Friday, January 14, 2005

Scanners

I was working up a blog entry system monitoring, but it started to get lengthy. I thought I'd just start by breaking out some of the items I'd collected, in particular, scanners.

First, a caveat. Scanners are tools, and like any tool, has a use. Many freeware and open-source scanners are very powerful, but the real power lies in the fact that they're configurable. This means that rather than paying for and running a commercial tool that you have no idea what it does. Unfortunately, far too many people download the freeware and open-source stuff, run it, and if it doesn't pop up any high-risk vulnerabilities, they proclaim the system secure. Not good.

ATK 4.0
ATK is an open-source security scanner and exploit framework for Windows, from Marc Ruef. This tool is similar to Nessus, in that it provides a framework for running user-defined checks known as "plugins", but it runs on Windows. ATK even includes experimental support for Nessus plugins. Marc even provides a link to a separate tool for creating ATK plugins. I originally took a look at ATK when it was version 2...I definitely need to go back and take a look at the latest version.

NTOInsight
NTOInsight is a freeware web site crawler available from JD Glaser. NTOInsight lets you take a look at the architecture of your web site. By being able to see the content exposed by your web site, you have a better chance of mitigating exposures. While NTOInsight is a command line tool, the output is in a graphical format that's easier to analyze and understand. One other thing...if you've never seen JD present, sign up for a conference that's he's going to be presenting at, and go. Seriously.

Wikto
This is a Windows-based tool that scans a host for all entries in the Google Hacking Database , which includes full web-based vulnerability scanning. Definitely a good place to start. Note that Wikto requires the .NET framework to run. Even so, Wikto has a lot of very powerful features. All I can say is, take a look.

Nessus/NeWT
NeWT is a Windows version of the Nessus scanner. It's a powerful tool for scanning systems...powerful in the sense that it provides a framework for writing plugins thattest security. If you don't have a Linux system that you can install Nessus on, take alook at NeWT...it uses the same plugins that Nessus does. The freeware version is limited to the local subnet, but it's still worth the time to take a look.

Nessus is one of those tools I was talking about above. I've seen far too many people blindly run the tool, and send off the PDF output of the report. Folks, tools like this are configurable for a reason. I was in one environment in which Nessus scans, without credentials, would return 9 warnings, all relating to null session enumeration. Why not lower the noise, and remove plugins 2 thru 9, and rewrite the output of the first one. Nessus and ATK plugins are basically text files, which means that you can not only open them and read them, but lo and behold, you can edit them as well!

SiteDigger 2.0
FoundStone recently released an updated version of their SiteDigger tool, which goes through the Google cache looking for "vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites." It sounds very cool, and very useful.

Okay, this is just a cursory list, so please don't think that it's complete. I'm sure that there are more out there. But let me tell you, before you flood me with email, keep one thing in mind...I'm focusing on free- or shareware tools, preferably open source, that run on Windows. I'm not blogging just so that I can repeat what the Linux guys say, okay?

No comments: