PBNJ Version 2.04

by Joshua D. Abraham ( http://pbnj.sf.net )

********************************************************************
COPYRIGHT

Copyright(C) 2005 - 2006 Joshua D. Abraham ( jabra@ccs.neu.edu )

This program is free software you can redistribute it and /or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301
USA.

********************************************************************

PBNJ - a suite of tools to monitor changes on a network.

OVERVIEW

    PBNJ is a network suite to monitor changes that occur on a network
    over time. It does this by checking for changes on the target
    machine(s), which includes the details about the services running on
    them as well as the service state. PBNJ parses the data from a scan
    and stores it in a database. PBNJ uses Nmap to perform scans.

    It should be noted that when performing a scan using PBNJ will be
    detected by an IDS, which will alert the Network Admin that a scan 
    is being performed.


WHAT IS NEW IN VERSION 2.0

    The PBNJ 2.0 is completely different from PBNJ 1.0. The most drastic
    change is that PBNJ 2.0 stores the information from a scan in 
    database. It also has queries that can extract the information that is
    most useful to the user. When the user wants to extract information,
    PBNJ extracts the information into a Perl data structure, so there 
    can be multiple output methods such as tab, csv and html. PBNJ 2.0 
    can also accept input from Nmap in XML format. This allows PBNJ to 
    be more flexbile than version 1.0.

PROGRAMS
    
    PBNJ include 2 main programs, ScanPBNJ and OutputPBNJ. It also
    includes a program called Genlist.

    ScanPBNJ - a program for running Nmap scans and storing the results in
    a PBNJ 2.0 database.

    OutputPBNJ - a program to query a PBNJ 2.0 database.

    Genlist - ping scanner

FILES
    
    PBNJ's data files are stored in ScanPBNJ and OutputPBNJ. When
    either of these programs is run the configuration files will be
    generated for the user if they don't already exists and placed in
    the $HOME/.pbnj-2.0 directory. Again, if there is a configuration
    file in the current directory it is used instead of the version in
    the configuration directory.

    $HOME/.pbnj-2.0/config.yaml - holds settings for connecting to the
    database which store the information from PBNJ scans.

    $HOME/.pbnj-2.0/query.yaml - lists all queries that can be used to
    retrieve information from the database. Also, includes the name
    and description for each query. This is only generated when you
    executed OutputPBNJ.

    For Windows, the pbnj-2.0 config directory is in the APPDATA
    directory, which contains both config.yaml and query.yaml.
    Depending on your environment, the APPDATA directory may be
    a different location from other environments. Therefore, when the
    configs are executed for the first time they will display the path
    where the configs were generated.

FEATURE REQUESTS
    
    Any feature requests should be reported to the online
    feature-request-tracking system available on the web at :
    http://sourceforge.net/tracker/?func=add&group_id=149390&atid=774489
    Before requesting a feature, please check to see if the features has
    already been requested.

BUG REPORTS
    
    Any bugs found should be reported to the online bug-tracking system
    available on the web at :
    http://sourceforge.net/tracker/?func=add&group_id=149390&atid=774488.
    Before reporting bugs, please check to see if the bug has already been
    reported.

    When reporting PBNJ bugs, it is important to include a reliable
    way to reproduce the bug, version number of PBNJ and 
    Nmap, OS name and version, and any relevant hardware specs. And 
    of course, patches to rectify the bug are even better.

SUPPORTED DATABASES
    
    The following databases are supported:

    * SQLite [default]
    * MySQL
    * Postgres
    * CSV

    To use any of the alternative database simply change the
    config.yaml to the configuration that you want.

DATABASE SCHEMA
    
    The following is the SQLite database schema:

    CREATE TABLE machines (
                mid INTEGER PRIMARY KEY AUTOINCREMENT,
                ip TEXT,
                host TEXT,
                localh INTEGER,
                os TEXT,
                machine_created TEXT,
                created_on TEXT);
    CREATE TABLE services (
                mid INTEGER,
                service TEXT,
                state TEXT,
                port INTEGER,
                protocol TEXT,
                version TEXT,
                banner TEXT,
                machine_updated TEXT,
                updated_on TEXT);

MAN PAGES
    
    Man pages are available for each program. Also, there are versions 
    in html in the docs directory. 

Let me know what you think.

Joshua D. Abraham (jabra@ccs.neu.edu)