Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: vulnerability scanning

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    23

    Default vulnerability scanning

    hi
    i was wondering what is the best vulnerability scanning tool in bt4 i been using nessus to scan my network and it works great but when i scan my other computers external ip that is not hooked up to a network it wont grab any open ports i no ports are open on it and it has some vulnerabilitys

  2. #2
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    So, are you scanning over the internet? If the box is behind a router or firewall, you won't be able to "see" the open ports.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    23

    Default

    i disabled my firewall and don't have a router hooked up

  4. #4

    Default

    hi,

    don't just use fancy gui's to start with vulnerability scanning - start with nmap on the commandline
    like:
    nmap -n -sS x.x.x.x

    especially if you don't see any status - you have to watch for the packets coming back.
    So just press ? during your nmap commandline usage and use the v/d/p switches!

    Very good to learn first the basics about scanning and not using tools like nessus.
    Recommended basics about all the different scanning techniques:
    nmap-secrets-training-course by professor messer (just past it into google)

  5. #5
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    23

    Default

    ok cool thanks i will do that.

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by brtw2003@gmx.net View Post
    hi,

    don't just use fancy gui's to start with vulnerability scanning - start with nmap on the commandline
    like:
    nmap -n -sS x.x.x.x
    This really depends on whether you want to perform vulnerability scanning or port scanning. That command above is port scanning (TCP Syn scanning specifically). Its going to identify open TCP ports within a certain range on the given hosts, but not the services running on them or any vulnerabilities on those ports.

    NMap is great at port scanning, and service and operating system identification. It has some basic vulnerability scanning capability when extended with NSE scripts (these allow a greater level of customised interaction with each identified service).

    To use nmap to perform service identification, use the -sV switch, and the -sC or --script switches to run NSE scripts.

    Nessus is a vulnerability scanner, and a pretty good one too. The plugins for it (which provide the ability to scan for particular vulnerabilities) are not completely free however. As an alternative to Nessus, OpenVAS is a completely free vulnerability scanner, featuring open source software and free plugins. It doesn't perform as many checks as Nessus (the last time I checked around 10,000 plugins for OpenVAS from the official feed and about 25,000 for Nessus, although a simple count of plugins may not be the best comparison of quality). There are other commercial scanners as well, SAINT is one (a basic version is included in BT4) GFI LanGuard another.

    To the OP, if you want to learn vulnerability scanning, Id suggest going with Nessus, but it is worthwhile to start with port scanning and service identification first.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    23

    Default

    thanks you guys been very helpful!

  8. #8
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by fullyloaded View Post
    hi
    i was wondering what is the best vulnerability scanning tool in bt4 i been using nessus to scan my network and it works great but when i scan my other computers external ip that is not hooked up to a network it wont grab any open ports i no ports are open on it and it has some vulnerabilitys
    If it's not hooked up to a network how does it have an external IP?

    Quote Originally Posted by lupin View Post
    To use nmap to perform service identification, use the -sV switch, and the -sC or --script switches to run NSE scripts.
    I'm pretty sure nmap defaults to running scripts, you should only need -sC or --script if you want a specific script. (At least this seems to be true of the version of nmap included with BT3 ... maybe this has been changed in more recent versions.).
    Edit: Just checked on my windows box and as of version 4.68 you don't need to specify -sC or --scripts to have scripts run. (Now I just wish I could figure out how to disable them. The only solution I know of is to specify --script=none and then it errors when it can't find a script called "none".)
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #9
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by thorin View Post
    I'm pretty sure nmap defaults to running scripts, you should only need -sC or --script if you want a specific script. (At least this seems to be true of the version of nmap included with BT3 ... maybe this has been changed in more recent versions.).
    Edit: Just checked on my windows box and as of version 4.68 you don't need to specify -sC or --scripts to have scripts run. (Now I just wish I could figure out how to disable them. The only solution I know of is to specify --script=none and then it errors when it can't find a script called "none".)
    Yeah thats right, particular scripts will run if you have detected a relevant port or service (with port or service scanning) for them to run against. Thanks for the clarification.

    Edit: Just tried this on nmap 4.85 Beta 7 on Windows. I did some basic tests using a Connect scan (-sT) but could only get nmap to run scripts when using service detection (-sV) or specifying to run scripts manually (-sC). I used the -vvvv (overkill on verbose) to obtain command line notification of when scripts were being run. This result seems to coincide with the nmap scripting engine documentation which states that version detection category scripts are run when version detection is enabled.

    Do we chalk this behavior up to a version difference or did you run some other sort of scan?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    That might make sense, I almost always run with -sV or -A.

    So now I still need to figure out a way to do version detection and not scripts.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •