|
-
November 23rd, 2003, 10:16 AM
#1
Sweet Moses Nessus!
If you use any *nix OS and you want to secure your system, use nessus. The program more or less hacks the F*** out of your computer with whatever you want it to (it has just about every method of hacking available to test with). Just log on to a virtual server that it creates on your system, choose what you want to throw at yourself, and start the scan. Depending on what all you select it might take a while. Then it gives you this very nice output with plenty of info on everything and you can save it all in a log file of your format choosing (html, txt, etc...). It is like nmap on crack! Get it now:
http://www.nessus.org/nessus_2_0.html
-
November 23rd, 2003, 04:30 PM
#2
Re: Sweet Moses Nessus!
Originally posted here by Lansing_Banda
If you use any *nix OS and you want to secure your system, use nessus. The program more or less hacks the F*** out of your computer with whatever you want it to (it has just about every method of hacking available to test with). Just log on to a virtual server that it creates on your system, choose what you want to throw at yourself, and start the scan. Depending on what all you select it might take a while. Then it gives you this very nice output with plenty of info on everything and you can save it all in a log file of your format choosing (html, txt, etc...). It is like nmap on crack! Get it now:
Very true indeed....
And even if you don't have a Linux system up and running available for you to use, you are not out of luck... Go and download the Knoppix Security Tools Distribution available at http://www.knoppix-std.org... Burn the downloaed ISO to CD, then you'll have a CD-bootable Linux distro that you can plug into any machine and boot to a working Linux distro - complete with Nessus setup and ready to go for you, along with a slew of other security tools...
-
November 23rd, 2003, 05:14 PM
#3
Member
the problem is if you are using it to attempt to hack a system it basically says "we are attacking the **** out of you"
-
November 23rd, 2003, 07:04 PM
#4
Originally posted here by wassup
the problem is if you are using it to attempt to hack a system it basically says "we are attacking the **** out of you"
Well, crackers shouldn't be using Nessus at crack, hack, or attack systems in the first place. Network administrators with the authority and permission should be the users (in a corporate environment) of Nessus for vulnerability testing. That way, results such as a DoS that might happen to the servers that are being tested can be expected and the red flag won't be raised at the onset of the testing.
-
November 23rd, 2003, 07:33 PM
#5
Senior Member
I would suggest turning the exploits off if you are using it as an administration tool. You don't want to start taking down your servers with it, but that is just my opinion.
-
November 24th, 2003, 05:10 AM
#6
Originally posted here by sysmin770
I would suggest turning the exploits off if you are using it as an administration tool. You don't want to start taking down your servers with it, but that is just my opinion.
If I don't test my servers to the fullest possible extent, who will - crackers, hackers? I'd rather expolit it on the front end, take care of any holes, etc. that are exposed, then get back to business... At some point vuln. testing is part of the process - at least if I crash a system, I'm testing full well knowing that I can crash it - better me in my environment than a cracker while the server is in full production...
-
November 24th, 2003, 06:59 AM
#7
Very true indeed. The only true way to defend is to know what you are defending against. If it takes taking down your system to do it. So be it.
PeacE
-BoB
#!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)
-
November 24th, 2003, 02:15 PM
#8
Originally posted here by fl34bit3
Very true indeed. The only true way to defend is to know what you are defending against. If it takes taking down your system to do it. So be it.
PeacE
-BoB
Exactly - it's the same principle of when corporations hire crackers or legit firms that will attempt in every way possible to break-in... The risks are there, but at some point it has to be done..
-
November 24th, 2003, 03:29 PM
#9
Member
maverick811 im downloading Knoppix Security Tools Distribution now and was wondering if it was possible for this distro to read the nessus updates of a floppy somehow or is the only way to update nessus attacks by downloading knoppix again with the updates Just currious
\"An eye for an eye and the world would be blind\"
(I dunno who said this) 
sniper0wolf0 told me it was Ghandi Thanks 
-
November 24th, 2003, 04:10 PM
#10
was wondering if it was possible for this distro to read the nessus updates of a floppy somehow or is the only way to update nessus attacks by downloading knoppix again with the updates Just currious
all you have to update is the scripts.
After you get knoppix booted, config your netcard (if you don't have DHCP enabled) and goto the nessus site and DL the file that contains all the plugins/scripts. extract to the proper location.
You don't have to download knoppix-std everytime. I think they have been using that version for some time now anyway.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
