SourceForge.net project page for DominoDig: The Open Source Lotus Domnio Database auditing tool.
This project stemmed from frustration encountered when using the Open Source Vulnerability Scanning Tool NESSUS. There is a NASL script that checks for the presence of various default Notes databases, and then helpfully informs you that one or more of them has been accessed. But it's up to you to figure out which one(s). This tool could be used as part of an Open Source pen-test to help automate much of the auditing that might be involved in digging through these anonymously accessible default databases. Instead of just checking for the presence of anonymously accessible default databases, DominoDig also parses the content of each page it retrieves, looking any mention of any other notes databases present on the system.
Features of note include:
- User definable scan depth: Can do a quick, 2 link deep scan or a lengthy 20 link deep scan.
- Text or HTML-based report containing the following details:
- Lists all email addresses found
- Lists all unique IP addresses found
- Lists all unique .nsf Databases found
- Total number of bytes parsed
Currently, this project is in it's ALPHA stage. It has all the functionality I wanted for the initial release, and it appears to not have any glaringly obvious bugs.
If you use this software, and you find it to be helpful, I would appreciate it if you could drop me a line at firstname.lastname@example.org and just let me know what you thought of the product. Was it helpful? Did it satisfy your requirements? Under what circumstances were you using it? Would you reccomend it to others? Any comments, suggestions, feature requests?