nipper-ng
Device security configuration review tool. Analyzes configurations of network devices like routers, firewalls, and switches to identify security issues.
Description
Nipper-ng is the next generation of nipper, remaining free and open source. It processes device configuration files to make observations about security configurations across various network infrastructure devices such as routers, firewalls, and switches. This fork originates from nipper 0.11.10 under GNUv3 GPL.
The tool is used for auditing network device configurations, producing detailed reports on security-related issues with recommendations. It supports multiple device types and outputs reports in formats like HTML, aiding in infrastructure security reviews.
By default, it reads input from stdin and outputs HTML to stdout, making it suitable for parsing configurations from devices like Cisco IOS routers or CheckPoint Firewall-1.
How It Works
Nipper-ng takes a network device configuration file as input, processes it to identify security-related issues, and generates reports with detailed recommendations. It parses configurations from devices like Cisco IOS routers or CheckPoint conf directories, analyzing settings for vulnerabilities. Output is produced in HTML by default to stdout, with options for file-based reports or CSV for network filtering configurations.
Installation
sudo apt install nipper-ngFlags
Examples
nipper --helpnipper --input=ios.conf --output=report.html --ios-routernipper --input=conf_directory --output=checkpoint_report.htmlnipper --input=device.conf --csv=filtering.csvnipper --versionnipper --help=GENERALnipper --report=report.html