NmapNessus

From PaulDotCom Security Weekly

Contents 1 Link to Paul's Presentation: "Security Assessment Trends" 2 Audit/Penetration Testing Permission Slips 3 Nmap Speed Blog posting 4 xsltproc Windows Port *NOT TESTED* 5 UMIT Instructions & Tips 6 Nmap Documentation 7 The Unofficial Nmap Book 8 Current Nmap Parser Example 9 Grep'ing the Nessus Plugins Directory 10 Nmap & Nessus Integration 11 Finding Wireless APs with Nessus Whitepaper

Link to Paul's Presentation: "Security Assessment Trends"

• WIP* Security Assessment Trends

Audit/Penetration Testing Permission Slips

SANS Audit Policy - This one is from SANS and covers you as an employee of your organization, giving you permission to audit internal resources.

Pen Test Permission Slip - This one is from www.professionalsecuritytesters.org, a fantastic web site, and is geared towards the external penetration tester.

Nmap Speed Blog posting

Nmap For Speed Freaks

xsltproc Windows Port *NOT TESTED*

http://www.zlatkovic.com/libxml.en.html

UMIT Instructions & Tips

Episode 46 - UMIT Nmap GUI

Nmap Documentation

Nmap Documentation Homepage

The Unofficial Nmap Book

Secrets of Network Cartography: A Comprehensive Guide to Nmap

Current Nmap Parser Example

Episode 55 Tool Spotlight: Finding Vulnerable Hosts with Custom Scripting

Grep'ing the Nessus Plugins Directory

Normal grep does not work:

1. grep RPC *

bash: /bin/grep: Argument list too long

Argument lists have a maximum value, depending on which version of UNIX/Linux:

1. getconf ARG_MAX

131072

To grep long lists of files:

find . -name '*.nasl' -print0 | xargs -0 grep RPC

Memory allocation reference:

http://lists.gnu.org/archive/html/bug-fileutils/2001-10/msg00048.html

Nmap & Nessus Integration

Integrating Nmap & Nessus

Finding Wireless APs with Nessus Whitepaper

http://www.tenablesecurity.com/images/pdfs/wap-id-nessus.pdf