
        --list             List of names and descriptions
    -n  --name             Lookup all the names
    -d  --desc             Lookup all the descriptions
    -s  --sql              Lookup all the sql queries
 
 
  Config Options:
         --qconfig <file>  Config of sql queries [def query.yaml]
         --dbconfig <file> Config for accessing database [def config.yaml]        
         --dbdir <dir>     Directory for Config file [def .]
 
 
         --data <file>     SQLite Database override [def data.dbl]
 
 
  General Options:
        --test <level>     Test Level
        --debug <level>    Verbose information
    -v  --version          Display version
    -h  --help             Display this information
 
 
  Send Comments to Joshua D. Abraham ( jabra@ccs.neu.edu )
 
 

THINGS TO NOTE

  * OutputPBNJ requires root privileges to query a database that is
  owned by root. Thus, if you are scanning with ScanPBNJ you will need
  to run OutputPBNJ with root privileges to access the database.
 
 
  * If there are configs in the current directory, they are used
  instead of those in the user's config directory.
 
 

Query Options


-q --query <name> Perform sql query

  This option is where the actual query is specified. Therefore, once
  you know the query you wish to use simply pass it as an argument to
  this option.
 
 

-t --type <type> Output Type [csv,tab,html]

  This options is used to specify which output format you wish to use.
  For example, if you would like to have output that you can show
  someone else the CSV format is useful because you can simply pull the
  file into OpenOffice Calc or Excel as it is a comma delimited file.
 
 

-f --file <file>

  This option is used to specifiy output to a file rather than standard
  output. This is useful if you want to grow the results of queries as
  the result will be added onto the end of the file.
 
 

--both

  This option is used when you want both output to standard output, as
  well as to a file. This will save the result to a file if you are
  having the result sent to the screen or piped to your email which you
  may or may not disregard.
 
 

--dir <dir> Store the result in this directory [default .]

  This option is used with the writing to a file. This option will
  store the file in a alternative directory than the current directory.
 
 

-l --lookup <name>

  This options is used to lookup the description of a specific query.
  This will return the description of the query.
 
 

--list List of names and descriptions

  This option is used to return a list of all the queries with the
  names and descriptions. This is very useful when you are starting to
  use OutputPBNJ or using a new query config.
 
 

-n --name

  This option is used to print the all the query names.
 
 

-d --desc

  This option is used to print the all the query descriptions. This is 
  useful to find out all the queries do.
 
 

-s --sql

  This option is used to print the all the queries. This is useful for 
  developing new queries based on other queries.
 
 

Config Options


--qconfig <file>

  Config of sql queries [default query.yaml]
 
 
  This option is used to specify an alternative query.yaml file.
 
 

--dbconfig <file>

  Config for accessing results database [default config.yaml]
 
 
  This option is used to specify an alternative config.yaml file.
 
 

--dbdir <dir>

  Directory for Config file [default .]
 
 
  This option is used to specify an alternative directory for the
  config.yaml file.
 
 

GENERAL OPTIONS


--test <level>

  Increases the Test level, causing OutputPBNJ to print testing
  information about the Query. Using the Test level is mostly only
  using for testing. This will also print the debugging information so
  it can get rather lengthy. The greater the Test level the more output
  will be given.
 
 
  This option is also used for reporting bugs. All bug reports should
  be submitted using --test 1 and an additional report may be needed
  depending on the issue
 
 

--debug <level>

  Increases the Debug level, causing OutputPBNJ to print more
  information about the query in progress. The higher the debug leve
  the more output the user will receive.
 
 

-v --version

  Prints the OutputPBNJ version number and exits.
 
 

-h --help Display this information

  Prints a help screen with the command flags.
  Running OutputPBNJ without any arguments does the same thing.
 
 

FILES

  PBNJ's data files are stored in ScanPBNJ and OutputPBNJ. When either
  of these programs is run the configuration files will be generated
  for the user if they do not already exists and placed in the
  $HOME/.pbnj-2.0 directory. Again, if there is a configuration file in
  the current directory it is used instead of the version in the
  configuration directory.
 
 
  $HOME/.pbnj-2.0/config.yaml - holds settings for connecting to the
  database which store the information from PBNJ scans.
 
 
  $HOME/.pbnj-2.0/query.yaml - lists all queries that can be used to
  retrieve information from the database. Also, includes the name and
  description for each query. This is only generated when you executed
  OutputPBNJ.
 
 
  For Windows, the pbnj-2.0 config directory is in the APPDATA
  directory, which contains both config.yaml and query.yaml. Depending
  on your environment, the APPDATA directory may be a different location
  from other environments. Therefore, when the configs are executed for
  the first time they will display the path where the configs were 
  generated.
 
 

QUERY

  The query.yaml file contains the list of various names, descriptions
  and sql queries that can be executed by OutputPBNJ.
 
 
  Here is one example:
 
 
  - name: vulnssh
    desc: list all of the services that have old ssh running
    sql: |-
     select S.updated_on,M.ip,S.service,S.port,S.version from services
     as S, machines as M where service='ssh' and state='up' and
     version!='4.1p1'
 
 
  This examples shows how the name, description and sql are layed out in
  the yaml format. Therefore, we know the name of the query is vulnssh
  and it's purpose is to list SSH servers which are not running
  a version 4.1p1. It is very easy to create another script that would
  check for the latest version of a given service and therefore the
  user would be able to verify that that particular service needed to
  be updated on the machine that was scanned.
 
 

FEATURE REQUESTS

  Any feature requests should be reported to the online
  feature-request-tracking system available on the web at: 
  http://sourceforge.net/tracker/?func=add&group_id=149390&atid=774489
  Before requesting a feature, please check to see if the features has
  already been requested.
 
 

BUG REPORTS

  Any bugs found should be reported to the online bug-tracking system 
  available on the web at :  
  http://sourceforge.net/tracker/?func=add&group_id=149390&atid=774488.  
  Before reporting bugs, please check to see if the bug has already been
  reported.
 
 
  When reporting PBNJ bugs, it is important to include a reliable way
  to reproduce the bug, version number of PBNJ and Nmap, OS
  name and version, and any relevant hardware specs. And of course,
  patches to rectify the bug are even better.
 
 

SUPPORTED DATABASES

  The following databases are supported:
 
 
  * SQLite [default]
  * MySQL
  * Postgres
  * CSV
 
 

DATABASE SCHEMA

  The following is the SQLite version of the database schema:
 
 
  CREATE TABLE machines (
             mid INTEGER PRIMARY KEY AUTOINCREMENT,
             ip TEXT,
             host TEXT,
             localh INTEGER,
             os TEXT,
             machine_created TEXT,
             created_on TEXT);
  CREATE TABLE services (
             mid INTEGER,
             service TEXT,
             state TEXT,
             port INTEGER,
             protocol TEXT,
             version TEXT,
             banner TEXT,
             machine_updated TEXT,
             updated_on TEXT);
 
 

SEE ALSO

  scanpbnj(1), genlist(1), nmap(1)
 
 

AUTHORS

  Joshua D. Abraham ( jabra@ccs.neu.edu )
 
 
  This program is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details at
  http://www.gnu.org/copyleft/gpl.html, or in the COPYING file included
  with PBNJ.
 
 
  It should also be noted that PBNJ has occasionally been known to crash
  poorly written applications, TCP/IP stacks, and even operating systems.
  While this is extremely rare, it is important to keep in mind.  PBNJ
  should never be run against mission critical systems unless you are
  prepared to suffer downtime. We acknowledge here that PBNJ may crash
  your systems or networks and we disclaim all liability for any damage
  or problems PBNJ could cause.