Boxing Octopus

Browsing Category DevSecOps

DevSecOps

Adventures in Re-Platforming: Part 1 – A New Home

The last year or so has been interesting for me. For those of you who don’t know, I’m getting married this October. This is relevant because as everyone knows, WEDDINGS ARE EXPENSIVE.

With that in mind, and in an effort to save some money, I’ve been trying to scale back on what I spend on hosting for sites like this one. I have a ton of side-projects, and normally, to fulfill the needs for those projects I’d look to DigitalOcean, AWS, or <INSERT NAME OF CLOUD PROVIDER HERE>, but that gets pretty expensive after a while. In addition, those platforms, for as vaunted and wonderful as they are, are often far too complex and nuanced for the relatively simple work I want to do.

Solution: Buy dedicated servers from a hosting company, and set up the infrastructure to run these sites (and SO much more) myself.

Sounds even more expensive right? Well, through one of my colleagues (thanks Stephen!) I’ve managed to find a hosting company called Joe’s Datacenter. Stephen has been stanning for these guys for almost as long as I’ve known him; he tends to stan a lot of weird underdog crap, like Blackberry (he used to work for them), or Garmin smartwatches (which, if you own a Garmin smartwatch, maybe go checkout some of Stephen’s apps), so when he mentioned these guys, and their, well…INTERESTING branding, I kinda brushed them off as just another “Stephen thing”. But then I decided I’d been acting like a dismissive jackass, so I looked into their prices, and thought “Y’know what? Screw it. Let’s do this.”

I have to say I’m several months into this project, and I’m very pleased with the level of support I’ve received from Joe and his Datacenter. It’s not a white-glove service, but that’s fine, that’s expected. They’re providing a no-frills service that does EXACTLY what it does on the tin. Uptime is fantastic, and support tickets get answered quickly. In addition to that, there are some great perks! You can get up to an additional 13 IPs for each dedicated server you own (which, in an era where IPv4 addresses are scarce as hell, is HUGE), and the list of operating systems you can install on your machine is pretty decent (they even include VMWare ESXi!)

At this point, what I’ve managed to accomplish, is the following:

  1. I’ve set up a Docker environment on both machines (which is fronted by Portainer)
  2. Since not every application and/or platform runs nicely in a containerized environment, I’ve also set up KVM as a bare-metal hypervisor for running Virtual Machines.

What I’m currently working on (and will be posting about in the future):

  1. Centralized authentication courtesy of OpenLDAP + Atlassian Crowd
  2. Central Control Plane for KVM guests
  3. DevOps/CICD platform

That’s about it for now, but watch this space for how-tos and tutorials in future which relate to this project.

DevSecOps / infosec

How to Make Nmap Output Prettier: Part 2 – Nmap Bootstrap XSL

In part 1, I showed you how to make Nmap output prettier on the console by transforming Nmap’s output into JSON and YAML. But maybe you want something web-facing, say for a report or for a dashboard. Fear not, there are a couple of solutions for this. The first I’ll discuss, is adding custom XSL stylesheets to Nmap’s XML output format.

In this case, a lot of the work of making things look fancy has been done for us by Andreas Hontzia and his nmap-bootstrap-xsl project, which applies Twitter’s Bootstrap CSS to XML via XSL stylesheet rules.

The easiest way to leverage this XSL stylesheet is by simply referencing it in your Nmap command, like so:

nmap -sS -T4 -A -sC -oA scanme \
     --stylesheet https://raw.githubusercontent.com/honze-net/nmap-bootstrap-xsl/master/nmap-bootstrap.xsl \
     scanme.nmap.org scanme2.nmap.org

Once your Nmap scan finishes, you should end up with an HTML file which you can open in a browser. The end result should look something like this:

Not bad, but having a bunch of static HTML lying around is kinda ugly in my opinion. So what if we could turn these into a dynamic web dashboard where you could drill down into scans and get really in-depth, AND also generate PDF reports…For that, we need Rev3rseSecurity‘s WebMap tool.

WebMap is an EXTREMELY powerful dashboard for Nmap scans; written in Python using the Django web framework, Rev3rseSecurity recommends that their tool be set up in a Docker container, so that’s what we’ll do.

However, I’m going to save WebMap for part 3, as I intend to also show you how to leverage tools like DigitalOcean’s “Spaces” Object Storage solution to store your Nmap scan data for WebMap.