Archives For GitHub

A couple weeks ago I blogged about my downloadOTX.sh script, which automates the collection of AlienVault OTX reports.  I hadn’t used this script in about a week, so I was surprised to see some 404 errors this morning:

$ ./downloadOTX.sh 62.141.45.205
--2015-03-09 10:47:29--  http://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205
Resolving www.alienvault.com (www.alienvault.com)... 64.62.160.26
Connecting to www.alienvault.com (www.alienvault.com)|64.62.160.26|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205 [following]
--2015-03-09 10:47:29--  https://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205
Connecting to www.alienvault.com (www.alienvault.com)|64.62.160.26|:443... connected.
HTTP request sent, awaiting response... 404 NOT FOUND
2015-03-09 10:47:30 ERROR 404: NOT FOUND.

Continue Reading…

VRFBackupTool shares the same broken function as VRFSearchAndBackup, so I decided I would update this one as well.

You can find the most recent version on it’s GitHub Repository.

As you might have noticed form this week’s blog posts, I enjoy writing code to automate tedious or time consuming tasks.  Well, maybe it might be a stretch to say I enjoy it — but I certainly reap the benefit of putting in the hard work to automate tasks that I otherwise hate performing.  I do, however, enjoy publishing much of this code on the Internet in hopes that others will find it useful and I occasionally hear from them stating such.

In a past life, as a Network Engineer, I wrote a small application which automates the ability to search a Cisco router for a VRF VPN profile and back it up to disk.  (If you’re making changes to your Cisco routers and you don’t back up your configurations before you change them, then you obviously haven’t broken one yet.)  I received a lot of feedback from other people who found this tool to be useful and use it regularly.  I also recently received word that it doesn’t work under Cisco IOS 15.4.

That sucks.

Specifically, it blows up right about here:


VRFSearchAndBackup.py v1.0.1 (2014-03-17)
-----------------------------------------

--> Index found and appears up to date.

Enter the VRF Name or IP Address you are searching for: USG-10195

+--------------------+--------------------+--------------------+
| VRF NAME | REMOTE IP ADDRESS | LOCAL IP ADDRESS |
+--------------------+--------------------+--------------------+
| ABC-12345 | 192.168.1.1 | 192.168.2.1 |
| ABC-12345 | 192.168.1.1 | 192.168.2.1 |
+--------------------+--------------------+--------------------+

Do you want to back up this configuration now? [Y/n]

--> Logging into 192.168.2.1...
--> Backing up ABC-12345 ...
Traceback (most recent call last):
 File "<string>", line 534, in <module>
 File "<string>", line 413, in searchIndex
 File "<string>", line 176, in backupVRF
AttributeError: 'NoneType' object has no attribute 'group'

C:\Applications>

Continue Reading…

One of the least glamorous parts of network security is capturing information on Internet hosts that exhibit malicious intent.  Here is a script that I’ve created to help automate the process of collecting AlienVault’s Open Threat Exchange (OTX) reports:

#!/usr/bin/sh
#
# downloadOTX.sh
#
# This script uses AlienVault's Open Threat Exchange (OTX) to download a PDF
# containing the IP reputation of the IP Addresses provided.
#
# USAGE:
# $ ./downloadOTX.sh 1.2.3.4
# $ ./downloadOTX.sh 1.2.3.4 1.2.3.5 1.2.3.6 etc.
#

# Set path to save files:
path=/Downloads/

# Set filename prefix and/or suffix:
prefix=
suffix=\_otx.pdf

for args in "$@"
do
    wget http://www.alienvault.com/apps/api/threat/pdf/?ip=$args -O $path$prefix$args$suffix
done

Continue Reading…

One of the least glamorous parts of network security is capturing information on Internet hosts that exhibit malicious intent.  Here is a script that I’ve created to help automate the process of collecting WHOIS information:

#!/usr/bin/sh
#
# downloadWHOIS.sh
#
# This script uses native whois command to return the WHOIS information
# of the IP Addresses provided.
#
# USAGE:
# $ ./downloadWHOIS.sh 1.2.3.4
# $ ./downloadWHOIS.sh 1.2.3.4 1.2.3.5 1.2.3.6 etc.
#

# Set path to save files:
path=/Downloads/

# Set filename prefix and/or suffix:
prefix=
suffix=\_whois.txt

for args in "$@"
do
    whois $args > $path$prefix$args$suffix
done

Continue Reading…

Yesterday I discovered an error in my DownloadRouterConfig application where it would terminate abnormally if a variable (a path name) in the settings.cfg file was left blank.  Should no path name be specified, the application should have used it’s current working directory.  Instead, it just crashed.

In fixing the code, I realized that all my other applications used this same function — so I corrected all of them as well.  (I also took care of a few other miscellaneous things while I was in there.  See the CHANGELOG, if interested.)  If you happen to be using any of these applications to help manage your own Cisco routers, you’ll want to pull the latest code down to prevent any possible errors in the future.

BuildVRFIndex v0.0.9-alpha (2014-03-17)
DownloadRouterConfig.py v2.2.3 (2014-03-17)
RunRouterCommand.py v1.2.0 (2014-03-17)
VRFBackupTool v0.0.9-alpha (2014-03-17)
VRFSearchAndBackup v1.0.1 (2014-03-17)
VRFSearchTool v0.0.18-beta (2014-03-17)

This isn’t a new tool, just newly discussed on my blog. 🙂

If you’ve been following any of my other Python applications I’ve written to automate tedious tasks on a Cisco router, you might have noticed that they all seem related.  Between BuildVRFIndex.py, VRFBackupTool.py and VRFSearchTool.py — you may have wondered why all these weren’t combined into a single application.  With the exception of BuildVRFIndex.py, it was always my intention to combine the VRFBackupTool and VRFSearchTool into one application.

It’s been more than 10 years before I’ve written any meaningful amount of code and that was last done in C++.  Learning Python has been an enjoyable experience — but I’m still learning the language.  I wasn’t certain that I would be able to easily (or cleanly) create the application I had in mind with Search AND Backup functionality — so I broke these functions out into separate applications until I was certain that this would be something I could accomplish with as little frustration as possible.

Having said all that, the VRFSearchAndBackup tool is the combination of the search and backup features of the other two and, in my opinion, supersedes both of the prior tools in functionality.  You can still search for a VRF Name to determine where it is without having to back it up (the application prompts you to backup upon a successful search).

There is a lot more I could say about this application but since it’s been out several weeks now and I’m just now catching up on blogging about it, you can head on over to it’s GitHub repository if you’d like to learn more or see it in action.

This isn’t a new tool, just newly discussed on my blog. 🙂

Building on the experiences of my other Python applications (namely the VRFSearchTool), I took this knowledge to the next level and created an entirely new application.  Similar in functionality to the VRFSearchTool, the VRFBackupTool will back up the VRF VPN configuration of a Cisco router when provided with the VRF Name.  Unlike the VRFSearchTool, it does not display any information regarding the VRF Name provided — it simply locates it among the index file, connects to the router(s) holding the configuration specific to the VRF Name and backs it up to a directory specified in the configuration file.

There is a lot more I could say about this application but since it’s been out several weeks now and I’m just now catching up on blogging about it, you can head on over to it’s GitHub repository if you’d like to learn more or see it in action.

My VRF Search Tool is proving to be quite useful on the job and I was looking for a way to automate some of the functionality of the tool so that it can be extended for use in other applications.  As it stands now, the index of VRF Names is only updated once a day by the first person to run the tool each day.  Since the tool is being used in a 24/7 environment, engineers working late may be working with old information.

Therefore, I’ve sought to automate the buildIndex() function of the VRF Search Tool and created BuildVRFIndex.py.  Just like the VRF Search Tool, BuildVRFIndex builds a CSV file of the VRF Name, Remote Peer IP and Local Peer IP of each VPN tunnel — but it lacks the functionality to search the index.

Unlike my other Python applications, this is the first time I’ve ventured into the use of a configuration file.  The configuration file will allow the user to pre-set the path and name of the files the application needs to run.  You can also set the username and password that will be used to log in to each of the routers.  NOTE: The password must be base64-encoded.  You can use a website like http://www.base64encode.org/ to translate your password into a base64-encoded string.

Continue Reading…

I’ve updated my VRFSearchTool to version 0.0.10-beta.

Version 0.0.9-alpha was created as a new branch to address issue #1 and issue #2.  A few individuals uses this version for nearly two weeks and did not report any problems with it.  Therefore, I merged the new branch into the master, updated the version and took the application out of pre-release.

I now consider this version to be in Beta and ready for observed use in production environments.

Should you encounter any problems with it, please create an Issue here.

Should no problems be reported, then I’ll make it official and we’ll call it good as version 1.0.0