October 2, 2007

As Grep as it Gets?

“How many computers do you have?”

“How many servers are in your datacenter?”

“What is the scope of our computer
vulnerability assessment?”

These are frequent questions thrown
out during audits, risk assessments, and penetration tests. Unfortunately, the answer
is not always clear cut. Perhaps the designated authority is a fresh hire and has
yet to gain the requisite knowledge to properly answer the question. Perhaps there
is no asset management program. More so, perhaps the given answer (count) just does
not seem accurate.

When faced with sizing for some
flavor of scope of work, what might be a quick and easy way to get an accurate count?

Here’s a quick and dirty way to
get some empirical answers from a Windows computer without being intrusive and without
using any non-native utilities.

For the first example, let’s assume
that the client has a standard naming convention for computers; workstations begin
with “WS” and servers begin with “SVR”. Pretty common stuff.

  1. Launch a command prompt.
  • Run the following commands:

Net view | FIND “WS” gt; C:workstations.txt

Net view | FIND “SVR” gt; C:servers.txt

Now, let’s break those command strings

  1. Net
    – shows a list of computers in your Domain. The Domain is configurable via
    another command line switch (/domain:)


  1. FIND
    a somewhat neutered Grep. But the search logic is basically the same and the utility
    is flexible.


  1. gt;
    C:lt;namegt;.txt –
    pipes the output of the above commands to a text file.

The end product is a text file which
contains all of the “names” matching the FIND pattern.
Counting becomes trivial: you can run a Go
in Notepad, open the file in Word
and rely on the “Ln” count (46 lines to a page; add the number of full pages and the
leftover sum of non-full pages).

Of course, you can change the FIND argument
and you certainly do not need to output to text file if the possible number is small.
Whatever is the most efficient for the situation really.

And there you go: a non-intrusive,
all native way to get a more accurate scope.