Skip to content
This repository has been archived by the owner on Mar 24, 2022. It is now read-only.

Scripts to scan BOSH directors for open ports and default credentials.

License

Notifications You must be signed in to change notification settings

pivotal-legacy/bosh-cred-and-port-scan

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

What's this?

This is a set of scripts to scan a BOSH director for open ports and default credentials.

How do I use it?

Edit directors.yml to contain your directors. You can use FQDN or IP addresses.

How do I interpret the results?

If a director has both:

  • open ports
  • AND default credentials

It's vulnerable. These lines will look something like:

team1-name | 52.11.22.33 | agent mbus/mbus-password port: open creds: ✗

What do I do?

You should probably nuke vulnerable BOSH directors and their environments.

Why are there two scripts?

scan.rb has nice output like this:

team1-name:
  director-address:
    director admin/admin port: closed creds: ✓
    director hm/hm-password port: closed creds: ✓
    nats port: closed creds: ✓
    agent mbus/mbus-password port: closed creds: ✓
    agent mbus-user/mbus-password port: closed creds: ✓
    postgres port: closed creds: ~
    blobstore director/director-password port: closed creds: ✓
    blobstore agent/agent-password port: closed creds: ✓

but it's single-threaded and slow.

scan-parallel.rb has output like this:

team1-name | director-address | agent mbus-user/mbus-password port: closed creds: ✓
team1-name | director-address | agent mbus/mbus-password port: closed creds: ✓
team1-name | director-address | blobstore agent/agent-password port: closed creds: ✓
team1-name | director-address | blobstore director/director-password port: closed creds: ✓
team1-name | director-address | director admin/admin port: closed creds: ✓
team1-name | director-address | director hm/hm-password port: closed creds: ✓
team1-name | director-address | nats port: closed creds: ✓
team1-name | director-address | postgres port: closed creds: ~

and runs many scans in parallel, so it's faster ... but the output will need to be sorted afterwards.

About

Scripts to scan BOSH directors for open ports and default credentials.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages