Back in 2018, I was leading the SOC and NOC teams and although I'm not an excellent network engineer, I always tried to help technically the networking team. On that year we were struggling with the IPAM tool and started looking for a replacement. Then we found and tested NetBox, an open-source IPAM from DigitalOcean, and put that into production.
The main concern the NOC had about IPAM is that this tool can be outdated very fast, so I decided to write a tool to automatically discover and update certain subnets. This led to the netbox-scanner creation and when finished, this software scanned daily more than 50 subnets, some of them a /21, which resulted in lots of hosts registered and managed automatically.
As the company changed, I left the position of NOC leader focusing on SOC. So the netbox-scanner was forgotten by both teams although some people were still using it --source code was available on GitHub. Despite continually receiving issues and pull-requests, I had no time to improve that code, so I neglected all requests. It last until May 2020, when I decided to use some spare time due to COVID-19, to create a brand new version of that script.
At first, I planned the new version, focusing on a modular environment, and documented this in a new issue. After that, I started the repository cleaning process, reviewing all issues for some ideas that could have been added to the project --the feature to use the configuration file from two possible directories was born here.
When the technical part began, I thought it would take at least one month to finish the job since I hadn't been coding for almost 6 months, and I still had my full-time job, so I would code only when idle. To my surprise, all the concepts were fresh in my mind, so I was able to finish the job in only three days, which made me really happy!
Despite this project is not directly secure-related, it was very good to learn or improve some techniques:
- Logging: Using logging to record actions and enable further tracking, good for fully automated scans.
- Argument parsing: One of the best ways to catch user interactions is directly from the command line.
- Config files processing: Although the CLI is good, when there are many options, it is easier to use configuration files.
- XML processing: Either XML and JSON are excellent standards for interoperability and it is always good to not reinvent the wheel.
- API usage: NetBox has a good API, the pynetbox, and it implements all actions I needed albeit the documentation is not good.
- API creation: Since I decided to create an integration with Cisco Prime and couldn't find a Python API, I had to create my own --in this case, I used the one I wrote in 2019.
- Testing: Automated tests improve the development lifecycle and enable CI/CD/DevOps functions --automated tests should include some security tests too, see DevSecOps.
- Git features: Git is the best software I know for version control and here I had the opportunity to use some features I had never used --branch and merge.
All in all, it was fun and very satisfying to upgrade the netbox-scanner version, and consequently, I learned a lot of things. I think this is the core concept of free software when you use something and is able to contribute to that.
Let's move to the next objectives!