Rumble:In Depth Network Discovery Made Easy

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
tom here from launch systems we're going to talk about getting to know your network with rumble now let's pre-face this video before you go any further because someone may say tom was this sponsored by rumble no actually it wasn't this is completely my opinion and rumble's probably discovering this video at the same time many of you are i did not reach out to them to let them know i was even doing a video i actually signed up for a demo about a week ago but this is a really cool network discovery tool that i was well quite impressed with so i thought a lot of people might be interested in it as well now how did i find this tool is this and how i discovered the network discovery tool was listening to the risky biz podcast so big shout out to that podcast it's great if you don't listen to it i recommend it it's great if you're into the tech and infosec worlds and have to listen to the latest news but uh this was actually from a couple months ago episode 620 they did an interview with hd moore and if you're not familiar with hdmore that name maybe sounds a little bit familiar you may have heard of one of his other projects the metasploit project so if you worked at all in cyber security you're very fair with metasploit and that's actually the first thing that made me really interested in this particular tool was a a tool born out of necessity written by a hacker often just to me makes for a better tool because it's not like a ui designer trying to solve for a problem it's a hacker going i need to do something better about this discovery and he's worked on a lot of large-scale network projects and while nmap is probably the de facto standard and still a great tool for doing network discovery or device discovery on a network nmap was not quite as fast and so he invented a tool to make his job easier which turned into a tool that wow turned into a business model and does a different level of network discovery and this video is not an exhaustive list of every network discovery tool out there of course that's just something i really don't have time for but hey if some of you have some suggestions for ones you think are amazing great but uh take a look at this one first before you tell me that you think the other one's better because that would help narrow things down a little bit when you're trying to uh discover all the different tools out there all right before we dive into the details of this if you'd like to learn more about me my company head over to lawrences.com if you'd like to hire sharp project there's a hires button right at the top and network engineering consulting is a big piece of that if you'd like to support this channel in other ways there are affiliate links down below to get you deals and discounts on products and services we talk about on this channel and uh yeah those are great including the cat shirts if you're interested knows i have a whole swag store but nonetheless that's who sponsors the video is me for those of you wondering all the other opinions as i said are my own now let's actually look at the rumble discovery now their website's cool you know nice slick simple and let's cover what it is and isn't first though this is a network discovery tool this is not an active monitoring tool and this is also not an assessment tool to determine your cyber risk per se because it does not do pen testing and evaluation but it will at least grab all the header strings so you can identify you know old versions of software based on the headers that each of these devices coughs up now a thing that is just makes me happy is choose your edition and look they have a free tier a 21 day free trial where i don't have to talk to someone to try the full version of it and some base pricing on here so at least i have some idea if this is a tool in the ballpark of what we can afford and this is really targeted towards you know business owners and sysadmins or i.t business owners like myself who you know we're looking and evaluating this right now we've been evaluating it for a week and doing some network discovery tests for clients and going wow this actually sees quite a bit and a lot of detail and i think their pricing is rather reasonable on here but they do have and this is actually something important to a lot of the internal assisted men's who might be interested in this the methodology of keeping everything in-house and self-hosting if they give a whole self-hosted option so you don't have to use their cloud but when you sign up for the free one or even the one we're looking at we're looking at probably their cloud version of it because depending on the situation the client i say that because if you work in any of the government or more restrictive networks you don't want necessarily an entire asset list going into some cloud server somewhere i mean granted yes they do have full privacy disclosure but they at least do offer a self-hosted version for those you that need to lock that information down and maybe keep it completely internal but cool that they offer that as an option now how does it actually work this is where things are getting a little bit interesting and i have a whole demo account that we set up for this and i scanned a narrow segment of my network here just to throw some devices in it and it's amazing how fast it is so it took about six minutes to complete the scan of there's only 19 live assets on here uh but that's 256 ip addresses scanned with this level of detail giving me all the tcp ports udp ports open products and protocols but let's back up to how do we get there so the product works pretty simply you deploy and explore they have a windows and a linux mac and bsd version and the bsd version the first thing that had made me curious right away was hey will this work on a server that's running a router os that i like a lot specifically pf sense and yes it will matter of fact this is what's kind of interesting about the way their deployments were here is the deployment and i blurred out the rumble network explorer actual download link on the fly it will build a binary specifically that ties to your account so all you have to do is download this and run the tool really straight forward they have plenty of documentation on instruction but they have it compiled for arm so and this goes for linux and bsd so you can run this on a raspberry pi they have the x86 version which i did try in pfsense and actually worked quite well and this was pretty cool because i was able to download it and pf sense is kind of an ideal situation because it sits at the epicenter of a lot of networks where it sees all the different subnets so it can scan all the different segments and legs of the network right away now before we dive into what it discovered on my network or at least the network i allowed it to access we will talk about the demo organization that they have in here and this is kind of cool so even if you don't scan anything you just sign up for free you get the demo organization and it gives you the same kind of view but it doesn't let you deploy any uh it gives you an error message that you can't deploy anything because you know it's a demo you can't add it anymore to the demo but here's what an inventory looks like on here and one of the things that's kind of cool if your system that you installed this on and i installed this on a headless debian you know vm that i had running in my stack and then i went and installed chromium in there and what this allows to do is actually grab screenshots so as it's running through all the ports if there's a web interface on there it can actually pull up that web interface and uh yeah this is kind of cool so you have a screenshot of each thing that it found and can just scroll through interesting things that might be on any of those ports when you're looking at the assets this is where you get a lot of detail of what is this asset what is it running what's the operating system what's its id the hardware it's running it's fingerprinting is kind of the secret sauce so to speak but a lot of it's based on a lot of open source information they have a whole github where they break down more of the details on this but wow it really digs in and of course via snmp it has some layer two information it's able to get out of not every switch but some switches a lot of the popular ones including like this night gear switch right here it was able to get a ton of information more than just a screenshot so the protocol where the ports are certainty of hardware and so on and so forth being able to grab this much data and put it really quickly in literally a matter of minutes into a list makes your discovery one easy and too thorough so and as long as you have remote access to the network and might say we tested this on some clients as long as you have access to like a windows machine or a raspberry pi you can drop off at the client or even ship to them and it has access to all the segments of the network you can either run a single scan or even active scanning as in keep running the scan over and over again and then look at the differential maybe what changed on there and then it can give you all those different lists of course then you can take and build notes on the asset a couple things that are interesting and we'll look at the synology that they have in the demo here and it did do this with my network like even with our true nas device here's the synology and it lists both segments of the network the primary address and the secondary address it did this even with the two nasa's that it found on my network instead of telling me these are two different devices because it found them on each segment of a network it says no i recognize this as the same device and these are the different ips attached to it from a network discovery especially when you're doing things remotely this is sometimes a challenge because you'll see duplicated devices and you're like oh is this device actually two of them or is it one device with multiple different interfaces in different subnets and then i'm assuming in the demo network that they set up this interface is probably for all the cameras and this interface is for that now when you're looking through the assets they have really cool ways you can query things based on network based on things like just wildcard words like switch there's all the switches or you know i typed in synology there or just clear it they also let you do things like you know ssh whoops not here it's going to be under services filter for ssh we only want to see ssh or we can look for the ssh response string so it gives you a lot of different ways to pivot back and forth on the network and then when you're looking at the reports you can even do coverage of things like how much of the ip space are you using how much is utilized for each segment that you scanned and this is all the kind of breakdowns it gives i thought were really quite in depth now back over to what it looks like on this small segment of the network that we did so only scan 0.02 percent of this network because it's assuming that larger scan but it does break down in what it discovered and where it discovered it i like the way it presents the data it makes it reasonable so you can start understanding your coverage maps of how things are there also queries on existing data you can build custom queries and they have a lot of them built in here this is one i said where it looks a little bit like a vulnerability scanner because it does have stuff in there looking for things that might be vulnerable but more specifically it can look for certain query strings or recognize things like this if you look at the type of parameters it has in here if there's a certain string that you know is an indicator compromise something that might be on the network you can query against existing old queries or even new queries of all the assets so even though you discovered the string now you already have the data and then you can query against existing assets to see if that was on the network at any given time and from a business standpoint being able to query against all the clients i think they just made this really easy for me to use that's one of the reasons i made this video was just i said wow this was really easy to jump in and out of here and go all right i can get this information now because i only did a small segment network we're going to flip over to the demo to show one more thing in the report and that's the network bridging report this was really kind of interesting the way it can figure out what's bridged where and pivot off different devices this even included discovering virtualbox running on a computer that yes we know virtualbox is running at but it detected the extra subnets that virtualbox creates on an interface on a windows machine and it first was concerning when i seen i'm like why is that computer have more networks than i think it should and then realize it was just discovering that its discovery tool to be able to find those different bridges in a network are really impressive and you can find things like that where you maybe not even new virtualbox was installed and you're like why does this computer suddenly have three different subnets attached to it this can also be where someone put in another switch and accidentally bridge something from a discovery standpoint and i turned a couple friends onto this tool and they got back with me and said this thing is really found some stuff i didn't know we could scan and this is from people who are systematic who had tools and not remember what tool they were using off the top my head but they were like this found a few extra things that i thought was really interesting and you go a step further and give it access to your snmp it can obviously dig deeper so it's not just your basic inventory scan a little bit further overall though i just wanted to throw this tool out there because the question comes up and i see it come up in the comments what about network discovery what about onboarding for clients and we run and map and uh i've run maybe a couple times like angry ip scanner i'll give a shout out to that because it's sometimes quick way to find ip addresses but it's still kind of a more in-depth tool to use nmap it's great but it's not as easy as this this seems to really scratch an inch and we're looking at probably buying one of the higher tiers on this well not the highest but a higher tier based on how many clients that we have and uh being able to run regular discovery we do have discovery tools with some of what we have but i'm gonna slowly pit them against air and try to see if we can find a little more we've not been as impressed with the one that we get through enable where it seems to discover things but not quite as good uh this might be that next level that we're looking at also from a standpoint of being able to go in and quickly discover something i will tell you the one provided by enable that we use which is part of our platform that we use for whole management does not discover things in six minutes like this does the ability for this to see things at scale very fast uh makes it a pretty impressive tool and you can kind of feel that you know was built by a hacker out of need so to speak because wow being able to discover something really fast because you want to enumerate a network have all the assets at your fingertips and be able to start diving into them if you're you know let's say from the red team side and want to test the network being able to do that have that information faster than a slow methodical scan that you get with something like nmap or some of the other tools yeah i'm going to say this is uh pretty impressive either way let me know what you think down in the comments below and this will be posted over in the forums where you can find me if you want to engage further and talk about this topic and you know share with me maybe your thoughts if you've tested this product before or if you think there's a product that just works that much better than this one but hey let me know it's uh how we all learn together is you know throwing these tools out there and giving a play but i mean you can't beat the price of testing it out for free so if you want to give it a go for free on a network uh you might be just impressed with just how much it can discover or like me learn that virtualbox has extra interfaces which i knew but seeing that this was able to see them through the windows system was uh pretty enlightening and impressed me uh right off you know the first scan i had done in there all right then thanks and thank you for making it to the end of this video if you enjoyed this content please give it a thumbs up if you'd like to see more content from this channel hit the subscribe button and the bell icon to hire a shared project head over to lawrences.com and click on the hirus button right at the top to help this channel out in other ways there is a join button here for youtube and a patreon page where your support is greatly appreciated for deals discounts and offers check out our affiliate links in the descriptions of all of our videos including a link to our shirt store where we have a wide variety of shirts and new designs come out well randomly so check back frequently and finally our forums forums.laurensystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel thank you again and we look forward to hearing from you in the meantime check out some of our other videos you
Info
Channel: Lawrence Systems
Views: 32,874
Rating: 4.9890637 out of 5
Keywords: LawrenceSystems, Network Discovery Tool, network discovery tool free, network discovery tool freeware, asset management, network discovery, asset discovery, nmap scan, network discovery scanning, rumble network discovery review
Id: QtDla9ZBjDI
Channel Id: undefined
Length: 15min 35sec (935 seconds)
Published: Tue Jul 27 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.