Our Blog

BroadView V4 Attributes

Reading time ~3 min

Following on from Evert’s posting about the new BroadView v4, I’d like to showcase a specific aspect of BV that we’ve found useful, namely Attributes. These are small pieces of data collected and maintained for each host scanned by BV including somewhat mundane bits of info like IP address and OS but, they also include some really tasty morsels about remote hosts that are scanned. Attributes are collected on a per-scan-per-host basis, and are populated by each test that runs during the scan. Since attribute population is dependent on the selected tests, the set of Attributes available to you would vary according to you configuration.

Consider the trivial attribute Network.TCP.HTTP.Banner; this doesn’t require credentials to acquire and is stored by a test that detects webservers. On the other hand, the test that stores Users.Microsoft.Windows.Group.SystemOperators.Members would require domain credentials in order to pull the needed info. This is common inside of organisations, where BV is primarily intended.

To help me explain the power of Attributes a little easier, here are a few scenarios:

Your IT manager wants to know which Windows machines are missing the new MS10-018 patch. Instead of trawling through all the latest scans looking for hosts that are affected , you simply:

  1. Login to BroadView
  2. Click Attributes
  3. Select Patches.Microsoft.Windows.Missing
  4. Click MS10-018
  5. Download CSV
  6. Done

Perhaps you have rolled-out a new WSUS system and need to find all the Windows hosts still configured with the old WSUS server name. Again:

  1. Login to BroadView
  2. Attributes
  3. Config.Microsoft.Windows.WSUS.Server
  4. Click the name of the old WSUS server
  5. Download CSV
  6. Done

Or you are trying to find all the hosts with a specific piece of software installed (e.g. uTorrent). Click Attributes >> Software.Installed.Microsoft.Windows >> uTorrent >> Download CSV.

One of the IT techies gives you a call:

Bob: Hey Steve
Steve: Ahoy
Bob: Do you know which FTP servers on the network allow Anonymous access?
Steve: Ofcourse I do
Login to BroadView >> Attributes >> Network.TCP.FTP.IsAnonymousAccessAllowed >> True >> Download CSV
Steve: You got mail
Bob: Awesome, thanks

As you can see the power and extensibility of BroadView Attributes is (according to opinions from the office) Simply Astonishing(tm). We are currently working with our Assessment team to include Attributes that would allow them to very quickly pull a list of all “low hanging fruit” vulnerabilities when performing an internal Pen Test.

Currently we collect just over 50 attributes, but are adding new ones as we either think of or clients request more. The full list is:

Patches.Microsoft.Windows.MissingServices.Microsoft.Windows.Running
Users.Microsoft.Windows.Local.LastLoggedIn
Users.Microsoft.Windows.Local.NeverLoggedIn
Users.Microsoft.Windows.Local.PasswordNeverExpires
Users.Microsoft.Windows.Group.AccountOperators.Members
Users.Microsoft.Windows.Group.BackupOperators.Members
Users.Microsoft.Windows.Group.PrintOperators.Members
Users.Microsoft.Windows.Group.Replicators.Members
Users.Microsoft.Windows.Group.SystemOperators.Members
Users.Microsoft.Windows.Network.NeverChangedPasswords
Users.Microsoft.Windows.Network.NeverLoggedOn
Users.Microsoft.Windows.Network.PasswordNeverExpires
Users.Microsoft.Windows.ActiveDirectory.Group.Members
Users.Microsoft.Windows.ActiveDirectory.AccountsOld.Members
Users.Microsoft.Windows.ActiveDirectory.AccountsStale.Members
Users.Microsoft.Windows.ActiveDirectory.AccountsBadLogins.Members
Users.Microsoft.Windows.ActiveDirectory.AccountsOldPassword.Members
Users.Microsoft.Windows.ActiveDirectory.AccountsPasswordNeverSet.Members
Users.Microsoft.Windows.ActiveDirectory.AccountsDisabled.Members
Users.Microsoft.Windows.ActiveDirectory.AccountsLocked.Members
Config.Microsoft.Windows.Domain.IsCorrect
Config.Microsoft.Windows.Domain.Value
Config.Microsoft.Windows.WSUS.Server
Config.Microsoft.Windows.WSUS.Server.IsConfigured
Config.Microsoft.Windows.WSUS.Server.Value
Config.Microsoft.Windows.MachineName
Debug.Network.IsHostAccessible
Debug.Microsoft.Windows.Registry.Access.Full
Debug.Microsoft.Windows.Registry.Access.Read
Debug.Microsoft.Windows.Registry.Access.Fail
Debug.Microsoft.Windows.Privileges.Admin.Full
Debug.Microsoft.Windows.Privileges.Admin.Fail
ServicePacks.Microsoft.Windows.Win2k3.Value
ServicePacks.Microsoft.Windows.Win2k3.IsInstalled
ServicePacks.Microsoft.Windows.NT4.Value
ServicePacks.Microsoft.Windows.NT4.IsInstalled
ServicePacks.Microsoft.Windows.Win2k.Value
ServicePacks.Microsoft.Windows.Win2k.IsInstalled
ServicePacks.Microsoft.Windows.XP.Value
ServicePacks.Microsoft.Windows.XP.IsInstalled
Software.Microsoft.Office.Value
Software.Microsoft.Office.IsInstalled
Software.Microsoft.SMSAgent.IsInstalled
Software.Microsoft.SMSAgent.IsRunning
Software.Microsoft.SMSAgent.IsInstalled
Software.Microsoft.SMSAgent.McAfee.EPOAgent.IsInstalled
Software.AntiVirus.Linux
Processes.Microsoft.Windows
Network.TCP
Network.TCP.FTP.IsAnonymousAccessAllowed
Network.TCP.SMTP.IsRelayAllowed
Network.TCP.HTTP.Banner
Network.TCP.HTTP.Directories
Network.TCP.Banner
Network.TCP.SMB.Direcotories
Network.UDP.DNS.ReverseDNS
Network.UDP.LDAP.BaseObject