Nessus is a nice tool, but some people have complained and revolted against it because it went closed source in version 3.0. I’m sure there were good reasons for that, but if – for whatever reason – you don’t want to use Nessus, what can you use? Enter OpenVAS.

I’ve mentioned OpenVAS before, but version 3.0.0 came out in December, so I figured I’d give more details on it.

It’s a fork of Nessus 2.0, so if you used Nessus while it was still open source, it’ll be somewhat familiar to you. It still uses NASL for tests, so you can use some of those ancient vulnerability tests if you need to. It also has the same basic client/server architecture. You put the “server” on the network segment(s) you want to scan, and you can have the client pretty much anywhere that can talk to the server.

There is an “official” OpenVAS feed, but you can subscribe to any feed you want – including the Nessus feeds.

If you’re not used to working “under the hood”, then OpenVAS will seem like a huge change for you, but if you used nessus previously, you’ll just have to remember a few of the old things on the command line.

I haven’t used it on an assessment (yet), since we have a Nessus professional feed, but I’ve used it at home and have found it quite nice to use and might consider starting to use it for assessments.

It’s the news the penetration testers have all been long awaiting; Backtrack 4 final is here and now. Though many people, myself included, have been using various pre-release, beta release, and pre-final release flavors for almost a year now ever since first standing in line to hand over my usb stick to a group of elite hackers at Shmoocon 5, now there is no excuse. The final release is just in time for Hack or Halo at Shmoocon 6, saving me the trouble of making sure to update every tool I might possibly need before the big event.

So why does Backtrack rock in general? It’s basically most of the tools you will need for your pentest all rolled into one and set up nicely. I say most because it doesn’t have your commercial tools such as Nessus built in for obvious reasons, though it is possible to integrate your licensed Nessus into your Backtrack install. Ever been setting up Dradis for your first big pentesting gig at a new company on a recently imaged box? You’ve got your ruby prerequisites (rubydev, opensslruby, etc.), various gardening tools, SQLite, diamonds, garnets, and opals. At some point in the process of getting it all integrated, even your technically savvy individual may find himself ruing the day he decided it was a good idea to wait until the night before to build the pentest box. In Backtrack it goes like this:
root@bt4: cd /pentest/misc/dradis/server
root@bt4: ruby ./script/server
Done.

So why upgrade to Backtrack 4? First off, there’s the obvious perk of having the newest versions of all your favorite tools and some you’ve had on your list to check out for a while now. It also includes some new tools that have been developed in the interim since Backtrack 3 came out way back in summer of 2008, saving you the trouble of those pesky installs and svn checkouts. A great new tool that’s making its Backtrack debut on the final release of Backtrack 4 is re1ik’s social engineering toolkit (SET). Additionally, Backtrack 4 is Ubuntu based rather than Slackware based. While Backtrack 3 was great, your Ubuntu-based system has its perks as far as driver integration goes. As more and more people move from just the Live-CD Backtrack approach to using Backtrack as the base operating system on their pentesting boxes, this can only be a step in the right direction. Speaking of installation, Backtrack 4 final has an installation script that looks a lot like the GUI-based point-and-click installation wizards seen in system such as Ubuntu, resulting in a more hands-off approach than persistent changes in Backtrack 3.

The only drawback with Backtrack 4 as is that I can think of would be trying to write up your reports in Backtrack. Let’s not get into any holy war between writing in vi or nano, and just suffice to say it’s not easy. Backtrack 4 does come with Emacs, and some included tools such as Maltego make some pretty graphs. Plus, you can install OpenOffice on Backtrack, so it’s not that big of a drawback after all.
All in all, Backtrack 4 is the bomb, and if you haven’t jumped on the bandwagon, my advice is to get to it.

Georgia

Seems the new year has brought out a few new findings. One being the newly discovered “God Mode” feature in Microsoft’s Windows 7 based operating systems. At its core, it’s basically a glorified control panel. It takes all the hard to get to, or annoying multiple right click -> properties -> options -> submenu -> etc. -> etc. parts out of some of the common administrative tasks.

So, how do you get this miracle “God Mode”?

(more…)

I don’t think it’s possible to have too many network security toolkits. Netwox is probably not as common some of the other toolsets included in some security-oriented live CD distros. However, it can certainly hold its own when it comes to capability and flexibility.

Netwox stands for the Network Toolbox and the software includes over 222 different tools/functions that it can perform to help you do whatever it is you want to do on a network. This includes everything from spoofing arp packets, to becoming a telnet server, to running port scans and sniffing traffic.

Even though some of the “tools” aren’t done with efficiency in mind, they get the job done just fine. And with so many features to play with, it can be fun just to try out all the switches.

Netwox can be downloaded here.

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!

Today is the day. Whether you pre-ordered Windows 7, received a free upgrade voucher, or are purchasing it from your local retailer, one thing is for sure. It’s been a long wait. If you haven’t had the chance to play with the beta, RC, or RTM versions of Windows 7, then you’ve truly been missing out (assuming you’re a Windows user to begin with). It truly is a great step up, regardless of all the negative hype Vista had, Win7 holds its own on quality.

(more…)

One of the most expanded targets lately in vulnerability research is Adobe’s Flash. It has become a common everyday occurrence on the web; everything from banners, to games, to file uploads. It’s almost hard to find a mainstream site that doesn’t have some sort of flash application running somewhere within the domain. As a result it has become a target for many attacks. But one thing that hasn’t increased is the amount of time and checking that goes into the flash applications to ensure they are secure.

(more…)

GFI LanGuard 9 is a network / PC auditing tool. The tool does a pretty decent job of detecting machines on the network, devices, appliances, and other misc. items. It can also do a fairly deep scan of each local machine for installed software, installed patches, missing patches, open ports, and detecting vulnerabilities that are present. The “Quick Scan” option is fairly quick taking no longer than a minute or two for each machine, and the “Full Scan” no longer than 5-6 minutes per machine.

(more…)

Good File Transfer Protocol software can be hard to come by. Luckily there are some very good programs out there for those of us who like to throw data around using FTP. This is where WinSCP comes in– it handles all of your FTP needs perfectly, offering secure copy, secure FTP, and regular plain vanilla FTP (not recommended). With secure FTP, your sessions are encrypted, offering protection from packet sniffers and whatnot. WinSCP supports multiple sessions, saved configurations, handles the SSH host keys just fine, and integrates with the desktop so you can just drag and drop stuff in there all day.

And it’s free. It’s one of those programs that’s just solid all around.

Obligatory screen shot:

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!

In past blog posts, we’ve talked about how important it is to be aware of the encryption being used when communicating with your bank’s website or other sites where private information may be exposed. We’ve seen how web browsers try to help keep you on your toes, and we’ve encountered malicious programs that fool you into thinking your connection is secure when it’s not.

SSLPasswdWarning is a Firefox add-on designed specifically to avoid being tricked by something like sslstrip. If you click on or give focus to a password box, the add-on will examine the web page’s source to make sure that the password will be submitted using a secure connection. A warning box is shown, and the submission is halted if that is not the case. For instances when the site remembers your password and fills in the field for you, SSLPasswdWarning will also examine forms at the moment they are submitted.

Even if you feel like you cannot possibly be affected by programs like sslstrip, this add-on can make things more convenient for you. Sometimes, a website might present a login page that is not encrypted and only encrypt the password submission. Now, if you install this add-on, you can feel more comfortable about the security of your password without having to examine the page’s source code each time.

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!

The Windows utility Sandboxie runs applications in an isolated environment on your computer so you can protect yourself from malware, surf the web, and maintain your registry without affecting your host system. You can run a number of applications including Firefox and Outlook to protect your privacy and keep viruses and other potentially harmful changes from messing up your Windows machine.

Sandboxie is a good alternative to setting up a virtual machine, especially if you just want to run a quick test or two without having to wait for an entire operating system to boot up.

Each Thursday, Security Musings features a security-related technology or tool. Featured items do not imply a recommendation by Gemini Security Solutions. For more information about how Gemini Security Solutions can help you solve your security issues, contact us!