NmapNessus

From Paul's Security Weekly
Revision as of 12:30, 17 January 2014 by Paul Asadoorian (Talk | contribs)

Jump to: navigation, search
Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis

SANS Las Vegas from October 26-27th will debut a new course titled "Embedded Device Security Assessments for the Rest of Us" which will teach students how to assess embedded systems of all varieties on pen tests and in your duties as a security professional. Register Here


Security Weekly iTunes Security Weekly on YouTube Security Weekly Feed Security Weekly Facebook Fan Page Follow Us On Twitter LinkedIN Blip.TV Google+

Link to Paul's Presentation: "Security Assessment Trends"

Audit/Penetration Testing Permission Slips

SANS Audit Policy - This one is from SANS and covers you as an employee of your organization, giving you permission to audit internal resources.

Pen Test Permission Slip - This one is from www.professionalsecuritytesters.org, a fantastic web site, and is geared towards the external penetration tester.

Nmap Speed Blog posting

Nmap For Speed Freaks

xsltproc Windows Port *NOT TESTED*

http://www.zlatkovic.com/libxml.en.html

UMIT Instructions & Tips

Episode 46 - UMIT Nmap GUI

Nmap Documentation

Nmap Documentation Homepage

The Unofficial Nmap Book

Secrets of Network Cartography: A Comprehensive Guide to Nmap

Current Nmap Parser Example

Episode 55 Tool Spotlight: Finding Vulnerable Hosts with Custom Scripting

Grep'ing the Nessus Plugins Directory

Normal grep does not work:

  1. grep RPC *

bash: /bin/grep: Argument list too long

Argument lists have a maximum value, depending on which version of UNIX/Linux:

  1. getconf ARG_MAX

131072

To grep long lists of files:

find . -name '*.nasl' -print0 | xargs -0 grep RPC

Memory allocation reference:

http://lists.gnu.org/archive/html/bug-fileutils/2001-10/msg00048.html

Nmap & Nessus Integration

Integrating Nmap & Nessus

Finding Wireless APs with Nessus Whitepaper

http://www.tenablesecurity.com/images/pdfs/wap-id-nessus.pdf