How to determine if report ran with credentials or not? Is there something in the report that says "could not login with provided credentials" or "login successful"?
If it is blank, I assume credentials did not authenticate? How does it display if credentials were used and authenticated? How does it display if credentials were used but not authenticated or did not use credentials at all...?
Our results that we need to provide to the client has to list which IP's were not credentialed and which IP's were successfully credentialed.
For this, I use a grep command and it works fine. You will need to edit the command to fit your enviroment, these are the results I would get (edited):
Example1 (192.168.10.12): Found valid credentials (Domain\username)
Example2 (192.168.10.14): Found valid credentials (Domain\username)
Example3 (192.168.10.16): Found valid credentials (Domain\username)
Then compare that to the target list and you will have the IP's not credentialed also.
The log file is located in Foundstone\logs.
At the command prompt, you will need to get to that location to do the grep.
Edit the command to put the job number after the JN, and you can edit inside the quotes for the date.
You can name the output file anything you want, I use intel_creds.txt.
if you add another '>', it will append to that file instead of overwriting it.
For this example, say my job ran 10:00 PM to 1:00 AM on 4-10 to 4-11, so I will have two dates for the logs.The job number was 5.
Open command prompt.
edit the grep, replace '3' with '5'.
Replace the date with 2010-04-10
so this original....
grep JN3 LogFile.2010-04-16.txt|grep "Found valid cred"|cut -d "|" -f 6|cut -d ";" -f1 > intel_creds.txt
now looks like.....
grep JN5 LogFile.2010-04-10.txt|grep "Found valid cred"|cut -d "|" -f 6|cut -d ";" -f1 > intel_creds.txt
Then do the same with the next date, and append so its added to the file...
grep JN5 LogFile.2010-04-11.txt|grep "Found valid cred"|cut -d "|" -f 6|cut -d ";" -f1 >> intel_creds.txt
To retrieve the file, it is located in the same logs folder as the scan log.