コンテンツにスキップ
1337skills 1337skills - チートシート

Nipper-ng

Overview

Section titled “Overview”

Nipper-ng (Network Infrastructure Parser Next Generation) is an auditing tool designed to parse and analyze configuration files from network devices such as routers, switches, and firewalls. It identifies security vulnerabilities, configuration weaknesses, and compliance issues by examining device configs from vendors like Cisco, Juniper, CheckPoint, Palo Alto Networks, and others.

Nipper-ng generates detailed audit reports highlighting security risks, misconfigurations, weak access controls, and areas of non-compliance with industry standards. It’s essential for network administrators and security professionals conducting infrastructure assessments and compliance audits.

Installation

Section titled “Installation”

Linux (Debian/Ubuntu)

Section titled “Linux (Debian/Ubuntu)”
sudo apt-get update
sudo apt-get install nipper-ng

Linux (RedHat/CentOS/Fedora)

Section titled “Linux (RedHat/CentOS/Fedora)”
sudo yum install nipper-ng
# or
sudo dnf install nipper-ng

Kali Linux

Section titled “Kali Linux”
sudo apt-get install nipper-ng

Build from Source

Section titled “Build from Source”
# Install dependencies
sudo apt-get install build-essential libssl-dev zlib1g-dev

# Clone/download nipper-ng
git clone https://github.com/arpihausmann/nipper-ng.git
cd nipper-ng

# Build and install
./configure
make
sudo make install

Verify Installation

Section titled “Verify Installation”
nipper --version
nipper --help

Basic Syntax

Section titled “Basic Syntax”
nipper --input <config-file> --output <report-file> [options]
nipper -i <config-file> -o <report-file> [options]

Supported Devices and Formats

Section titled “Supported Devices and Formats”
Device TypeVendorFormat
RouterCiscoIOS, IOS-XE, IOS-XR
RouterJuniperJunOS
RouterPalo AltoPAN-OS
FirewallCiscoASA, PIX
FirewallCheckPointSmartCenter
FirewallPalo AltoPAN-OS
SwitchCiscoIOS, IOS-XE
SwitchJuniperJunOS
VPNCiscoIPSec, GRE
VPNJuniperIPSec

Essential Commands

Section titled “Essential Commands”
CommandDescription
nipper --input fileSpecify input config file
nipper --output fileSpecify output report file
nipper --type deviceExplicitly set device type
nipper --report fullGenerate full audit report
nipper --report issuesReport only issues/vulnerabilities
nipper --report complianceGenerate compliance report
nipper --list-devicesList all supported devices
nipper --list-settingsShow all configuration settings
nipper --helpDisplay help information
nipper --versionShow version number
nipper --debugEnable debug output

Report Types

Section titled “Report Types”
Report TypeDescription
fullComprehensive audit with all findings
issuesSecurity issues and vulnerabilities only
complianceCompliance-focused findings
deviceDevice-specific configuration details
securitySecurity configuration analysis
performancePerformance-related observations

Common Usage Examples

Section titled “Common Usage Examples”

Basic Report Generation

Section titled “Basic Report Generation”
nipper --input router-config.txt --output report.html

Cisco Router Configuration Audit

Section titled “Cisco Router Configuration Audit”
nipper -i cisco-router.conf -o cisco-audit.html --type "Cisco Router"

Firewall Configuration Analysis

Section titled “Firewall Configuration Analysis”
nipper --input asa-firewall.cfg --output firewall-report.html --type "Cisco ASA"

Generate Text Report

Section titled “Generate Text Report”
nipper -i config.txt -o audit-report.txt --html-format false

Generate Compliance-Focused Report

Section titled “Generate Compliance-Focused Report”
nipper --input device.conf --output compliance-report.html --report compliance

Analyze Multiple Devices

Section titled “Analyze Multiple Devices”
for file in *.conf; do
  nipper -i "$file" -o "${file%.conf}-report.html"
done

Advanced Options

Section titled “Advanced Options”

Device Type Specification

Section titled “Device Type Specification”
# Explicit device type
nipper -i config.txt -o report.html --type "Cisco IOS Router"

# Cisco ASA Firewall
nipper -i asa.cfg -o asa-report.html --type "Cisco ASA Firewall"

# Juniper SRX
nipper -i srx.conf -o srx-report.html --type "Juniper SRX"

# Palo Alto Networks
nipper -i panorama.conf -o panorama-report.html --type "Palo Alto Networks Firewall"

Report Customization

Section titled “Report Customization”
# Security issues only
nipper -i config.txt -o report.html --report issues

# Device details
nipper -i config.txt -o report.html --report device

# Combined report
nipper -i config.txt -o report.html --report full

Output Formats

Section titled “Output Formats”
# HTML report (default)
nipper -i config.txt -o report.html

# Text report
nipper -i config.txt -o report.txt --html-format false

# Debug output
nipper -i config.txt -o report.html --debug

Vulnerability Categories

Section titled “Vulnerability Categories”

Access Control Issues

Section titled “Access Control Issues”
nipper -i config.txt -o report.html
# Checks for:
# - Weak access control lists (ACLs)
# - Default credentials
# - Open management ports
# - Unrestricted access policies

Authentication Weaknesses

Section titled “Authentication Weaknesses”
# Reports will highlight:
nipper -i config.txt -o report.html
# - Unencrypted protocols (Telnet, HTTP)
# - Weak password policies
# - Local authentication weaknesses
# - TACACS/RADIUS misconfigurations

Encryption Issues

Section titled “Encryption Issues”
# Identifies:
nipper -i config.txt -o report.html
# - Weak encryption algorithms
# - Unencrypted protocols
# - Outdated security standards
# - DES/MD5 usage (deprecated)

Routing Security

Section titled “Routing Security”
# Analyzes:
nipper -i router-config.txt -o report.html
# - BGP security gaps
# - Routing protocol authentication
# - Route redistribution risks
# - Dynamic routing misconfigurations

Cisco Configuration Audit

Section titled “Cisco Configuration Audit”

Extract and Analyze Cisco IOS Config

Section titled “Extract and Analyze Cisco IOS Config”
# From device
show running-config > cisco-config.txt
nipper -i cisco-config.txt -o cisco-report.html

# Specific security checks
nipper -i cisco-config.txt -o report.html --type "Cisco Router"

Key Cisco Findings

Section titled “Key Cisco Findings”
# Report will identify:
# - VTY line access control
# - Enable password weaknesses
# - SNMP community strings
# - CDP enabled globally
# - IP directed broadcasts
# - HTTP server enabled
# - Unused interfaces
# - Privilege escalation paths

Firewall Configuration Audit

Section titled “Firewall Configuration Audit”

Cisco ASA Analysis

Section titled “Cisco ASA Analysis”
show running-config > asa-config.txt
nipper -i asa-config.txt -o asa-report.html --type "Cisco ASA Firewall"

Palo Alto Networks Audit

Section titled “Palo Alto Networks Audit”
# Export configuration from Panorama/Device
nipper -i palo-alto.xml -o pa-report.html --type "Palo Alto Networks Firewall"

CheckPoint Firewall Audit

Section titled “CheckPoint Firewall Audit”
nipper -i checkpoint.conf -o checkpoint-report.html --type "CheckPoint Firewall"

Compliance Reporting

Section titled “Compliance Reporting”

Generate Compliance Report

Section titled “Generate Compliance Report”
nipper -i config.txt -o compliance-report.html --report compliance

Compliance Standards Checked

Section titled “Compliance Standards Checked”
# Nipper checks against:
# - PCI DSS (Payment Card Industry Data Security Standard)
# - HIPAA (Health Insurance Portability and Accountability Act)
# - SOX (Sarbanes-Oxley)
# - ISO 27001
# - NIST guidelines
# - CIS benchmarks

Remediation Guidance

Section titled “Remediation Guidance”
# Each finding includes:
# - Impact severity rating
# - Remediation steps
# - Best practice recommendations
# - Configuration examples

Batch Processing

Section titled “Batch Processing”

Process Multiple Configurations

Section titled “Process Multiple Configurations”
#!/bin/bash
# Audit all router configs

for config in routers/*.conf; do
  device=$(basename "$config" .conf)
  nipper -i "$config" -o "reports/${device}-audit.html"
  echo "Processed: $device"
done

Generate Compliance Summary

Section titled “Generate Compliance Summary”
#!/bin/bash
# Create compliance reports for all devices

for config in devices/*.conf; do
  name=$(basename "$config" .conf)
  nipper -i "$config" -o "compliance/${name}-compliance.html" \
    --report compliance
done

Combined Analysis

Section titled “Combined Analysis”
#!/bin/bash
# Generate both issues and compliance reports

for config in *.conf; do
  base="${config%.conf}"
  echo "=== Analyzing $base ==="
  
  # Issues report
  nipper -i "$config" -o "${base}-issues.html" --report issues
  
  # Compliance report
  nipper -i "$config" -o "${base}-compliance.html" --report compliance
  
  # Full report
  nipper -i "$config" -o "${base}-full.html" --report full
done

Security Issue Examples

Section titled “Security Issue Examples”

Default Credentials Detection

Section titled “Default Credentials Detection”
nipper -i config.txt -o report.html
# Flags:
# - Default community strings (public, private)
# - Factory default passwords
# - Unchanged service credentials

Weak Encryption Identification

Section titled “Weak Encryption Identification”
# Report highlights:
# - MD5 for hashing
# - DES encryption
# - No encryption configured
# - Unencrypted management protocols

Access Control Weaknesses

Section titled “Access Control Weaknesses”
# Identifies:
# - Permit any/any rules
# - Overly permissive ACLs
# - Open management access
# - Trust relationships

Protocol Security Issues

Section titled “Protocol Security Issues”
# Detects:
# - Telnet enabled (vs SSH)
# - HTTP management (vs HTTPS)
# - SNMPv1/v2c (vs SNMPv3)
# - Insecure protocols

Output Interpretation

Section titled “Output Interpretation”

Report Severity Levels

Section titled “Report Severity Levels”
Critical   - Immediate security risk, exploit likely
High       - Significant vulnerability, serious impact
Medium     - Notable security concern, recommended fix
Low        - Minor issue, best practice recommendation
Info       - Informational finding, no action required

Remediation Steps

Section titled “Remediation Steps”
# Each finding includes:
1. Description of issue
2. Security impact assessment
3. Step-by-step remediation
4. Configuration examples
5. Verification procedures

Real-World Audit Scenarios

Section titled “Real-World Audit Scenarios”

Security Baseline Assessment

Section titled “Security Baseline Assessment”
# Extract configs from all critical devices
for device in router1 firewall1 switch1; do
  ssh admin@$device "show running-config" > ${device}.conf
done

# Generate baseline reports
for config in *.conf; do
  nipper -i "$config" -o "${config%.conf}-baseline.html"
done

Pre-Change Audit

Section titled “Pre-Change Audit”
# Capture current state before changes
nipper -i current-config.txt -o pre-change-audit.html

# ... make changes ...

# Capture and compare post-change
nipper -i new-config.txt -o post-change-audit.html

Incident Response Analysis

Section titled “Incident Response Analysis”
# Analyze device configs from time of incident
nipper -i incident-config.txt -o incident-report.html --report full

# Focus on security issues
nipper -i incident-config.txt -o incident-issues.html --report issues

Compliance Verification

Section titled “Compliance Verification”
# Quarterly compliance checks
nipper -i config.txt -o q1-compliance.html --report compliance
nipper -i config.txt -o q2-compliance.html --report compliance

Configuration Extract Methods

Section titled “Configuration Extract Methods”

From Cisco Devices

Section titled “From Cisco Devices”
# Via SSH
ssh admin@router.example.com "show running-config" > cisco-router.conf

# Via Telnet (less secure)
(echo "password"; echo "enable"; echo "password"; \
 echo "terminal length 0"; echo "show running-config"; \
 echo "exit") | telnet router.example.com > cisco-config.conf

From Juniper Devices

Section titled “From Juniper Devices”
ssh admin@juniper.example.com "show configuration | display text" > juniper.conf

From Palo Alto Networks

Section titled “From Palo Alto Networks”
# Via SSH
ssh admin@palo.example.com "show config running" > panorama.conf

From CheckPoint

Section titled “From CheckPoint”
# Export via management interface or API
sftp admin@checkpoint.example.com
get /configs/current.conf

Best Practices

Section titled “Best Practices”

Regular Audits

Section titled “Regular Audits”
# Maintain audit schedule
- Monthly for critical devices
- Quarterly for standard devices
- Before/after major changes
- When security policies update

Baseline Establishment

Section titled “Baseline Establishment”
# Create security baseline
nipper -i baseline-config.txt -o baseline-report.html

# Track changes over time
nipper -i current-config.txt -o current-report.html

# Compare findings
diff baseline-report.html current-report.html

Remediation Tracking

Section titled “Remediation Tracking”
# Document all findings
nipper -i config.txt -o findings.html

# Track remediation progress
# Update with revised configs
nipper -i remediated-config.txt -o verification.html

Documentation

Section titled “Documentation”
# Keep audit trail
- Store all reports with dates
- Document remediation actions
- Track policy changes
- Maintain configuration versions

Troubleshooting

Section titled “Troubleshooting”

Unrecognized Device Type

Section titled “Unrecognized Device Type”
# List supported devices
nipper --list-devices

# Use correct device type
nipper -i config.txt -o report.html --type "Cisco IOS Router"

Parse Errors

Section titled “Parse Errors”
# Enable debug mode
nipper -i config.txt -o report.html --debug

# Verify config file format
# Remove extra spaces, special characters

Missing Features

Section titled “Missing Features”
# Check nipper-ng version
nipper --version

# Update to latest version
sudo apt-get install --only-upgrade nipper-ng

Integration with Other Tools

Section titled “Integration with Other Tools”

Network Scanning

Section titled “Network Scanning”
# Use with nmap for comprehensive audit
nmap -sV 192.168.1.0/24 > devices.txt
# Then collect configs and analyze with nipper

Configuration Management

Section titled “Configuration Management”
# Version control configs
git clone <config-repo>
cd configs
for config in *.conf; do
  nipper -i "$config" -o "reports/${config%.conf}.html"
done
git add reports/
git commit -m "Security audit $(date)"

Ticketing System Integration

Section titled “Ticketing System Integration”
# Parse nipper output and create tickets
nipper -i config.txt -o report.html
# Create tickets for each critical/high finding

Security Considerations

Section titled “Security Considerations”
  • Ensure configs are securely transported and stored
  • Protect reports containing sensitive network details
  • Restrict access to nipper reports (non-public information)
  • Audit extraction credentials and access
  • Maintain confidentiality of network architecture
  • Follow organizational information security policies
Section titled “Related Tools”
  • Nessus - Comprehensive vulnerability assessment
  • OpenVAS - Open-source vulnerability scanner
  • NMAP - Network mapper and port scanner
  • Shodan - Search engine for internet-connected devices
  • Qualys - Cloud-based vulnerability management
  • Tenable - Vulnerability and risk management

References

Section titled “References”
  • Nipper-ng GitHub: https://github.com/arpihausmann/nipper-ng
  • Man page: man nipper
  • Configuration parsing documentation
  • Compliance framework references (PCI, HIPAA, ISO 27001)
  • Network device configuration guides