 Tom here from one systems and we're going to talk about getting to know your network with rumble. Now Let's preface this video before you go any further because someone may say Tom was a sponsored by rumble No, actually it wasn't this is completely my opinion and rumbles probably discovering this video at the same time Many of you are I did not reach out to them to let them know I was even doing a video I actually signed up for a demo about a week ago But this is a really cool network discovery tool that I was well quite impressed with so I thought a lot of people Might be interested in it as well. Now, how did I find this tool is This and how I discovered the network discovery tool was listening to the risky biz podcast So big shout out to that podcast. It's great. If you don't listen to it I recommended it's great if you're into the tech and infosec worlds and have to listen to the latest news But this was actually from a couple months ago episode 620 They did an interview with HD more and if you're not familiar with HD more that name Maybe sounds a little bit familiar. You may have heard of one of his other projects the Metasploit project So if you worked at all in cyber security, you're very familiar with Metasploit And that's actually the first thing that made me really interested in this particular tool was a Tool born out of necessity written by a hacker often just to me makes for a better tool Because it's not like a UI designer trying to solve for a problem. It's a hacker going I need to do something better about this discovery and he's worked on a lot of large-scale network projects And while nmap is probably the de facto standard and still a great tool for doing network discovery or device discovery on a network nmap was not quite as fast and so he invented a tool to make his job easier which turned into a tool that wow Turned into a business model and does a different level of network discovery And this video is not an exhaustive list of every network discovery tool out there, of course That's just something I really don't have time for but hey if some of you have some suggestions for ones You think are amazing great, but uh take a look at this one first before you tell me that you think the other one's better Because that would help narrow things down a little bit when you're trying to uh Discover all the different tools out there. All right Before we dive into the details of this if you'd like to learn more about me right company head over to Lawrence systems.com if you like to hire a sharp project There's a hires button right at the top and network engineering and consulting is a big piece of that If you'd like to support this channel in other ways There are affiliate links down below to get you deals and discounts on products and services we talk about on this channel And uh, yeah, those are great including the cat shirts if you're interested knows I have a little swag store But nonetheless, that's who sponsors the video is made for those of you wondering all the other opinions as I said are my own Now let's actually look at the rumble discovery now the website's cool You know nice like simple and let's cover what it is and isn't first though This is a network discovery tool. This is not an active monitoring tool And this is also not an assessment tool to determine your cyber risk per se because it does not do pen testing and evaluation But it will at least grab all the header strings so you can Identify, you know old versions of software based on the headers that each of these devices coughs up now thing that is just Makes me happy is choose your addition and look they have a free tier a 21 day free trial Where I don't have to talk to someone to try the full version of it and some base pricing on here So at least I have some idea if this is a tool in the ballpark of what we can afford And this is really targeted towards, you know business owners and sysadmins or it business owners like myself who you know We're looking and evaluating this right now We've been evaluating it for a week and doing some network discovery tests for clients and going wow This actually sees quite a bit and a lot of detail And I think their pricing is rather reasonable on here But they do have and this is actually something important to a lot of the internal sysadmins who might be interested in this The methodology of keeping everything in house and self hosting it They give a whole self hosted option So you don't have to use their cloud But when you sign up for the free one or even the one we're looking at We're looking at probably their cloud version of it because depending on the situation of the client I see that because if you work in any of the Government or more restrictive networks, you don't want necessarily an entire asset list going into some cloud server somewhere I mean granted. Yes, they do have full privacy disclosure But they at least do offer a self hosted version for those of you that need to Lock that information down and maybe keep it completely internal But cool that they offer that as an option. Now, how does it actually work? This is where things are getting a little bit interesting And I have a whole demo account that we set up for this and I scanned a Narrow segment of my network here just to throw some devices in it And it's amazing how fast it is. So it took about six minutes to complete the scan of There's only 19 live assets on here But that's 256 ip address is scanned with this level of detail giving me all the tcp ports udp ports open Products and protocols, but let's back up to how do we get there? So the product works pretty simply you deploy and explore They have a windows in a linux mac and bsd version and the bsd version the first thing that had Made me curious right away was hey, will this work on a server that's running a Router os that I like a lot specifically pf sense and yes, it will matter of fact This is what's kind of interesting about the way their deployments work Here is the deployment and I blurred out the rumble network explorer Actual download link on the fly it will build a binary Specifically that ties to your account. So all you have to do is download this and run the tool Really straightforward. They have plenty of documentation on instruction, but they have it compiled for arm So and this goes for linux and bsd so you can run this on a raspberry pi They have the x86 version which I did try and pf sense and actually worked quite well And this was pretty cool because I was able to download it and pf sense is kind of an ideal situation Because it sits at the epicenter of a lot of networks where it sees all the different subnet So it can scan all the different segments and legs of the network right away Now before we dive into what it discovered on my network or at least the network I allowed it to access We will talk about the demo organization that they have in here And this is kind of cool So even if you don't scan anything you just sign up for free you get the demo organization And it gives you the same kind of view, but it doesn't let you deploy any It gives you an air message that you can't deploy anything because you know, it's a demo You can't add any more to the demo But here's what an inventory looks like on here and one of the things that's kind of cool if your System that you installed this on and I installed this on a headless debian You know vm that I had running in my stack and then I went and installed chromium in there And what this allows to do is actually grab screenshots So as it's running through all the ports if there's a web interface on there It can actually pull up that web interface And uh, yeah, this is kind of cool So you have a screenshot of each thing that it found and can just scroll through Interesting things that may be on any of those ports when you're looking at the assets This is where you get a lot of detail of what is this asset? What is it running? What's the operating system? What's its id the hardware it's running its fingerprinting is kind of the secret sauce so to speak But a lot of it's based on a lot of open source information They have a whole github where they break down more of the details on this But wow it really digs in and of course via SNMP It has some layer 2 information It's able to get out of not every switch but some switches a lot of the popular ones including like this night gear switch right here It was able to get a ton of information more than just a screenshot. So the protocol where the ports are certainty of hardware And so on and so forth being able to grab this much data and put it really quickly in literally a matter of minutes Into a list make sure discovery one easy and two Thorough so in as long as you have remote access to the network and we see we tested this on some clients As long as you have access to like a windows machine or a raspberry pi You can drop off at the client or even ship to them and it has access to all the segments of the network You can either run a single scan or even active scanning as in keep running the scan over and over again And then look at the differential maybe what changed on there And then it can give you all those different lists Of course, then you can take and build notes on the asset a couple things that are interesting And we'll look at the Synology that they have in the demo here And it did do this with my network like even with our TrueNAS device Here's the Synology And it lists both segments of the network the primary address and the secondary address It did this even with the TrueNAS is that it found on my network Instead of telling me these are two different devices because it found them on each segment of a network It says no I recognize this as the same device And these are the different IPs attached to it from a network discovery, especially when you're doing things remotely This is sometimes a challenge because you'll see duplicated devices and you're like Oh, is this device actually two of them? Or is it one device with multiple different interfaces in different subnets? And then I'm assuming in the demo network that they set up This interface is probably for all the cameras and this interface is for that Now when you're looking through the assets, they have really cool ways you can query things Based on network based on things like just wild card words like switch There's all the switches or you know, I typed in Synology there or just clear it They also let you do things like you know ssh. Whoops not here It's going to be under services Filter for ssh and we only want to see ssh or we can look for the ssh response string So it gives you a lot of different ways to pivot back and forth on a network And then when you're looking at the reports, you can even do Coverage of things like how much of the IP space are you using? How much is utilized for each segment that you scan? And this is all the kind of breakdowns they give that thought we're Really quite in depth now back over to what it looks like on this small segment of the network that we did So only scan 0.02 percent of this network because it's Assuming that larger scan, but it does break down In what it discovered and where it discovered it. I like the way it presents the data Makes it reasonable so you can start understanding your coverage maps of how things are there Also queries on existing data you can build custom queries and they have a lot of them built in here This is one he said where it looks a little bit like a vulnerability scanner because it does have stuff in there Looking for things that might be vulnerable, but more specifically it can look for certain query strings or recognize things like this if you look at the type of Parameters it has in here If there's a certain string that you know is an indicator of compromise of something that might be on the network you can query against Existing old queries or even new queries of all the assets So even though you discovered the string now you already have the data and then you can query against existing assets To see if that was on the network at any given time and from a business standpoint being able to query against all the clients I think it has made this really easy for me to use That's one of the reasons I made this video was just I said wow This was really easy to jump in and out of here and go all right. I can get this information Now because I only did a small segment network We're going to flip over to the demo to show one more thing in the report And that's the network bridging report. This was really kind of interesting the way it can figure out What's bridged where and pivot off different devices? This even included discovering virtual box running on a computer that yes We know virtual box is running on but it detected the extra subnets that virtual box creates On an interface on a windows machine and it first was concerning when I seen I'm like, why is that computer have more networks? I think it should and then realize it was just discovering that its discovery tool to be able to find those different bridges in a network Are really impressive and you can find things like that where you maybe not even knew virtual box was installed And you're like, why does this computer suddenly have three different subnets attached to it? This can also be where someone put another switch and accidentally bridge something So i'm a discovery standpoint and I turned a couple friends onto this tool and they got back with me and said this thing is Really found some stuff. I didn't know we could scan And this is from people who are sys admins who had tools and I don't know what tool they were using off the top of my head But they were like this found a few extra things that that was really interesting And you go a step further and give it access to your snp. It can obviously dig deeper So it's not just here basic inventory scan a little bit further Overall though, I just wanted to throw this tool out there because the question comes up And I see it come up in the comments a lot. What about network discovery? What about onboarding for clients and we run nmap and uh, I've run maybe a couple times like Angry ip scanner. I'll give a shout out to that because it's sometimes a quick way to find ip addresses But it's still kind of a more In-depth tool to use nmap. It's great, but it's not as easy as this This seems to really scratch an edge and we're looking at probably buying one of the higher tiers on this Well, not the highest but a higher tier based on how many clients that we have and uh Being able to run regular discovery We do have discovery tools with some of what we have But i'm gonna slowly pit them against there and try to see if it can find a little more We've not been as impressed with the one that we get through enable where it seems to discover things But not quite as good Uh, this might be that next level that we're looking at Also from a standpoint of being able to just go in and quickly discover something I will tell you the one provided by enable that we use which is part of our uh, platform that we use for whole uh management Does not discover things in six minutes like this does the ability for this to see things that scale very fast Makes it a pretty impressive tool and You can kind of feel that you know was built by a hacker out of need so to speak because wow being able to discover Something really fast because you want to enumerate a network have all the assets at your fingertips and be able to start diving into them If you're you know, let's say from the red team side and want to Test the network being able to do that and have that information faster than a slow Methodical scan that you get with something like nmap or some of the other tools. Yeah, I'm gonna say this is uh pretty impressive Either way, let me know what you think down in the comments below And this will be posted over in the forums where you can find me if you want to engage further and talk about this topic And you know share with me maybe your thoughts if you've tested this product before Or if you think there's a product that just works that much better than this one But hey, let me know it's uh, how we all learn together is you don't throw these tools out there and give it a play But I mean you can't beat the price of testing it out for free So if you want to give it a go for free on a network, uh, you might be just impressed with just how much it can discover Or like me learned that virtual box has extra interfaces, which I knew But seeing that this was able to see them through the windows system was uh Pretty enlightening and impressed me right off. You know the first scan I had done in there. All right, and thanks And thank you for making it to the end of this video if you enjoyed this content Please give it a thumbs up if you like to see more content from this channel Hit the subscribe button and the bell icon to hire a share project head over to laurance systems.com And click on the highest button right at the top to help this channel out in other ways There's a join button here for youtube and a patreon page where your support is greatly appreciated For deals discounts and offers check out our affiliate links in the descriptions of all of our videos Including a link to our shirt store where we have a wide variety of shirts and new designs come out well randomly So check back frequently And finally our forums forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel Thank you again, and we look forward to hearing from you in the meantime check out some of our other videos