Host discovery using twigs
As described in the earlier blog article – Getting started with twigs, one of the discovery modes supported by twigs is host discovery. In the host discovery mode, twigs will collect required metadata from the host to perform no-scan vulnerability assessments.
The host discovery mode supports local and remote discovery.
Local refers to discovery of the host which is running twigs.
$ twigs --handle email@example.com --token c8dddddd-eeee-eeee-eeee-aaca617649cc --instance acme.threatwatch.io host
$ twigs --handle firstname.lastname@example.org --token c8dddddd-eeee-eeee-eeee-aaca617649cc --instance acme.threatwatch.io --scan quick host
$ twigs --handle email@example.com --token c8dddddd-eeee-eeee-eeee-aaca617649cc --instance acme.threatwatch.io host --remote_hosts_csv ~/remote-hosts.csv
- hostname – This column is mandatory and can contain hostname or IP address or CIDR range. The CIDR range option allows organizations to easily discover multiple hosts in the same subnet.
- userlogin – This specifies an user on the specified host. It is mandatory.
- userpwd – If the user requires password-based login on the specific host, then specify the password.
- privatekey – If the user requires private key based login on the specific host, then specify full path to the private key file.
- assetid – Specify an “Asset ID” for the host.
- assetname – Specify the “Asset Name” for the host.
$ cat remote-hosts.csv hostname,userlogin,userpwd,privatekey,assetid,assetname michigan,john,johnpwd,,michigan,michigan 192.168.2.1,patrick,patpwd 184.108.40.206,ec2-user,,/root/inventory-key-pair.pem 220.127.116.11/30,sysacc,,/home/sysacc/private-key.pem
- The first line is the column header. It is recommended to simply copy-paste it “as is” in your CSV file.
- The second line is used to discover a host named ‘michigan’. It depicts how one can specify the assetid and assetname values.
- The third line specifies the host using its IP address along with user / password combination for login.
- The fourth line specifies a private key file for login.
- The fifth line specifies a CIDR rage along with user and private key.
Host discovery mode in twigs provides organizations with powerful way to discover multiple hosts in a simple and uniform manner.