Escáner de redes de gratuito, NESSUS
 |
Nessus es una herramienta para el escaneo de redes y agujeros de seguridad en distintos sistemas operativos. Nessus además de escanear puertos escanea vulnerabilidades utilizando plugins, en constante actualización, escritos en NASL (Nessus Attack Scripting Language, Lenguaje de Scripting de Ataque Nessus por sus
siglas en inglés), un lenguaje scripting optimizado para interacciones en redes. Esta compuesto por dos partes cliente y servidor que normalmente se instalan en la misma maquina pero que pueden ser muy útiles por separado para gestión remota de seguridad de redes.
Tiene varias funciones de escaneo en las que se encuentra una muy potente denomina no segura, en la que utiliza diversos exploits esta función pueden causar caídas en sistemas o corromperlos, es recomendable usarla con mucho cuidado. Sus resultados pueden exportarse en mucho formatos, además se incluyen en una base de datos en la que se pueden comparar entre si. Nessus es compatible con los siguientes sistema operativos Linux, FreeBSD, Solaris, Mac OS X y Windows 2000, XP y 2003 (32 bits).
Aquí un ejemplo de un resultado de un escaneo realizado con Nessus:
http (80/tcp)
An attacker might use this flaw to make it crash or even execute arbitrary code on this host.
Solution: upgrade your software or contact your vendor and inform him of this vulnerability
Risk Factor : High
Plugin ID : 15642
Plugin ID : 11219
A web server is running on this port
Plugin ID : 10330
Synopsis :
Remote web server is not or badly configured
Description :
The remote web server seems to have its default welcome page set.
It probably means that this server is not used at all.
Solution:
Disable this service, as you do not use it
Risk Factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
Plugin ID : 11422
The following directories were discovered:
/cgi-bin, /icons, /manual
While this is not, in and of itself, a bug, you should manually
Other references : OWASP:OWASP-CM-006
Plugin ID : 11032
The remote web server type is :
Apache/1.3.33 (
Solution: You can set the directive ‘ServerTokens Prod’ to limit the information emanating from the server in its response headers.
Plugin ID : 10107
Synopsis :
The remote Apache server can be used to guess the presence of a given user name on the remote host.
Description :
When configured with the ‘UserDir’ option, requests to URLs containing a tilde followed by a username will redirect the user to a given subdirectory in the user home.
For instance, by default, requesting /~root/ displays the HTML contents from /root/public_html/.
If the username requested does not exist, then Apache will reply with a different error code. Therefore, an attacker may exploit this vulnerability to guess the presence of a given user name on the remote host.
Solution:
In httpd.conf, set the ‘UserDir’ to ‘disabled’.
Risk Factor :
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
CVE : CVE-2001-1013
BID : 3335
Plugin ID : 10766
ntp (123/udp)
It is possible to determine a lot of information about the remote host by querying the NTP (Network Time Protocol) variables – these include OS descriptor, and time settings.
It was possible to gather the following information from the remote NTP host :
version=’ntpd 4.1.1@1.786 Sun Mar 20 15:40:56 PST 2005 (1)’,
processor=’Power Macintosh’, system=’Darwin8.9.0′, leap=0, stratum=3,
precision=-18, rootdelay=127.663, rootdispersion=341.525, peer=63308,
refid=xx.xxx.xxx.xx, reftime=0xc9e1db36.0ad83c6c, poll=13,
clock=0xc9e1ef2f.94560c7c, state=4, offset=15.376, frequency=-12.998,
jitter=93.360, stability=1.789
Quickfix: Set NTP to restrict default access to ignore all info packets: restrict default ignore
Risk Factor : Low
Plugin ID : 10884
imap (143/tcp)
Synopsis :
An IMAP server is running on the remote host.
Description :
An IMAP (Internet Message Access Protocol) server is installed and running on the remote host.
Risk Factor :
None
Plugin output :
The remote imap server banner is :
* BYE [ALERT] Cannot connect to IMAP server connect error 10061
Plugin ID : 11414
smtp (25/tcp)
The SMTP server on this port answered with a 421 code.
This means that it is temporarily unavailable because it is overloaded or any other reason.
** Nessus tests will be incomplete. You should fix your MTA and
** rerun Nessus, or disable this server if you don’t use it.
Plugin ID : 18528
For some reason, we could not send the 42.zip file to this MTA
BID : 3027
Plugin ID : 11036
general/tcp
The remote host is running Mac OS X 10.4.9
Plugin ID : 11936
It is possible to crash the remote host by sending it an SCTP packet.
Description :
There is a flaw in the SCTP code included in Linux kernel versions 2.6.16.x that results in a kernel panic when an SCTP packet with an unexpected ECNE chunk is received in a CLOSED state. An attacker can leverage this flaw to crash the remote host with a single, possibly forged, packet.
See Also :
http://labs.musecurity.com/advisories/MU-200605-01.txt
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17
Solution:
Upgrade to Linux kernel version 2.6.17 or later.
Risk Factor :
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:N/A:C/I:N/B:N)
CVE : CVE-2006-2271
BID : 17910
Plugin ID : 21560
Más información y descarga de Nessus:
http://www.nessus.org
