Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
2Activity

Table Of Contents

Part I Nessus Tools
Introduction
What Is NASL?
Structure of a NASL Script
The Description Section
The Test Section
Writing Your First Script
Commonly Used Functions
Regular Expressions in NASL
String Manipulation
How Strings Are Defined in NASL
String Addition and Subtraction
String Search and Replace
Nessus Daemon Requirements to Load a NASL
Final Touches
How to Debug NASLs Using the Runtime Environment
Validity of the Code
Validity of the Vulnerability Test
Extending NASL Using Include Files
Include Files
What Can We Do with TRUSTED Functions?
Creating a TRUSTED Test
NTLM
Improving the MySQL Test by Utilizing Packet Dumps
Plugin Templates: Making Many from Few
Common Web Application Security Issues
Creating Web Application Plugin Templates
Detecting Vulnerabilities
Making the Plugin More General
Parameterize the Detection and Trigger Strings
Allow Different Installation dirs
Allow Different HTTP Methods
Multiple Attack Vectors
Increasing Plugin Accuracy
The “Why Bother”Checks
Avoiding the Pitfalls
The Final Plugin Template
Rules of Thumb
Using a CGI Module for Plugin Creation
Perl’s CGI Class
Template .conf File
Plugin Factory
Final Setup
Example Run
XML Basics
XML As a Data Holder
Using mssecure.xml for Microsoft Security Bulletins
The mssecure XML Schema
The Plugin Template
Ins and Outs of the Template
Filling in the Template Manually
General Bulletin Information
The Finished Template
The Command-Line Tool
XML::Simple
Tool Usage
The Source
Conclusion
Part II Snort Tools
Initialization
Starting Up
Libpcap
Parsing the Configuration File
ParsePreprocessor()
ParseOutputPlugin()
Event Queue Initialization
Final Initialization
Decoding
Preprocessing
Detection
Content Matching
The Stream4 Preprocessor
Inline Functionality
Inline Initialization
Inline Detection
Writing Basic Rules
The Rule Header
Rule Options
Metadata Options
session
Writing Advanced Rules
PCRE
Byte_test and Byte_jump
byte_test
byte_jump
The Flow Options
Activate and Dynamic Rules
Optimizing Rules
Ordering Detection Options
Choosing between Content and PCRE
Merging CIDR Subnets
Optimizing Regular Expressions
Testing Rules
Writing Detection Plugins
RFC 3514: The Evil Bit
Detecting “Evil” Packets
SetupEvilBit()
EvilBitInit()
ParseEvilBit()
CheckEvilBit()
Setting Up
Testing
Writing Preprocessors
IP-ID Tricks
Idle Scanning
Predictable IP-ID Preprocessor
SetupIPID()
IPIDInit()
IPIDParse()
RecordIPID()
Prevention
Writing Output Plugins
GTK+
An Interface for Snort
Glade
Function Layout
AlertGTKSetup();
AlertGTKSetup()
AlertGTKInit
AlertGTK
Exiting
Miscellaneous
Snort-AV
Snort-AV- Implementation Summary
Snort-AV Event Verification
Snort-Wireless
Implementation
Preprocessors
Anti-Stumbler
Auth Flood
De-Auth Flood
Mac-Spoof
Rogue-AP
Detection Plugins
BSSID
Duration ID
Fragnum
Frame Control
From DS
More Data
Opening the Interface
Capturing Packets
Saving Packets to a File
Using text2pcap
text2pcap Hex Dumps
Packet Metadata
Converting Other Hex Dump Formats
Extending Wiretap
The Wiretap Library
Reverse Engineering a Capture File Format
Understanding Capture File Formats
Finding Packets in the File
Adding a Wiretap Module
The module_open Function
The module_read Function
The module_seek_read Function
The module_close Function
Building Your Module
Setting up a New Dissector
Built-in versus Plugin
Calling Your Dissector
Calling a Dissector Directly
Using a Lookup Table
Examining Packet Data as a Last Resort
New Link Layer Protocol
Defining the Protocol
Programming the Dissector
Low-Level Data Structures
Adding Column Data
Creating proto_tree Data
Calling the Next Protocol
Advanced Dissector Concepts
Exceptions
User Preferences
In This Toolbox
Writing Line-Mode Tap Modules
Adding a Tap to a Dissector
Adding a Tap Module
tap_reset
tap_packet
tap_draw
Writing GUI Tap Modules
Initializer
The Three Tap Callbacks
Processing Tethereal’s Output
XML/PDML
The PDML Format
Metadata Protocols
EtherealXML.py
Introducing Host Integrity Monitoring
How Do HIM Systems Work?
Scanning the Environment
Centralized Management
Feedback
Introducing Osiris and Samhain
Osiris
How Osiris Works
Authentication of Components
Scan Data
Logging
Filtering Noise
Strengths
Weaknesses
Samhain
How Samhain Works
Extending Osiris and Samhain with Modules
Osiris Modules
An Example Module: mod_hostname
Testing Your Module
Packaging Your Module
General Considerations
Samhain Modules
An Example Module: hostname
Index
0 of .
Results for:
No results containing your search query
P. 1
NessusSnortEtherealPwrToolz

NessusSnortEtherealPwrToolz

Ratings: (0)|Views: 338 |Likes:
Published by Syahmie Ramley

More info:

Published by: Syahmie Ramley on Aug 24, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

08/24/2011

pdf

text

original

You're Reading a Free Preview
Pages 10 to 69 are not shown in this preview.
You're Reading a Free Preview
Pages 79 to 100 are not shown in this preview.
You're Reading a Free Preview
Pages 110 to 283 are not shown in this preview.
You're Reading a Free Preview
Pages 293 to 300 are not shown in this preview.
You're Reading a Free Preview
Pages 310 to 472 are not shown in this preview.

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->