与OpenVAS踢VAS!

推特可以用来做一些无用的消磨时间的事情。比如一个古灵精怪的名人会怎么想用狗毛刷给一只猫梳毛，或者是一串没完没了的人们在网上发布歌曲。好的，我明白了!你喜欢斯潘道芭蕾舞(取消关注)。如果你在推特上关注我，我也会公平地分享(和一些)愚蠢的推文。从我对In N Out汉堡和大力水手的鸡肉的喜爱，到睡眠不足、咖啡因刺激的大脑。我发推特的真正原因是我可以分享我在做研究时发现的技术信息或我在这个领域遇到的东西，并希望从其他人那里收集一些信息。比如很酷的工具或者bug等等。Twitter非常适合提供真实的实时信息。前几天，我收到了我最喜欢的人的一条推特，强烈推荐我关注他。现在奥勒查尔斯是一个聪明的家伙，即使他不同意我的烟花…他来自加州，所以我放了他一马。我们一直在互相交换信息。他给我发了一条推特，问我是否尝试过OpenVAS。 At first I thought he meant OpenVMS and I thought, ummmm...yeah Dude back in the 90's love that DCL! (I still believe that OpenVMS clustering is some of the best out there) A quick trip to http://www.openvas.org/ made me start to see why Charles was so jammed on this code base. OpenVAS is a fork of the infamous Nessus project and at one time was called GNessus. Instead of downloading it, I took a short cut and just config'ed it up on my BackTrack4 machine. http://www.backtrack-linux.org/downloads/ I have seen OpenVAS in the BackTrack4 menu options before but I am not to big on noisy scanners. I do more with NMAP Metasploit and W3af but when it comes to a broad noisy assessment, customers (goober managers and bean counters) like the cool print outs that Nessus along with some custom NASL scripts gives me. However with Nessus going to a commercial licensing model folks like me have been using version 2.2 for a loooooooooong time! I can use a replacement for sure. To be honest, I ain't paying for Nessus when I can pay Core Impact. Come on OpenVAS!!! OpenVAS is a client-server design, which I like for a vuln scanner. There are 3 mandatory components; Client, Server and Libraries plus two optional modules but you also should install; administrator and management. Remember OpenVAS is a fork of Nessus so some of the stuff you already know carries over. The only real OpenVAS bummer is that is has quite a few dependencies and it is not packaged. Being integrated in BT4 is just what I am looking for to keep out of dependency jail which is equal to discussing politics with your in-laws. I started config'ing. The documentation for developing on OpenVAS is excellent, getting it up and going is a different animal. Lucky for me there is a great You Tube video on getting OpenVAS up and kicking by a Dude named; H34dcr4b http://www.youtube.com/watch?v=wpVSdXfmAYU plus he has some...other things you may like... After getting the server started; which can take some time depending upon how many Network Vulnerability Test (NVT) you have. NVT's are kinda like NASL scripts which is very cool since I do not have to learn a new methodology for scripting. NASL sucks enough as it is. I launched the client and connected to the server on port 9390. The GUI interface is very nice, snappy and super easy to use. I used the client scan assistant tool to run a few test in safe mode. I ran the MS RPC buffer overflow, A bunch of PHP test because I loathe PHP, SPAM and DNS Zone Transfers. OpenVAS passed with flying colors. I am still testing a few other things but I think I have found my new scanner! I am very impressed with OpenVAS and can see why Charles was so pumped up about it. I would highly recommend any security geek type person to give OpenVAS a test drive. It has a strong community behind it and I believe it is going to keep getting better and better. Now it is time for me Tweet about my breakfast cereal choice this morning and how I like to spell out network terms with my Alpha Bits...I just wish they had a hexadecimal version... Jimmy Ray Purser Trivia File Transfer Protocol The saltiest lake in the world is not the Dead Sea it is actually Lake Asaal in Djibouti. Man, I wish it was in a place I know how to pronounce..