Monthly Archives: July 2013

Kismet Log Viewer v2 Tool Released

Secure Ideas actively supports open source and giving back
to the community. In that light, we’re announcing the release of an updated tool
for parsing and viewing Kismet log files.

Kismet is a fantastic tool for wireless network assessments.
It passively detects networks, SSIDs, and with enough time can even decloak
hidden networks by capturing the name from clients that connect. And with an
extensible plugin architecture, it can even sniff other, non-802.11, types of
wireless traffic.
One common use during a wireless assessment is to walk or
drive the facilities of a client to determine what wireless traffic is actually
being used. Then that information can be compared to documentation of what the
client believes should be in use. Often times we find misconfigurations,
unapproved use, and even unauthorized devices that have been added to the
network.
One area that Kismet stumbles though is the ability to
easily review log files after the assessment. During the assessment, viewing
data and activity is very easy and accessible, but later when you’re trying to
analyze the results it’s more difficult. Kismet creates a LOT of log data, and
most of it is in XML or CSV format that makes it easy to parse, but there is no
native functionality to view those logs.
Several years ago a number of tools had been released that
parsed and presented this log data in an easy-to-read HTML format. Unfortunately
with changes to the Kismet structure and log format, none of those tools still
work correctly. 
To remedy that, today I’m releasing Kismet Log Viewer v2, an
update to the original Kismet Log Viewer released by Brian Foy in 2003. KLV v2
reads in multiple Kismet .netxml files, summarizes the data, and outputs an
HTML or CSV file.
This initial release has some limitations. Like most
development, functional priority was based on necessity; I wrote what I needed
first. But I plan to continue extending the tool to add more functionality.
So without further ado, here’s the links you care about:
Kismet Log Viewer v2:
And here’s an example report:
Hopefully you’ll find this tool useful. If you find
problems, or have suggestions, please feel free to contact me.

Nathan Sweaney is a Senior Security Consultant for Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at nathan@secureideas.com or visit the Secure Ideas – Professionally Evil site for services provided.

Professionally Evil Toolkit – BozoCrack

Professionally Evil Toolkit – BozoCrack

This week I’ve been teaching a class on web app security for developers and I remembered a fun little script that I thought I’d share here.  That script is BozoCrack, written by Juuso Salonen.  I’d give my description of what this tool does, but I’ll use Juuso’s words from his GitHub page instead.  It’s pretty classic.… Continue Reading

Professionally Evil Toolkit – Reconnoiter

Professionally Evil Toolkit – Reconnoiter

In this series of the Professionally Evil Toolkit we will be talking about Reconnoiter. Reconnoiter was created by Secure Ideas very own Jason Wood. Reconnoiter is a set of scripts written in python to help aid in the reconnaissance phase of a penetration test.  The tool has two main functions, username generation and LinkedIn profile harvesting. The… Continue Reading

Who We Are: Thom Dosedel

Who am I: Thom Dosedel, Senior Security Consultant at Secure Ideas.  What do I do at Secure Ideas: Like my fellow consultants, I participate in both internal and external penetration tests performing structured attacks on network, web, wireless, or mobile environments.  We also perform architecture reviews, provide defense based analysis and recommendations. What is my… Continue Reading

SamuraiWTF 5th Anniversary Giveaway

I am very excited to be writing this entry.  As of August 10, 2013 the SamuraiWTF project will be five years old!  It’s been quite a run and I am looking forward to a long future.  This project has meant a lot to me and I am honored to have so many great people as… Continue Reading

Why Do Phishing As Part of Security Testing

I was recently watching a web cast on incident response and found myself thinking about the cause of the example incident.  It was yet another instance where phishing emails were sent, desktops were owned and data left the victim’s network.  I’m not sure how many presentations, web casts and papers that I’ve listened/read that point… Continue Reading