Shopping Cart

No products in the cart.

OSTraining

Shopping Cart

No products in the cart.

OSTraining

Using Acunetix and Nessus

Steve Burge November 24, 2009
1 Comment

Good Day to you!

In my last article, I introduced you to NMAP, WIRESHARK and NETCAT. These fall in the category of diagnostics and troubleshooting. The next two tools known as vulnerability scanners. They check your server, code and in the case of the second tool – Accunetix  – it scans your “code” for such things as SQL Injection flaws and Cross site scripting.

NESSUS – Available from Nessus.org

This particular tool comes in a commercial and non-commerical flavor – the difference being when updates are delivered. This is a must have tool,  and you should consider validating your servers with it (AGAIN with proper legal permissions). Nessus can and often does uncover such things as out of date Apache or portions of the code base on your server that is vulnerable. What I like is they tie it back to the “CVE” or “Common Vulnerabilites Exposure” database thus allowing you to take specific action based on known vulnerabilities.

Here is an example of a vulnerability being discovered (Source: Nessus Client Guide (PDF) ):

In this you can see that a “security vulnerabilty exists in the Messenger service..” and it goes on to tell you your risk level, the CVE and other information.

Additionally Nessus has several plugin’s that adjust its test for the target server. For instance, you could restrict your test to a SUN platform or a Windows server. Or in the event of the likely choice of Apache and Linux, you could select only tests relevant to those environments. After the tests run, you will have a good baseline knowledge of what you need to update on your server.

Acunetix – Available from acunetix.com

This unlike the other tools is NOT GPL and is commerical. They offer a free (VERY LIMITED) version, and other options. Please see their website for more details. With SQL Injections and Cross site scripting coding errors being a real problem, these easy to take advantage of holes are everywhere. In fact here is a recent list of vulnerable Extensions for joomla.

2009-11-23  Joomla Component mygallery ( farbinform_krell) Remote SQL Injection Vuln
2009-11-21  Joomla Component Com_Joomclip (cat) SQL injection
2009-11-19  Joomla 1.5.12 RCE via TinyMCE upload vulnerability
2009-11-18  Joomla Ext. iF Portfolio Nexus SQL injection
2009-11-10  Joomla JReservation Joomla! Component ‘pid’ Parameter SQL Injection
2009-11-02  Joomla 1.5.12 Remote Code Execution via TinyMCE upload
2009-10-23  Joomla Photo Blog alpha 3 – alpha 3a SQL Injection
2009-10-23  Joomla Jshop SQL Injection
2009-10-19  Joomla JD-WordPress 2.0 RC2 remote file inclusion
2009-10-19  Joomla Book Library 1.0 file inclusion
2009-10-19  Joomla Ajax Chat 1.0 remote file inclusion
2009-10-07  Joomla Recerca component SQL Injection
2009-10-05  Joomla Soundset 1.0 SQL Injection
2009-10-05  Joomla CB Resume Builder SQL Injection
2009-09-28  Joomla IRCm Basic SQL Injection
2009-09-24  Joomla Fastball component 1.1.0-1.2 SQL Injection
2009-09-22  Joomla GroupJive 1.8 B4 Remote File Inclusion
2009-09-22  Joomla com_facebook SQL Injection
2009-09-22  Joomla/Mambo Tupinambis SQL Injection
2009-09-17  Joomla Component com_jreservation 1.5 (pid) Blind SQL Injection
2009-09-17  Joomla Component com_album 1.14 Directory Traversal Vulnerability
2009-09-16  Joomla Component com_jlord_rss (id) Blind SQL Injection
2009-09-16  Joomla com_foobla_suggestions (idea_id) SQL Injection Vulnerability
2009-09-15  Joomla Component com_djcatalog SQL/bSQL Injection Vulnerabilities
2009-09-14  Joomla Component AlphaUserPoints SQL Injection
2009-09-14  Joomla Component Turtushout 0.11 (Name) SQL Injection
2009-09-11  Joomla Hotel Booking System XSS/SQL Injection Multiple
2009-09-09  Joomla Component com_joomloc (id) SQL Injection Vulnerability
2009-09-09  Joomla Component TPDugg 1.1 Blind SQL Injection

That’s QUITE a list – and if you notice – it is primarily SQL Injections.

This tool, while expensive is worth it. This tool will scan an application or a site and provide a very comprehensive report on its flaws. One bad SQL Injection can ruin your day.

In the next article, I will discuss NMAP.

Until next time – Stay Safe…And Happy Thanksgiving!

Author

  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

    View all posts

Categories: Coding Tutorials
0 0 votes
Article Rating
Subscribe
Notify of
1 Comment
Oldest
Newest
Inline Feedbacks
View all comments
ronitarronitar
ronitarronitar
11 years ago

hello

I want people to cooperate with me in the hack

Do you have the possibility to penetrate websites and pull data from the site

Can you handle security Iigrat in sites

Do you have stolen credit cards or PayPal Robbed

I have idea can be applied to earn a lot of money

If you are interested please you add the following

e-mail : ronitarronitar@gmail.com -ronitarronitar@yahoo.com

or

skype : ronitarronitar

thanks

0
1
0
Would love your thoughts, please comment.x
()
x

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .