An Overview of Open Source Security - Vulnerability detection and exploitation
(Page 2 of 5 )
Vulnerability detection and exploitation tools are used to identify areas of weakness on a network, and to attempt to exploit these weaknesses in order to assess the strength of the network’s defences.
Nessus
Despite recent question marks over Nessus’ open source credentials, as the world’s most widely used and highly rated vulnerability scanner it demands to be included in any discussion of security tools. It contains four built-in port scanners, integration with other scanners such as Nmap, and a wide range of exploits and vulnerability tests.
The engine itself is available as a free open source download. However, the exploit plugins are distributed under a subscription license arrangement, only becoming available to the public for free a week after their release. This means that there is a cost involved in getting the most out of Nessus. Of course if you don’t need instant support and to have the latest plugins available at all times, then Nessus is probably the best free vulnerability testing software to be found.
Nmap is one of the first items in any open source toolkit. It is used to identify the computers and services on a network, deriving its name from the network map it constructs. It can list open ports, identify passive services (those that don’t advertise themselves), and interrogate for many details about the hosts it discovers, for example: operating system, uptime, installed software and version numbers, and the presence of certain firewalls. Nmap is a useful tool for identifying the servers that are running on a network, particularly unauthorized ones. Like most network analysis tools, it can be used equally well by attackers as those attempting to secure the network.
Originally developed as a game, Metasploit has grown to become one of the most sophisticated security vulnerability reporting tools available. Not strictly a security implementation tool in the conventional sense of the word, its most widely known module is in fact a framework for the development of exploit code. This makes it potentially as useful to hackers as to administrators. However, it does facilitate the thorough testing of publicly advertised vulnerabilities in widely used packages. This, along with the widespread take-up of the platform, has brought a new level of consistency and reliability to security research.
