Recently I upgraded my laptop with the latest Ubuntu release (12.04-LTS). For a few releases, Ubuntu switched from Gnome to Unity and I’m happy to use it since the 11.04 version! I know that this choice has caused a lot of debates between the aficionados of both GUI but it always worked fine for me. Of course, no interface is perfect but it does its job. I just like the way it presents applications and files. Most are accessible with a few key presses. After the upgrade, I made the new proprietary tour and decided to look deeper into the Unity “Dash” feature. This is the main feature of Unity. It allows you to quickly search for information on your local filesystems (applications, files, bookmarks, …) or on the Internet (Wikipedia). To achieve this, the “Dash” uses “Lenses“. And those use “Scopes” that are small scripts which perform the search requests. “Lenses” are based on (briefly resumed):
- A .lens file to let Unity load it
- A daemon with a well-known name on D-Bus
- A D-Bus .service file to let Unity activate the Lens
When Unity is started, it parses the configuration files and spawns the small daemons responsible for the searches. On a stock Ubuntu, you can see the following daemons running:
$ ps ax|grep lens 2741 ? Sl 0:05 /usr/lib/unity-lens-applications/unity-applications-daemon 2743 ? Sl 0:04 /usr/lib/unity-lens-files/unity-files-daemon 2745 ? Sl 0:00 /usr/lib/unity-lens-music/unity-music-daemon 2747 ? Sl 0:01 /usr/bin/python /usr/lib/unity-lens-video/unity-lens-video 2777 ? Sl 0:00 /usr/lib/unity-lens-music/unity-musicstore-daemon
If you’re interested in learning more about Lenses, there is a good documentation available here. Some people started to write their own Lenses to search for useful online data. Some popular ones are:
- Google Contacts
Basically, any website that proposes a search feature can be integrated into Unity as well as any online service! (ex: whois) The daemon needs to send the query based on the provided keywords and format the results into something usable by Unity (via D-Bus).
I decided to learn how to build my own Lens. Why not create one with more focus on information security? What can be interesting to search for if you’re an infosec guy? Vulnerabilities of course! Let’s imagine, you are performing a pentest and you find a unpatched Solaris box running an Apache server. It could be nice to search for vulnerabilities affecting those solutions. That’s the purpose of my Lens: searching the OSVDB database for vulnerabilities.
Type some terms (or dates) and relevant OSVDB entries will be displayed directly in Unity. Click on them to open a browser to the direct page!
By default (empty search), the latest vulnerabilities are displayed (sorted by time). You can also search for a specific period by specifying a month and a year (ex: “Apr 2012“). The full-text search feature of OSVDB is used (ex: “Cisco IOS 12.1“). There is nothing fancy, most of the code is based on another publicly available Lens. It was first of all a good opportunity for me to write my first piece of code in Python!
Source files are available on github.com. A Debian package (.deb) is ready to be installed. A logout is required to restart Unity and makes it recognize the new Lens. Once installed click on the little “OSVDB” icon on the bottom of your Dash to search for vulnerabilities. Feel free to use it, patch it or submit your comments! Enjoy!