Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

ID KITPLOIT:2545680128710302421
Type kitploit
Reporter KitPloit
Modified 2019-11-28T20:33:06


Graphs help to spot anomalies and patterns in large datasets.
This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j.
Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and much more.

Example Files
There are already some files in the example directory for you to be able to test the tool.
you can also find example queries which will help you to have a basic idea of the possibilities of the search

Currently the tool is tested with the netstat output of Windows systems using the command 'netstat -an'


Install docker and docker-compose

Extract Files

git clone /opt/netstat2neo4j/

Start Container

cd /opt/netstat2neo4j/docker
docker-compose up -d

Test Logon
user: neo4j
pass: neo4j

Upload Netstat Files
copy all netstat out files (*.txt files) into /opt/netstat2neo4j/script/import/

Create Cypher Statements for Neo4j

cd /opt/netstat2neo4j/script/

the needed cypher statements can be found in create_database.txt

Create Database
browse to https://localhost:7473
Copy content from create_database.txt
Paste into the command bar of the neo4j interface

Example Query

MATCH (src)-[:DEPENDS_ON]->(dst)
WHERE src.ip STARTS WITH '192_168_'
RETURN src, dst

There is a query.txt in the example folder as well.

Q: This is redundant. Don't you know there are other projects?
A: I do. This is not new or special. There are free projects, tutorials and commercial products based on agents to draw maps and even enforce rules.
Some examples:

Download Netstat2Neo4J