|
|
Home
|
Using commercial tools in Backtrack 3 |
|
|
|
Sunday, 02 November 2008 |
|
Page 1 of 4
In a previous article Linux-Tip explained how to install the current release (Backtrack 3 Final) in a virtual environment using VMWare. The goal was to run Backtrack 3 from the hard disk connected to a Wireless USB Adapter and to use the tool Kismet. It further explains how to collect valid wireless networks and to display them on Google Earth’s worldwide map system.
In this article we’ll show how to add Nessus and to use the already integrated SAINT vulnerability scanner and Maltego. We’ll update Fast-Track and will show how to use the web-based interface.
Step 1: Integrate the Nessus vulnerability scanner to your VMWare image
The Nessus Vulnerability Scanner is free to download and subscriptions for vulnerability updates from Tenable are available for two types of users: Home users and Professional Users. Commercial organizations which use the Nessus vulnerability scanner must purchase a ProfessionalFeed subscription to obtain support, updates to their database of vulnerability checks and compliance auditing. Home user will get it for free after registration. Please read the license agreement and to get further information. You will need a proper license to get it running. Make sure to receive it by e-mail.
We will use the Fedora Core 8 RPMs from the Tenable Homepage. Download it and store the package in the /home/tools directory.
Nessus-3.2.1-fc8.i386.rpm
NessusClient-3.2.1-fc8.i386.rpm
http://www.nessus.org/download/index.php
Secondly, we’ll use the tool rpm2tgz to convert the packages in a tgz-File. In a final step we will install Nessus using the Slakware command pkgtool. Your installation should look like this:
cd /home/tools
rpm2tgz Nessus-3.2.1-fc8.i386.rpm
rpm2tgz NessusClient-3.2.1-fc8.i386.rpm
|
pkgtool
Install packages from the current directory
Unfortunately Nessus is not running und will create errors while starting. It is necessary to adapt it like this:
cd /opt/
export PATH=$PATH:/opt/nessus/sbin:/opt/nessus/bin:
cp /usr/lib/libssl.so /lib
cp /usr/lib/libcrypto.so /lib
cp /opt/nessus/lib/libnessus.so.3 /lib
cp /opt/nessus/lib/libnessusrx.so.0 /lib
cp /opt/nessus/lib/libpcap-nessus.so.3 /lib
cd /lib
ln libssl.so libssl.so.6
ln libcrypto.so libcrypto.so.6
vi /etc/ld.so.conf
/opt/nessus/lib #add this line to the config file
ldconfig
/opt/nessus/sbin/nessus-mkcert
/opt/nessus/sbin/nessus-adduser
|
Run the Nessus server :
/opt/nessus/sbin/nessusd &
Start the client :
/opt/nessus/bin/NessusClient
Other useful commands:
The following command is used to update the Nessus scanner with the most recent plugins:
/opt/nessus/sbin/nessus-update-plugins
With the following command you can verify a successful download of the plugins.
cat /opt/nessus/lib/nessus/plugins/plugin_feed_info.inc
There is a new feature in version 3.0 where Nessus will now fetch the newest plugins on a regular basis automatically. Please check your system like this:
/opt/nessus/bin/nessus-fetch --check
Please check if the Nessus server is running and listening on port 1241 like this:
netstat -tulpe (see pictures below)
|
|
Who's Online
Virus Info Feed
Alexa Traffic Stats
|
