Good Day to you!
In my last article, I introduced you to NMAP, WIRESHARK and NETCAT. These fall in the category of diagnostics and troubleshooting. The next two tools known as vulnerability scanners. They check your server, code and in the case of the second tool – Accunetix – it scans your “code” for such things as SQL Injection flaws and Cross site scripting.
NESSUS – Available from Nessus.org
This particular tool comes in a commercial and non-commerical flavor – the difference being when updates are delivered. This is a must have tool, and you should consider validating your servers with it (AGAIN with proper legal permissions). Nessus can and often does uncover such things as out of date Apache or portions of the code base on your server that is vulnerable. What I like is they tie it back to the “CVE” or “Common Vulnerabilites Exposure” database thus allowing you to take specific action based on known vulnerabilities.
Here is an example of a vulnerability being discovered (Source: Nessus Client Guide (PDF)
In this you can see that a “security vulnerabilty exists in the Messenger service..” and it goes on to tell you your risk level, the CVE and other information.
Additionally Nessus has several plugin’s that adjust its test for the target server. For instance, you could restrict your test to a SUN platform or a Windows server. Or in the event of the likely choice of Apache and Linux, you could select only tests relevant to those environments. After the tests run, you will have a good baseline knowledge of what you need to update on your server.
Acunetix – Available from acunetix.com
This unlike the other tools is NOT GPL and is commerical. They offer a free (VERY LIMITED) version, and other options. Please see their website for more details. With SQL Injections and Cross site scripting coding errors being a real problem, these easy to take advantage of holes are everywhere. In fact here is a recent list of vulnerable Extensions for joomla.
2009-11-23 Joomla Component mygallery ( farbinform_krell) Remote SQL Injection Vuln
2009-11-21 Joomla Component Com_Joomclip (cat) SQL injection
2009-11-19 Joomla 1.5.12 RCE via TinyMCE upload vulnerability
2009-11-18 Joomla Ext. iF Portfolio Nexus SQL injection
2009-11-10 Joomla JReservation Joomla! Component ‘pid’ Parameter SQL Injection
2009-11-02 Joomla 1.5.12 Remote Code Execution via TinyMCE upload
2009-10-23 Joomla Photo Blog alpha 3 – alpha 3a SQL Injection
2009-10-23 Joomla Jshop SQL Injection
2009-10-19 Joomla JD-WordPress 2.0 RC2 remote file inclusion
2009-10-19 Joomla Book Library 1.0 file inclusion
2009-10-19 Joomla Ajax Chat 1.0 remote file inclusion
2009-10-07 Joomla Recerca component SQL Injection
2009-10-05 Joomla Soundset 1.0 SQL Injection
2009-10-05 Joomla CB Resume Builder SQL Injection
2009-09-28 Joomla IRCm Basic SQL Injection
2009-09-24 Joomla Fastball component 1.1.0-1.2 SQL Injection
2009-09-22 Joomla GroupJive 1.8 B4 Remote File Inclusion
2009-09-22 Joomla com_facebook SQL Injection
2009-09-22 Joomla/Mambo Tupinambis SQL Injection
2009-09-17 Joomla Component com_jreservation 1.5 (pid) Blind SQL Injection
2009-09-17 Joomla Component com_album 1.14 Directory Traversal Vulnerability
2009-09-16 Joomla Component com_jlord_rss (id) Blind SQL Injection
2009-09-16 Joomla com_foobla_suggestions (idea_id) SQL Injection Vulnerability
2009-09-15 Joomla Component com_djcatalog SQL/bSQL Injection Vulnerabilities
2009-09-14 Joomla Component AlphaUserPoints SQL Injection
2009-09-14 Joomla Component Turtushout 0.11 (Name) SQL Injection
2009-09-11 Joomla Hotel Booking System XSS/SQL Injection Multiple
2009-09-09 Joomla Component com_joomloc (id) SQL Injection Vulnerability
2009-09-09 Joomla Component TPDugg 1.1 Blind SQL Injection
That’s QUITE a list – and if you notice – it is primarily SQL Injections.
This tool, while expensive is worth it. This tool will scan an application or a site and provide a very comprehensive report on its flaws. One bad SQL Injection can ruin your day.
In the next article, I will discuss NMAP.
Until next time – Stay Safe…And Happy Thanksgiving!