Skip to content

To Do

Jump to bottom
nepJIywa edited this page Oct 19, 2018 · 77 revisions

Global roadmap:

  • Visual graph of vlan connections
  • Documentation
    • to document each function — what it does, what it takes to input, what it outputs
    • to document function contents — what is the logic inside
  • To implement the following checks:
    • Проверки с IPv6 L2
      [ ! ] packet fragmentation
      • snooping
      • source guard
      • destination guard
      • RA guard
      • DHCPv6 guard
    • Storm-control
    • STP
    • CDP
    • IPSEC
      • ike версия
  • Checks withous vlanmap
    • global options
  • Checks with vlanmap
  • Обернуть в установщик (setup.py)
  • Система оценки результата
  • Парсинг описания вланов по словарю с попыткой автоматом назначить критичность
  • Check if unused services are disabled
    Необходимо проверить, что из этого выкл. по умолчанию в новых версиях и тогда просто выводить ворнинг о том, что возможно используется. Или самим чекать версию и вывадить правильные алерты
    • Link Layer Discovery Protocol

Future tasks

  • Add support of https://github.com/CiscoPSIRT/openVulnAPI
  • Filmware/device check in ExploitDB API
  • Output to html report commands to fix unused/dangerous options + copy button
  • Results filter in html
  • User's password bruteforce
  • NTP + NTP Authentication
  • Check SNMP options + легкий брут сообщества (?)
  • ICMP Packet Filtering (Permit ICMP Echo (ping) from only trusted management stations)
  • ARP Proxy - potentially dangerous (warning)
  • Syslog
  • IPv6 bad policies
  • Automatically replace dangerous options to safe ones
  • Getting configs list by IP
  • Tool banner

Should we add that?

  • Buffer Overflow: Detection and Correction of Redzone Corruption
  • Memory Leak Detector

Future tasks 2. Router's checks

  • OSPF, EGRP
    • Routing Protocol Authentication and Verification with Message Digest 5
  • HSRP
    • use MD5 authentication
  • BGP security features
    • TTL-based Security Protections
    • BGP Peer Authentication with MD5 (not password 7)
    • maximum-prefix ? (warning)
  • Cisco openVulnAPI

Result view

Output to console:

['check_name','status']

Output to html:

['check_name','status','best practice']

Checks result colors

0 - bad (red)
1 - warning (yellow)
2 - good (green)
3 - neutral (white (black in html))

Clone this wiki locally