http://stevemcgrath.io/ Recent content on Steve McGrath Hugo -- gohugo.io en-us © Steve McGrath 2019 Mon, 17 Aug 2020 11:07:00 +0000 http://stevemcgrath.io/post/2020-08-04-my_python_development_env/ Mon, 17 Aug 2020 11:07:00 +0000 http://stevemcgrath.io/post/2020-08-04-my_python_development_env/ I have been asked many times over the year how I have my python development environment setup, and while some of the tooling has changed a little over the years, the changes have been surprisingly minor. I figured it was about time to document what I’m using, and how I have it all setup. What I Use I have been using a Mac as my primary workstation since some time in 2004, so I will warn that some of this tooling is fairly MacOS specific, however most of it should be usable regardless of the operating system you’re on. http://stevemcgrath.io/post/2020-06-10-pytenable-v2-underway/ Wed, 10 Jun 2020 14:20:00 +0000 http://stevemcgrath.io/post/2020-06-10-pytenable-v2-underway/ As pyTenable starts to near it’s 3rd birthday, I’ve started working on a complete rewrite of the codebase. For a number of reasons, the current v1 code has become a monstrosity of tests, repeated code, and assumptions in the APIs that are no longer correct. Thats not to say that it doesn’t work, or even work well for what folks are using it for, just that code maintainability has been a concern as of late. http://stevemcgrath.io/post/2019-11-27-lxd-based_labs/ Wed, 27 Nov 2019 12:25:00 +0000 http://stevemcgrath.io/post/2019-11-27-lxd-based_labs/ I often have the need to spin up a Linux host to perform some quick testing for something, and the amount of legwork and time to get a simple VM up and running is often as time-consuming as getting the software installed to interact with it. I needed something that was quicker to get me bootstrapped, simple enough to not require me to learn a whole ton to get going, and repeatable enough for me to even write some dirty scripts to make standing something up repeatable. http://stevemcgrath.io/post/2019-11-07-integration-ua-string-standard/ Thu, 07 Nov 2019 12:25:00 +0000 http://stevemcgrath.io/post/2019-11-07-integration-ua-string-standard/ The more integrations I write the more it becomes apparent that there is no consistency in User-Agent strings for the purposes of identification of whom is making what calls. It’s something that folks are supposed to do with making API calls, yet most folks don’t even bother with it. It creates nothing but issues when the people managing the application you’re talking to doesn’t inform the admins who you are or what you’re doing. http://stevemcgrath.io/post/2019-05-07-restfly-announcement/ Tue, 07 May 2019 14:45:00 +0000 http://stevemcgrath.io/post/2019-05-07-restfly-announcement/ With all of the work thats been done with the pyTenable library, I reached a point where I was using pyTenable’s core APISession, APIEndpoint, and APIIterator classes a lot for external work. It seemed only logical to separate these base classes from pyTenable and wrap them up into their own library to act as a framework for folks looking to build their own API libraries. The end result of this is the new Python RESTfly library, which is focused on providing a basic scaffolding to make writing API libraries similar to pyTenable’s easy and and effective. http://stevemcgrath.io/post/2019-01-04-twilight-operator/ Fri, 04 Jan 2019 23:45:00 +0000 http://stevemcgrath.io/post/2019-01-04-twilight-operator/ So I decided to start looking at Visual Studio Code with most of the folks I know dropping Sublime like it’s a bad habit and see what all of the hubbub is about. I will have to say that after some tweaking I’ve been pleasantly surprised with how well VSCode works. It’s taken a lot less tweaking to get it to a point where I’m happy with it than it ever did with Sublime Text, and it even has some really nice features out of the box for Python. http://stevemcgrath.io/post/2018-11-30-pytenable-v0.3.3/ Fri, 30 Nov 2018 14:03:00 +0000 http://stevemcgrath.io/post/2018-11-30-pytenable-v0.3.3/ The pyTenable library has been rapidly evolving over the past few months. The library has seen a lot of expansion and maturation over the last several weeks. Going from version 0.1.0 at the time of last post to now 0.3.3, there has been a lot of work done to lay scaffolding for the SecurityCenter package. SecurityCenter (recently re-branded as Tenable.sc) is as large, if not larger a project as Tenable.io was. http://stevemcgrath.io/post/2018-10-03-pytenable-v0.1.0/ Wed, 03 Oct 2018 09:12:00 +0000 http://stevemcgrath.io/post/2018-10-03-pytenable-v0.1.0/ After nearly 8 months of on-and-off development (mostly off, day-job work keeps my busy), I’m proud to announce that pyTenable has hit version 0.1.0. While this may not seem like much, it’s been a lot of work to bring it across this line in the journey so far. All of the Tenable.io Vulnerability Management API are now pythonized. Further everything in the tenable_io module has been tested out (519 tests!). Tenable has also seen fit to link to pyTenable as an official module for working with our products. http://stevemcgrath.io/post/2017-07-18-nessus-monitor-image/ Tue, 18 Jul 2017 12:26:00 +0000 http://stevemcgrath.io/post/2017-07-18-nessus-monitor-image/ Considering there wasn’t any Nessus Network Monitor docker images that I could find, I decided I’d create one. Using the Nessus Scanner image as a starting point, this image should have a lot of the most common things parameterized out already. As for sniffing traffic, I’d highly encourage you to take a look at one of the earlier posts covering Docker & packet sniffing. Deploying the sensor should be a simple matter of setting up a volume for the sensor data (for persistence), linking it to a promiscuous interface, and then instantiating it: http://stevemcgrath.io/post/2017-07-18-nessus-scanner-docker_image/ Tue, 18 Jul 2017 08:10:00 +0000 http://stevemcgrath.io/post/2017-07-18-nessus-scanner-docker_image/ A lot of the Nessus Scanner docker images in Docker Hub don’t appear to be properly parameterizing a lot (or in many cases, any) of the required inputs to really get the scanner to run and connect up in an automated fashion. Further most of the images that I’ve seen out there aren’t cleaning up the identifying information the scanner created as part of install (such as the UUID, the master encryption key, etc. http://stevemcgrath.io/post/2017-07-14-docker_network_sniff/ Fri, 14 Jul 2017 17:15:00 +0000 http://stevemcgrath.io/post/2017-07-14-docker_network_sniff/ With all of the materials out there on the web revolving around docker containers, I thought that getting some sort of a docker network that containers could promiscuously sniff would have been a relatively easy thing to find. I was shocked to find out that, not only was this not the case, but that the general consensus was that you need to use either Docker’s host networking (which means that these containers can’t exist in other network name-spaces), use pass-through networking (which unless you have hardware that support SR-IOV, your out of luck), or that you resort to some serious host hacking to get the interface into the container. http://stevemcgrath.io/post/2016-10-10-trafficwatch/ Mon, 10 Oct 2016 19:26:00 +0000 http://stevemcgrath.io/post/2016-10-10-trafficwatch/ TrafficWatch is a simple node.js app I wrote after trying to get Ian Harmon’s traffic time-lapse-helper project working in Python for 30min or so on MacOS, I gave up and wrote TrafficWatch in about an hour. There are some arguments that you can specify as well if you want look at something other than Chicago traffic: –name / -n Name for the GIF in the upper-left corner –url / -u URL String for that we will be time-lapsing –interval / -i The time interval (in minutes) –duration / -d The number of minutes to run –gifout / -g The output filename for the GIF –xoffset X Offset for the crop (0 means centered) –yoffset Y Offset for the crop (0 means centered) –font Font for the name and time display in the upper-left corner (default is Arial) –fontsize Size of the text (default is 32) –fontcolor Color of the text (default is #000000b0) –directory Path for the individual screencaps (default is screenshots) –gifdelay The ms delay timer for the GIF animation (default 500) An example output would look something like this: http://stevemcgrath.io/post/2016-07-16-setting-up-pocketchip/ Sat, 16 Jul 2016 17:58:00 +0000 http://stevemcgrath.io/post/2016-07-16-setting-up-pocketchip/ So I got a couple of these fantastic little embedded systems from Next Thing, and started to try to set one of them up how I would like to see it setup. Basically I was looking for a web browser, SSH installed, and a few aliases to make things easy to work with. NOTE: All of the operations below assume a basic understanding of terminal commands! Updating the PocketCHIP and installing the software To start off, the PocketCHIP OS is slightly out of date as it’s currently being flashed, so the first thing we need to do is update the OS to current: http://stevemcgrath.io/post/2016-06-14-dofler-at-circlecitycon3/ Tue, 14 Jun 2016 10:02:00 +0000 http://stevemcgrath.io/post/2016-06-14-dofler-at-circlecitycon3/ Aside from a few hiccups that delayed getting Dofler installed and fully functional until mid-day Saturday, Dofler was a fantastical success at CircleCityCon! We discovered that the new codebase Dofler sits on was catching more entertainment than ever, including some MJPEG-based webcams: GREAT JOB to whomever is checking their MJPEG home security system via HTTP on the con network. #dofler pic.twitter.com/MiD6jSR8lz — Circle City Con (@CircleCityCon) June 11, 2016 http://stevemcgrath.io/post/2016-01-13-initial-deployment-files-release/ Wed, 13 Jan 2016 10:02:00 +0000 http://stevemcgrath.io/post/2016-01-13-initial-deployment-files-release/ I have started working through all of the various fabric files I have and started centralizing them and cleaning them up for general consumption. These fabric scripts cover a variety of tasks from deployment and maintenance of various products to deploying some of my code. I will be updating the repository as needs arise, and as always am welcome to any input. Using my fabric files is actually pretty simple, however you need to have fabric installed on your workstation before anything will work. http://stevemcgrath.io/post/2015-07-15-cugnet-vps-services-closing/ Wed, 15 Jul 2015 12:12:00 +0000 http://stevemcgrath.io/post/2015-07-15-cugnet-vps-services-closing/ After running CUGNet for a dozen or so years and having yet to break even, last week I made the hard decision to close down CUGNet’s VPS services. It was a hard choice to make, as its something that I have done for many years, however with the propensity of cloud services and VPS providers out there, What I can offer is simply not competitive and the I need to start cutting down on the number of side projects that I have been running in order to keep my own sanity. http://stevemcgrath.io/post/2015-07-15-pysecuritycenter-2-1-release/ Wed, 15 Jul 2015 00:21:00 +0000 http://stevemcgrath.io/post/2015-07-15-pysecuritycenter-2-1-release/ I’m proud to announce the general availability for pySecurityCenter version 2.1.x accessible from PyPI immediately. pySC 2.1 supports connectivity to SecurityCenter 5, which leverages a completely new RESTful API. Because of this, the pySC SecurityCenter 5 support will be an evolving process. Whats implemented today will not be changing, however many of the convenience functions that pySecurityCenter has for SecurityCenter 4.x have not been coded into the SC5 module, as enumeration for the API is still active. http://stevemcgrath.io/about/ Mon, 01 Jan 0001 00:00:00 +0000 http://stevemcgrath.io/about/ As a former Red-teamer, then Blue-teamer, before spending his last several years at Tenable, Steve has had worn a lot of hats and played a lot of roles within various organizations. Currently working as part of the Technology Alliances team within Tenable, his goal is to work with various partners to help them understand the Tenable platform APIs and steer them down the right path for smooth integrations. He has also written a lot of different pieces of software over the years, which can be referenced in his Github account and some of the larger ones referenced on the projects page. http://stevemcgrath.io/projects/ Mon, 01 Jan 0001 00:00:00 +0000 http://stevemcgrath.io/projects/ Code Dofler A network sniffer for information security conferences. pyTenable pyTenable is a python API into Tenable.io and Tenable.sc RESTfly RESTfly is a generic API library to aid in developing python modules for APIs Tenable/AWS Security Hub Writes Tenable.io Vuln data into AWS Security Hub Tenable/Google Cloud Security Command Center Integration Writes Tenable.io Vulnerability data into Google CSCC Tenable/IBM CloudPak for Security Writes Tenable.io Asset and Vuln data into IBM CloudPak for Security Tenable/Jira Cloud