Tuesday, February 10, 2004

Knoppix/Nessus Vulnerability Scanner

A free tool lets you scan the Internet for security holes

On today's show I'll show you Nessus, a free, open-source vulnerability scanner that runs on Linux. Nessus scans a target IP address for holes, back doors, and various exploits.

When Nessus finishes a scan, it creates a formatted HTML report on the target IP. The report lists the target's weaknesses for you to hack or repair.

Not for newbies

Nessus is my favorite vulnerability scanner, but Linux newbies may find Nessus difficult to configure and get running. To make things easier, you need Knoppix, a free distribution of Linux that comes with Nessus preinstalled. All you have to do is burn the Knoppix image to a CD and then boot from the CD.

Need your help

The demand for Knoppix STD has been tremendous. The Knoppix STD site needs your help. If you can host a mirror, send an email to the Knoppix STD site administrator.

Steps to run Nessus

Download Knoppix STD (600MB download)
You want the Security Tools Distribution of Knoppix. Download the ISO file and save it to your Desktop. If you can't get the download from the link above, try these mirror sites.

Burn Knoppix
Fire up Nero and choose Burn Image from the File menu. Select the ISO image and click Burn. (Make sure the "finalize CD" box is checked.)

Boot from the Knoppix CD
Put the CD in and watch it boot. If it doesn't boot, make sure your BIOS is configured to boot from the CD. At the Linux prompt, hit Enter on your keyboard.

Start Nessus
Remember, Nessus is already installed in Knoppix. Run Nessus from the launch menu and enter the following:

Username: knoppix
Password: knoppix

Start scanning ...:)

No comments: