NmapNessus

From Paul's Security Weekly
Revision as of 16:30, 17 January 2014 by Paul Asadoorian (Talk | contribs) (Nmap Speed Blog posting)

Jump to: navigation, search

Security Weekly iTunes Security Weekly on YouTube Security Weekly Feed Security Weekly Facebook Fan Page Follow Us On Twitter LinkedIN Blip.TV Google+

Link to Paul's Presentation: "Security Assessment Trends"

Audit/Penetration Testing Permission Slips

SANS Audit Policy - This one is from SANS and covers you as an employee of your organization, giving you permission to audit internal resources.

Pen Test Permission Slip - This one is from www.professionalsecuritytesters.org, a fantastic web site, and is geared towards the external penetration tester.

Nmap Speed Blog posting

Nmap For Speed Freaks

xsltproc Windows Port *NOT TESTED*

http://www.zlatkovic.com/libxml.en.html

UMIT Instructions & Tips

Episode 46 - UMIT Nmap GUI

Nmap Documentation

Nmap Documentation Homepage

The Unofficial Nmap Book

Secrets of Network Cartography: A Comprehensive Guide to Nmap

Current Nmap Parser Example

Episode 55 Tool Spotlight: Finding Vulnerable Hosts with Custom Scripting

Grep'ing the Nessus Plugins Directory

Normal grep does not work:

  1. grep RPC *

bash: /bin/grep: Argument list too long

Argument lists have a maximum value, depending on which version of UNIX/Linux:

  1. getconf ARG_MAX

131072

To grep long lists of files:

find . -name '*.nasl' -print0 | xargs -0 grep RPC

Memory allocation reference:

http://lists.gnu.org/archive/html/bug-fileutils/2001-10/msg00048.html

Nmap & Nessus Integration

Integrating Nmap & Nessus

Finding Wireless APs with Nessus Whitepaper

http://www.tenablesecurity.com/images/pdfs/wap-id-nessus.pdf