Nessus + security scanning engines ..

Friday, 7 October 2005

Security Scanners

After reading that Nessus is becoming non-free [/. link] I spent a while playing with some simple scripting tools.

There are two things you want with a security tester:

  • A good GUI.
  • A good engine.

If you have the right kind of scriptable engine you can do all you security tests via scripts. That’s clever. That’s sensible. That is hard.

For fun I figured it would be interesting to see what kind of testing you could perform with minimal primitives.

Turns out you can do a fair bit if you only expose HTTP GETs. Suprised? I was…

I wrote a brief C++ interface between LUA and LibCURL which calls the function “test_host( host, port )” on an arbitary number of LUA scripts. This allows simple tests to be made easily:

Trivial scripts. Trivial code. Semi-useful result?

I guess to make it more useful you’d want to have a port scanning tool, along with some more socket primitives (e.g. Send “xxx”, look for “yyy” in the results).

The code is available if you wish to play and the LUA interface could be improved fairly easily…

I’m tempted to keep working on it, but I have little experience in writing the kind of tests that are required – and to be honst I guess the more productive thing is for interested parties to fork nessus ..

| No comments



Recent Posts

Recent Tags