Vulnerability scanners

Technical issues/questions of an intermediate or advanced nature.
User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Vulnerability scanners

Post#1 by Rava » 16 Dec 2018, 22:19

Would it make sense to add all recommened ones from
https://linuxsecurity.expert/security-t ... y-scanners or just a selection?
Or add ones that the article omits?
I want to create one Module that turns Port into a vulnerability, security and network scanner.

brokenman replied to this post (in a different thread)
brokenman wrote:
15 Dec 2018, 17:25
Great initiative! No harm in including them all.
The issue, due to RL I currently not have that much free time. I tried getting as much as I can just via usm but the result is quite... tiny. :(

I want to add chkrootkit and rkhunter. (In the past I always tended more towards the later, but I also thought that it updates only on rare occasions. :( )

I only today found out about ISPProtect. Does anyone know how good that is? Sadly (see below) it is one of the many programs usm does not find.

These are the not found via usm:

Code: Select all

Nothing found for ISPProtect

 Nothing found for:  arch-audit 
 Nothing found for:  Archery 
 Nothing found for:  BDA 
 Nothing found for:  CMSmap 
 Nothing found for:  Dagda 
 Nothing found for:  flunym0us 
 Nothing found for:  Intrigue 
 Nothing found for:  JexBoss 
 Nothing found for:  Prowler 
 Nothing found for:  Safety 
 Nothing found for:  salt-scanner 
 Nothing found for:  Tulpar 
 Nothing found for:  vane 
 Nothing found for:  VScan 
 Nothing found for:  Vuls 
 Nothing found for:  vulscan 
 Nothing found for:  w3af 
 Nothing found for:  Wapiti 
 Nothing found for:  Whitewidow 
 Nothing found for:  Yasuo 
Does anyone know about a script that is able to tell the newest versions of a package available for any Linux distros (it just has to split between 32 or 64 bit)

This would help a lot when you have to check a dozen packages if usm gives a recent version, or an outdated one...


Also most probably nil found:

Code: Select all

root@porteus:/5/Porteus_modules/vulnerability-scanners# usm -g Bash Scanner 
find: `/tmp/xdg-runtime-guest/gvfs': Permission denied

 The following items were found.
 Choose an number to confirm. 
 ctrl+c to quit

1) bash-4.3.046-x86_64-1.txz		4) bashish-2.2.4-x86_64-1_slonly.txz
2) bash-completion-2.2-noarch-3.txz	5) bashrun-0.16.1-noarch-1_slonly.txz
3) bashdb-4.4_0.92-noarch-1_slonly.txz	6) bashrun2-0.2.2-x86_64-3_slonly.txz

Unsure with nmap, have not used it in ages:And

Code: Select all

nmap
1) nmap-7.12-x86_64-1.txz
#? 1

Processing:   nmap-7.12-x86_64-1.txz 
Ignored libraries: 

Libraries required:  8
Libraries found in system: 7
Libraries to resolve: 1

Processing library: libnl.so.1


Processing:   libnl-1.1.4-x86_64-1.txz 
Ignored libraries: 

Libraries required:  2
Libraries found in system: 2
Libraries to resolve: 0

Which library and why. But with nmap I presume someone else might already made a recent module with only the bare minimum of libraries. (Hopefully)

Code: Select all

1) openvas-cli-1.4.5-x86_64-1_slonly.txz
2) openvas-libraries-8.0.9-x86_64-1_slonly.txz
3) openvas-manager-6.0.11-x86_64-1_slonly.txz
4) openvas-scanner-5.0.8-x86_64-1_slonly.txz
??? Which one to choose, any why.


So, what I do have looks just like so:

Code: Select all

-rw-r--r-- 1 root   311296 2018-12-16 21:00 chkrootkit-0.52-x86_64-1_slonly.xzm
-rw-r--r-- 1 root   541564 2013-07-30 23:15 libnl-1.1.4-x86_64-1.txz
-rw-r--r-- 1 root   237568 2018-12-16 21:08 lynis-2.6.6-x86_64-1_slonly.xzm
-rw-r--r-- 1 root  5634244 2016-04-09 06:02 nmap-7.12-x86_64-1.txz
-rw-r--r-- 1 root  7385088 2018-12-16 21:09 nmap-7.12-x86_64-bundle.xzm
-rw-r--r-- 1 root   410788 2012-09-04 19:58 pygobject-2.28.6-x86_64-2.txz
-rw-r--r-- 1 root   249856 2018-12-16 21:01 rkhunter-1.4.6-x86_64-1_slonly.xzm
In case you wonder why the nmap and its dependencies are double, it is so that I could try and make a smaller end module by just having the really needed dependencies.


Conclusion
From the long list in the above linked article, with the 3 added ones, I only have managed to get these via usm:
chkrootkit-0.52-x86_64-1_slonly.xzm
lynis-2.6.6-x86_64-1_slonly.xzm
nmap-7.12-x86_64-bundle.xzm
rkhunter-1.4.6-x86_64-1_slonly.xzm

As I already said, I most probably will not have much free time the next weeks and months due to RL... so unless someone jumps in to help with this project it will be either dead or dormant for a time. :(
Cheers!
Yours Rava

User avatar
Ed_P
Contributor
Contributor
Posts: 8341
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 5.01 ISO
Location: Western NY, USA

Re: Vulnerability scanners

Post#2 by Ed_P » 17 Dec 2018, 18:02

As for which ones to use, this quote at the bottom of your scanners page sounds like a good approach.
https://linuxsecurity.expert/security-tools/vulnerability-scanners wrote:Highlighted tools based on their strenghts

Some of the vulnerability scanners have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.
» All-rounder = OpenVAS
» Easy to use = Lynis
» Low on requirements = Lynis

Other related category: Linux vulnerability scanning tools
And as you found, Lynis is on USM so easy to create a module and test.

And so is OpenVAS!!

Code: Select all

guest@porteus:~$ su
Password: 
root@porteus:/home/guest# usm -g openvas

 The following items were found.
 Choose an number to confirm. 
 ctrl+c to quit

1) openvas-cli-1.4.5-x86_64-1_slonly.txz
2) openvas-libraries-8.0.9-x86_64-1_slonly.txz
3) openvas-manager-6.0.11-x86_64-1_slonly.txz
4) openvas-scanner-5.0.8-x86_64-1_slonly.txz
As for which one is best, have USM make the 4 modules and try each one.
:)


-update-

Or try OpenVAS's livedemo. http://www.openvas.org/download.html
Ed

User avatar
Ed_P
Contributor
Contributor
Posts: 8341
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 5.01 ISO
Location: Western NY, USA

Re: Vulnerability scanners

Post#3 by Ed_P » 20 Dec 2018, 05:05

You seem to be active of late Rava. How's the vulnerability scanner testing going? Which modules have you tried?
Ed

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Re: Vulnerability scanners

Post#4 by Rava » 20 Dec 2018, 06:15

I personally will not do much scanning since you need to have a different net provider, scanning your own network using the same provider and IP from inside is not making much sense.
Cheers!
Yours Rava

User avatar
Ed_P
Contributor
Contributor
Posts: 8341
Joined: 06 Feb 2013, 22:12
Distribution: Cinnamon 5.01 ISO
Location: Western NY, USA

Re: Vulnerability scanners

Post#5 by Ed_P » 20 Dec 2018, 06:37

Rava wrote:
20 Dec 2018, 06:15
I personally will not do much scanning since you need to have a different net provider, scanning your own network using the same provider and IP from inside is not making much sense.
So there is no need for this request? :%)
Rava wrote:I want to create one Module that turns Port into a vulnerability, security and network scanner.
Ed

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Re: Vulnerability scanners

Post#6 by Rava » 20 Dec 2018, 11:24

Ed_P wrote:
20 Dec 2018, 06:37
Rava wrote:
20 Dec 2018, 06:15
I personally will not do much scanning since you need to have a different net provider, scanning your own network using the same provider and IP from inside is not making much sense.
So there is no need for this request? :%)
Rava wrote:I want to create one Module that turns Port into a vulnerability, security and network scanner.
Hmmm I thought I posted this article in General Intermediate/Advanced User Questions and not in x86_64 xzm module requests

So, where does your confusion comes from? From which part of this thread you read a request by me for someone else making a module for me?

Do you understand the difference between a x86_64 xzm module requests and General Intermediate/Advanced User Questions at all?
I always thought you being a native tongue.

Your post is not helpful for the question posted here. Either add something helpful, or, according to the ways moderators work on this forum (you recall, we had discussed this very stuff just yesterday), stop harassing me and leave the discussion to other people who have something of value to the Intermediate/Advanced User Question posted here.

Also, look here about what brokenman wrote in another thread:
brokenman wrote:
17 Dec 2018, 00:35
Tonight I am busy fixing bugs for our next version. When I get a minute I will generate a list of packages I would want in a pen test module.
Funny that you quoted from the other post of brokenman, but omit this very post just a few posts down.
Cheers!
Yours Rava

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Re: Vulnerability scanners

Post#7 by Rava » 20 Dec 2018, 12:08

n0ctilucient wrote:
20 Dec 2018, 12:02
Vulscan...
http://slakfinder.org/index.php?act=sea ... e=#results

You might find more @ http://slackfinder.org
(Highlighting by me)
Is it http://slackfinder.org or http://slakfinder.org ?
http://slackfinder.org

Hmm. We’re having trouble finding that site.
We can’t connect to the server at www.slackfinder.org.
If that address is correct, here are three other things you can try:
  • Try again later..
  • Check your network connection..
  • If you are connected but behind a firewall, check that Firefox has permission to access the Web.
___________________

Hmmm why is slakfinder not part of usm? Seems it finds more than usm does.
Cheers!
Yours Rava

User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Re: Vulnerability scanners

Post#8 by Rava » 20 Dec 2018, 12:37

^
To be honest I don't get why they did not use slackfinder.org since the Linux variant is called slackware and the URL is obviously not taken and most probably not even reserved and not slakware.

<_<
>_>
<_<
Maybe they believe slakware is moar kuul cause you know, eh bro, Flak and all. A pun. Hö Hö, on Flak and Slack. Get is. So hilarious. </irony> facepalmonator.com
Cheers!
Yours Rava

Post Reply