Submitted by alla on Thu, 11/25/2010 - 15:52

Scripts and Samples | Table of Contents | Generating Reports >

Penetration testing projects often consist of same or similar tasks. MagicTree makes repeating a task easy. Both queries and commands (methods) can be saved in a repository and reused on subsequesnt projects.

A query is what you enter in Table View to extract data from the tree in a table form. A query consists of one or more triples, each consisting of field name, expression and flags. For example, the following is a query that lists all open ports and hosts:

[
["host", "//host", ""].
["port", "ipproto/port[state="open']", "leaf"]
]

A method is an executable command with the information necessary to execute it. A method contains the command itself, the input mode ("None", "Environment" or "TabSep" - see Commands Execution - Input), and the query that is used to extract the data from the tree and feed it to the command.

A repository is a location where queries and methods may be stored.

User and Project Repositories

At the moment there are two repositories. The first repository is called "Project Repository". Whenever a user executes a command, the method and the query of that command is stored in the tree. Project repository is an interface to the project file that llows searching and loading previously used queries and methods. The queries ands methods stored in the project repository are kept inside the project file (see also ProjectFileStructure).

The second repository is called "User Repository". It is intended to be used to store queries and methods that can be used on other projects. The data in the User Repository is stored in repo directory under MagicTree directory (see Files and Directories). The queies and methods are stored each in a separate file (using UUID as a file name) in XML format and are to some extend human-readable. You can exchange queries and methods with others just by copying files to and from the repo directory.

In the future we intend to implement a network repository that can be used by teams to exchange queries and methods.

Browsing and Searching Repositories

The contents of the repositories are accessed from MagicTree GUI via the Repo Browser panel. Initially it is docked on the right-hand side of the MagicTree window:



repo-browser-docked.png


You can open it by clicking on it:



repo-browser.png


The objects in the repository can have name, description and tags. It is possible to search repositories by entering keywords, that are matched against name, description and tags. It is possible to modify the name, dewcription and tags of an object by selecting it in Repo Browser, clicking on the Properties button and editing the values in the Repo Object Properties dialog:



repo-object-properties.png


It is possible to copy a repository object from one repository to another by opening the Repo Object Properties dialog for that object and then selecting the target repository in "Repository" combo-box and clicking on "Save" button.

To load a query or method stored in the repository, double click on it, or select it and click on "Load" button. The query will be executed automatically. The method will be loaded, but not executed. You need to click on "Run" button to execute it.

Please note that methods do not contain the remote host names. That is if you execute a command on a remote host, and then save it to the repository, the remote host name will not be saved. If you load it from the repository, and what to execute it remotely, you will need to enter the host name. The reasoning behind not storing the host names, is that methods may be reused under different circumstances and by different people. Storing the remote host name and user name such as "alla@www.gremwell.com" will make no sense if the same command will be executed locally or by some other person.

Saving Queries and Methods to Repositories

You can explicitly save a query or method that you want to reuse later. To save a query, in Table View click on the Save button.



save-query.png


To save a method, click on the Save button in Table View in Command Editor:



save-method.png


This will open the Repo Object Properties dialog.



repo-object-properties.png


Enter the name, description and tags, select the repository where you want to save the query or method and click on Save button.

Repositories in MagicTree do not alow duplicates. It means that you cannot store two identical queries or methods in one repository. The queries and methods are considered identical if their contents (that is, field names, expressions and flags for queries, and query, command and input mode for methods are identical). The name, description and tags are not compared. When you are saving an object to a repository the Repo Object Properties dialog will show the list of all identical objects found in all configured repositories. If you try to save the object to a repository where an identical object already exists, MagicTree will warn you about overwriting it.

Scripts and Samples | Table of Contents | Generating Reports >

Contacts

+32 (0) 2 215 53 58

Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.