Social Icons

Showing posts with label nessus. Show all posts
Showing posts with label nessus. Show all posts

Sunday, July 20, 2014

Nessus @ Kali Linux

1.  Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment and is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.Nessus allows scans for the following types of vulnerabilities:
 
Vulnerabilities that allow a remote hacker to control or access sensitive data on a system.
Misconfiguration (e.g. open mail relay, missing patches, etc.).
Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
Denials of service against the TCP/IP stack by using mangled packets
-  Preparation for PCI DSS audits

2.   This post brings you screenshots for installing Nessus in Kali Linux for home users that's the free edition I am using here :

Firstly after installing Nessus from the site,Obtain the activation code for Nessus by registering at 

http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code

Secondly Activate Nessus by executing the following command:

/opt/nessus/bin/nessus-fetch --register S56X-XXXX-XXXX-XXXX-4122

Where  S56X-XXXX-XXXX-XXXX-4122 should be your activation code received vide registered email.

Create a user account for the Nessus web interface:

/opt/nessus/sbin/nessus-adduser








To start the Nessus server, we simply invoke the following command:

/etc/init.d/nessusd start

Wednesday, January 01, 2014

Nessus Installation @ Backtrack R3

1.   This post speaks less and shows more about how to install Nessus in Backtrack R3.Also it is assumed that the user is connected to the Internet while installation is in progress.

First Step :  Get to the terminal and type apt-get install nessus

 closer look to the above screen shot as in terminal.

 This screen shot shows a progress shot whilst installation is in progress....

 Installation gets over here....as seen

 Second Step : Creating a user for login into the Nessus Interface.........

 You get to see the following after you have created the user....
 Third step : Visit the website as seen in the screen shot below :
 
 Fourth Step : Click on the Home user option and register with your e-mail id.You get a activation key in few seconds at your e-mail.

 Fifth Step :  After you get the key...type in the following syntax followed by the key that you get in ur email id....
 A closer look of the above screen shot

 After you the user is registered he gets to see the following screen :

 Sixth Step : Now open your Backtrack Mozilla Browser and type in the following address as shown in the screen shot here.This initialising takes a little time...mine took 4 minutes and more...
 A closer look at the address .......
 Once initialised you get the following screen for login
 Here you are...the login screen for Nessus...

Saturday, August 03, 2013

Is PORT SCANNING legal in INDIA?

1.   The IT security guys have so much to experiment and learn vide unending open source information and tools available on the net.Be it BACKTRACK or Wireshark or Nmap or nessus or Canvas(not opensource) or a web scanner like Acunetix or Arachini and the list is unending....there is lots to do...but do we actually know that simply running a port scan on the internet is a crime in other parts of the world?

2.   In countries like Australia,UK , port scanning is recognized as a "potential attempt" to infringe on a system and that's a simple truth....no body would run such tools openly available without intent. Yess!!!...the intent can be educating self but the other side can be bad intent and no one can prove whats the intent inside the person's mind.It may change the moment he realizes he/she is caught.In the United States there is no need to prove intent and port scanning is considered illegal.So even installation of such tools is a crime.So if a naive script kiddie from India goes with his laptop to US with a virtual box machine holding a OS with a port scanner...he is a cyber criminal the moment he lands in the US.

3.   Today we in India do not have straight and clear laws defining whether running such tools or installation is a crime or not coz the whole thing is COMPLEX.The compliance laws across countries vary and that too drastically...it may be acceptable in a country like India and it may be serious offence in US.So seeing from the current state of affairs in India,it does not look like if a day will be near when such stringent guidelines exist in India to restrict all these uses and installations...or let it be restricted to professionals only.....but then who will define a Cyber Security Professional....CDAC or CEH or some other such agency....these institutes can be a critical node in identifying and certifying cyber security professionals to measure and endorse the intent...but at the end of the day we all are humans...and we know that "too err is human"....so a agency certified person finally has himself to decide whether he uses a black hat or a white hat!!!! :-)

4.   Meanwhile students and IT security enthusiasts should take care of running such tools on the internet coz these are serious tools who can break into some one's privacy...and if the victim gets serious after you...things will be bad enough to land you behind bars...so the best place to experiment with such tools is a virtual environment that can be available vide Virtual box or vmware etc....Security guys and enthus should be familiar with the excellent Open Source Security Testing Methodology Manual (OSSTMM), which provides best practices for these situations.

PLEASE TAKE CARE TO RUN THE CYBER SECURITY TOOLS BEFORE THE LAW STARTS RUNNING AFTER YOU
Powered By Blogger