Archive for the tag 'Nessus'

SBDavid

Security Tools Nessus and Nikto

Nessus

The official website at the following URL: http://www.nessus.org/

Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.

Nikto

Nikto can be found at the following URL: http://cirt.net/nikto2

Nikto is an excellent common gateway interface (CGI) script scanner. Nikto not only checks for CGI vulnerabilities but does so in an evasive manner, so as to elude intrusion detection systems.

If you have Web servers serving up CGI scripts, Nikto can be an excellent resource for checking the security of these servers.

SBDavid

Nessus full-service security scanner

Nessus full-service security scanner

nessus - Remote network security auditor, the client

Nessus is a full-service security scanner. The plug-in architecture of Nessus allows users to customize it for their systems and networks. As with any scanner, Nessus is only as good as the signature database it relies upon. Fortunately, Nessus is frequently updated and features full reporting, host scanning, and real-time vulnerability searches. Remember that there could be false positives and false negatives, even in a tool as powerful and as frequently updated as Nessus.

For more information about Nessus, refer to the official website at the following URL: http://www.nessus.org/

Prerequisites

Tenable recommends a minimum of 256MB of memory to operate Nessus on a local “Class C” network. To conduct larger scans of multiple networks, at least 1 GB of memory is recommended, but it can require up to 4 GB

Installation on Red Hat and SUSE

Download the latest version of Nessus from http://www.nessus.org/download/.

Nessus is available for Red Hat ES 3, ES 4, and Fedora Core 4, and SUSE 9.3 and 10.0. Unless otherwise noted, all commands should be performed as the system’s root user.

Then, install it with the following command depending on your version:

# rpm –ivh Nessus-3.0.6-es3.i386.rpm

This will install Nessus into the directory /opt/nessus/.

Below is an example of the screen output for installation on Red Hat ES3:

# rpm –ivh Nessus-3.0.6-es3.i386.rpm
Preparing… ########################################### [100%]
1:Nessus ########################################### [100%]
nessusd (Nessus) 3.0.6 for Linux
(C) 1998 - 2007 Tenable Network Security, Inc.
Processing the Nessus plugins…

Please run /opt/nessus/sbin/nessus-adduser to add an admin user

Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins

You can start nessusd by typing /opt/nessus/sbin/nessusd -D -S [IPAddres]