The Network Oracle - Automated network dependency discovery tool
My take on a simple and fast network discovery tool that provides a layer 4 dependency chart.
In the vast and ever-expanding digital universe, managing and securing network infrastructures has become a Herculean task for IT professionals. Amidst this complexity lies the critical necessity for robust network discovery tools that not only illuminate the hidden corners of your network but do so with precision and efficiency.
I needed to audit a not-so-simple network and resorted to the typical netstat/arp methods and a lot of manual work. I wanted something that provided me with something that I could work on Excel, and to have a graphical representation of the network - how hosts talk amongst each other.
Enter Network Oracle, a tool designed to transform how you navigate the labyrinth of your network infrastructure, providing you with a simple layer 4 dependency chart.
Hop to my GitHub to check it out (disclaimer: I'm not a coder).
0raculoUnderstanding the Need for Network Oracle
Every network administrator knows the challenges of keeping track of an ever-evolving network landscape. From new devices constantly joining the network to the need for ensuring security compliance and optimizing network performance, the tasks are endless. Traditional network discovery methods often fall short, being either too intrusive, too slow, or not comprehensive enough. This is where Network Oracle shines, offering a solution that is both thorough and considerate of the network's operational integrity.
The result? A gorgeous mermaid chart and a SQLite DB which provides easy access to data.
The Network Oracle Advantage
Network Oracle is engineered to provide a seamless and efficient way to discover and map out network devices. Here’s how:
- Minimally Intrusive Operations: Simple ping scan using nmap, then it grabs SSH banners. If someone's home, it tries to login with
- SSH pubkey
- Known credentials list
- Rapid Discovery: Leveraging concurrent scanning technologies, it significantly reduces the time taken to map out your network.
- Up-to-date: Set it on a cronjob and forget about it. If the hosts are fresh (2 days old - can adjust on the code), they won't be scanned again.
How does it work?
Pretty simple design. For now, it's limited to Linux hosts, but WinRM is on the roadmap.
- Scan network
- Discover SSH hosts, then SSH, issue a netstat and collect results.
- Add results to the a SQLite DB. If the host was already discovered, it'll remove duplicate entries and add newly discovered ones
- Enjoy a beautiful mermaid chart.
Navigating Through Network Discovery with Network Oracle
At its core, Network Oracle simplifies network discovery. It replaces guesswork with precision and slow, cumbersome scans with swift, comprehensive insights. Here's a step-by-step guide on how it transforms network discovery:
Step 1: Setting Up and Configuration
Getting started with Network Oracle is simple. With a straightforward setup process and a user-friendly configuration system, you can tailor the tool to your network's unique needs.
Step 2: Scanning Options
Whether you're looking into a specific subnet or the entire network, Network Oracle offers the flexibility to focus your scans. The --subnet flag allows for targeted scanning, while the --exclude option ensures you skip over devices that you don't need to probe, making the scan efficient and less intrusive.
Step 3: OS Detection
Currently it's guesswork. First draft used nmap for host OS discovery but it's loud, slow, and requires root access - also, my firewall blocked me out during my tests. 🤷♂️
It currently only supports Linux hosts.
Step 4: Real-Time Updates and Reports
As Network Oracle works its magic, it keeps you in the loop with real-time updates. Once the scan is complete, it generates an intuitive Mermaid diagram, offering a visual representation of your network's topology that's easy to understand and act upon.
Todo:
WebUI and a containerised version is on the roadmap - there's some dependencies and running this on a python venv is recommended.