Submitted by alla on Thu, 11/25/2010 - 15:52

Using BackTrack | Table of Contents | Security Considerations >

Contents

  1. Adding Initial Data

  2. Using The Data

  3. Running Commands

  4. Monitoring Command Execution

  5. Generating Reports

  6. Saving your Work

1. Adding initial data

You start with adding the initial data. For example, you add the IP addresses or network blocks that are in scope of the test. The easiest way to do it is to press Ctrl+N, type in the IP address (i.e. 192.168.1.1) or the network block (i.e. 192.168.1.0/24) and press Enter. MagicTree automatically creates a subtree called "testdata" and a node for the IP address or netblock that you have entered:



Auto-created host node


For more information on entering the data see Entering Data

2. Using the data

Now you can feed the data in the tree to programs and scripts. MagicTree stores data in a tree structure. This is a natural way for representing the information that is gathered during a network test: a host has ports, which have services, applications, vulnerabilities, etc. The tree-like structure is also flexible in terms of adding new information without disturbing the existing data structure: if you at some point decide that you need the MAC address of the host, you just add another child node to the host node.

While tree structure is natural for representing the information, it is not very convenient for actually using the data. To feed data to programs we generally want lists or tables of items. MagicTree allows extracting the data and presenting it in table (or list) form. The query interface uses XPath expressions (see also XPath Crash Course) to extract data.

So, suppose now we want to run a ping sweep on all targets in scope. First we select them, using a query:



Query that selects all netblock nodes and the result of the query in the table


See Analyzing Data for details on creating queries.

3. Running Commands

Now we have extracted the list of targets from the tree we can feed it to any program or script. The data is presented as a table with tab-separated columns and newline separated rows.

Some programs accept input as a file. For example nmap can be fed a list of targets using -iL option:

nmap -iL mytargets.txt

Other tools take input as command line parameters. For example, nikto takes the host name using -host parameter:

nikto -host www.gremwell.com

MagicTree supports both ways. It can either start a program or script feeding it the whole content of the table via a file or start several instances of a program or script, feeding each the contents of one table row via individual command-line parameters.

To feed the contents of the table via a file, select the "TabSep in $in file" input mode in the command editor.



Feeding query results via an input file


To feed the contents of the table via individual parameters select "Environment" input mode. When the "Environment" input mode is used, MagicTree starts one instance of a program or script specified in the common line for each highlighted table row (so you can select which rows you want processed). Before executing the command it creates an environment variable for each table column and initializes it to the value of the column cell. This way the contents of the table can be used in the command line.



task-input-environment.png


In the example above, the command line contains:

nikto -host $host -port $port

MagicTree will start two instances of nikto:

nikto -host 192.168.1.101 -port 80

and

nikto -host 192.168.1.100 -port 80

MagicTree uses a convention for capturing the command output. If a command can write its output to a file and it is possible to specify the filename on the command line, use $out as a file name prefix, for example:

nikto -host $host -port $port -Format xml -o $out.xml

MagicTree will automatically picks up all files that start with a prefix specified by $out and store them within the project file. XML files produced this way can be imported into the tree, allowing to keep track of which data item was produced by which program (see also Tracing data Origin).

For more information on executing commands with MagicTree see Commands Execution

4. Monitoring Command Execution

MagicTree runs the commands started by the user in background. The Tasks panel allows seeing the the running and finished commands, accessing the console and viewing and importing task output:



Task View Panel showing running and finished tasks


When a task is finished, its output becomes available to MagicTree. Usually there is at least one output file containing the STDOUT and STDERR output. More output files can be produced using $out naming convention (see CommandExecution - Output Files). Selecting the task and selecting the "Output Files" tab allows viewing the contents of the task output. If a task outputs an XML file, it is possible to select it and merge it into the tree by clicking the "Import" button.

Running tasks can be killed. Finished tasks can be deleted, provided that their output was not imported into the tree.

5. Generating Reports

Data stored by MagicTree can be used for generating reports. The reports may be produced in Microsoft Word 2007 Docx format (Open XML) or in OpenOffice Writer .odt format (OpenDocument). You can use the sample report templates that ship with MagicTree, customize them, or make your own templates. For more information on how to create report templates see Generating Reports

To generate a report, select Report→Generate Report... from the menu and in the "Generate Report" dialog select the report template you want to use, either by selecting recently used template from the drop-down list or by clicking the Browse... button and selecting a report template file.



Generate Report dialog box


You can view and edit the selected report template by clicking the Edit button. It will start Microsoft Word or OpenOffice Writer (depending on the type of template file you have selected) and open the selected report template.

After selecting the report template, click on "Generate Report" button to start the report generation. It may take a while.

Once the report is generated it will be opened in Microsoft Word or OpenOffice Writer. You can edit it and save it.

6. Saving your Work

Like with any other application, you can use "File/Save" and "Save As ..." to create a compressed snapshot of your working directory and save it as a single file. We suggest to use .mt extension, but this is not enforced.

Magic-tree has auto-save feature, by default set to 10 minutes. It does not create a compressed file, but instead flushes all data from the running MagicTree into the working directory. Should things go wrong and magictree crash, your data can be restored from there. At least it is the idea.

To switch-off auto-save feature, set "autosave-period-minutes=0" in settings.properties.

Using BackTrack | Table of Contents | Security Considerations >

Contacts

+32 (0) 2 215 53 58

Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.