Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Integrating Nessus with BackTrack 5's Tools

BackTrack 5, code name "Revolution", is a very popular Linux distribution used primarily for penetration testing. It contains a lot of different tools for scanning, testing, and exploiting everything from web applications to wireless networks. Since the creators of BackTrack 5 included such a vast array of tools, I thought it would be interesting to show how some of those tools can be integrated with your Nessus server to extend functionality and import results.

Importing Nmap Results

There are many occasions where Nmap is used to scan specific hosts or a large network of hosts. The XML results from Nmap can be imported into Nessus and used as the basis for vulnerability scanning. If you are going to use Nmap results this way, you can disable Nessus's built-in port scanners and host identification functionality, relying solely on your Nmap results to perform the scan:

portscanners.png

Next you will need to download the "nmapxml.nasl" script from the Tenable web site to your plugins directory:

Downloadnmapxmlnasl_sm.png
Click for larger image

 

 

Next, re-index the plugins and restart Nessus, which will allow the new plugin to be read and show up in the "Preferences" tab:

reindex-restart_sm.png
Click for larger image

 

Once Nessus has restarted, you can import Nmap XML results using the following configuration screen:

Nmap-Import.png

For more information, see the article Using Nmap Within Nessus and the blog post Plugin Spotlight: Import Nmap XML Results Into Nessus.

When using this configuration, keep in mind that Nessus will only test the hosts and services reported by Nmap, even if you've specified additional targets when creating the scan.

Enabling Nikto

Nikto is a web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. You can download Nikto from the CIRT web site. The first step to enable Nikto is to modify "/pentest/web/nikto/nikto.pl" and change the "configfile" variable to "/pentest/web/nikto/nikto.conf":

nikto-mods-sm.png
Click for larger image

 

This allows you to run the "nikto.pl" command from outside of the /pentest/web/nikto directory. Next, add "/pentest/web/nikto" to the system path:

bashrc-mods-sm.png
Click for larger image

 

This will update the path for all services run on the host, which means when you start Nessus, nikto.pl will be in the path. The final step is to re-index the Nessus plugins (/opt/nessus/sbin/nessusd -y) and restart the Nessus service (/etc/init.d/nessusd restart). When you configure a policy, Nikto will be available in the preferences:

nikto-nessus-sm.png
Click for larger image

 

Using Hydra

Hydra is already installed in the system path, which means it is available to Nessus "out-of-the-box" in BackTrack 5. Menu options to configure Hydra exists in the Nessus preferences when a policy is configured:

hydra-nessus-sm.png
Click for larger image

 

 

You will need to supply your own username and password dictionaries. You can find some sample word dictionaries in the "/pentest/dictionaries" directory on the BackTrack 5 distribution. Be certain that you check "Always enable Hydra (slow)" in the Nessus configuration or Hydra will not run.

Conclusion

BackTrack 5 will save you some time by including all of the popular tools by default, which is quicker than downloading, installing and configuring all the tools yourself. Extending Nessus scans can come in handy when performing targeted scans against a small number of hosts. Use caution when enabling Nikto and Hydra to run scans against large networks, as they will add time to your scans. As for Nmap results, sometimes other people will run Nmap scans and want to enumerate vulnerabilities, and other times you may run Nmap yourself and decide later that a vulnerability scan is required, so the ability to import the results avoids duplication of effort.

References

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.