I found out there is internet here, so I’m finally able to post some code changes I was working on while on the airplane.
Firstly, download the files here.
The static page for nsm-console is here.
I finally got around to releasing the next version of the nsm-console. This version incorporates a large amount of bug fixes and additional features, first, I’ll start with some of the features I’m the most happy about 
Most of these features are in the new Hex 1.0.2 release which came out yesterday (go download it now!)
- Categories
- You can now toggle certain categories on and off, for instance, one category shipped with the new release is the ‘flow’ categories, you treat them just like a regular module. Simply use “
toggle flow” to toggle the flow category (and all of it’s modules) on and off. - You can easily add your own categories to customize your work environment, all you have to do is create a file named the same name as the category name in the
modules/categoriesdirectory.
- You can now toggle certain categories on and off, for instance, one category shipped with the new release is the ‘flow’ categories, you treat them just like a regular module. Simply use “
- Directory analysis
- When you normally run the nsm-console, you would specify a single pcap file to perform analysis on, now you can use the same “
file” command to specify a directory full of files instead of a single file. When the “run” command is executed, all the toggled module’s operations will be executed on each file in the directory (recursively) - To better accommodate this type of operation, I encourage anyone that is writing any modules to write them to output the results into an output file named something like
${PCAP_BASE}.tcpdstat.out(so if you had more than 1 file, the output will go into more than one file)
- When you normally run the nsm-console, you would specify a single pcap file to perform analysis on, now you can use the same “
- The ‘exec’ command
- I added the exec command because I was tired of spawning an additional shell in order to run a simple ‘tcpdump’. I hope this helps with the automation that I’m going to talk about below.
The directory functionality and the exec command isn’t in the current Hex release, but hopefully it will be in the next release.
Part of the reason I think nsm-console is neat is the ease of automation you can do using simple text files. For instance, if you created a text file called “automate.txt” and put the following lines in it:
file /pcap/data.pcap
output automated-output
toggle aimsnarf
toggle tcpdstat
toggle chaosreader
run
quit
Then, you can run the command:
./nsm < automate.txt > output.txt
Which will run all the commands in the text file automatically, placing all the output in output.txt, simple eh?
If you have any questions, comments or suggestions, feel free to leave a comment or send an email I’d love to hear if/how you’re using nsm-console