You are here

Pen testing apps - nmap, metasploit, nessus

18 posts / 0 new
Last post
xtr.eme
Offline
Last seen: 16 years 8 months ago
Joined: 2008-02-03 07:13
Pen testing apps - nmap, metasploit, nessus

Hi, I have been using portableapps for a while now, and finally decided to register.

I am currently compiling a toolkit of pentesting apps - john the ripper, thchydra, a packet sniffer, aircrack are a few that are already portable.

--nmap--
nmap.org/
Now I need a port scanner - nmap is the obvious option as I am familiar with it and it is probably the best around. I am using version 3 with gui. I think that the problem with making nmap portable is winpcap. I'm not an expert, but youd probably have to include all winpcap files (mostly found in c://windows/system32) and include them in the nmap folder. Then you would have to tell nmap to search for winpcap in its own folder, instead of system32. Nmap includes no .ini file. It is open source

--nessus--
http://www.nessus.org/download/
nessus is a free but closed source vuln scanner. it can be downloaded at the above address, but there is quite a complicated activation process. Therefore this couldnt be an official portableapp. It would still be a useful addition for registered users.

--metasploit--
www.metasploit.com/
metasploit is a framework for writing exploit code and executing it. It is written in ruby, and bundled with the ruby interpreter. Most importantly, it is open source, and as far as I know it has no dependencies. This would probably be the easiest to make portable.

Unfortunately, I lack the knowledge to make these apps portable. I would be most grateful if someone could have a go, and would be willing to help them wherever I could.

xtr.eme

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 4 months 2 weeks ago
Joined: 2006-11-18 10:26
Nessus uses a client/server

Nessus uses a client/server model so I assume you only want the client side portablized then right?

If a portable version of Wireshark ever gets released, maybe it's use of WinPcap could be leveraged to make NMap portable. Until then, I don't think NMap will ever be portable (installing drivers = admin account access).

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

xtr.eme
Offline
Last seen: 16 years 8 months ago
Joined: 2008-02-03 07:13
But why should the drivers

But why should the drivers be installed? Is it not possible to just get nmap to use them?

xtr.eme

rab040ma
Offline
Last seen: 4 months 1 week ago
Joined: 2007-08-27 13:35
The drivers that come with

The drivers that come with Windows don't support the kind of analysis that nmap or wireshark are designed to do. There are probably some features that would work with the standard drivers; perhaps we could list "features that work" and "features that don't work" if you use a restricted account on a machine that doesn't have the driver installed.

I think I've seen that there's a wireshark portable that runs on Windows that installs the driver if you have Admin privileges, then removes it again when you are finished (clean up).

Penetration testing, analyzing passwords for weakness, intrusion detection, and network scanning would be valuable things to have available on a thumbdrive, but are likely to be quite limited in usefulness on a limited account.

MC

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 4 months 2 weeks ago
Joined: 2006-11-18 10:26
The WinPcap drivers have to

The WinPcap drivers have to be installed for a program to use them and do low-level network packet capture. You just can't have the file sit on the hard drive, they need to be installed thereby letting the operating system use them.

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

digitxp
digitxp's picture
Offline
Last seen: 13 years 1 month ago
Joined: 2007-11-03 18:33
Some answers.

First of all, to make an app portable, you mainly need to make it not leave any registry entries, or any other files on the pc (except maybe cache). Most apps are like that. To test, you can use regshot. And second, I searched PortableFreewareand foundhref="http://portablefreeware.com/?id=270">this port scanner. It is tested to be portable (just install it, copy the files, then uninstall). For nessus, I do not know what a vuln scanner is (not in the dictionary). And metasploit, you can use regshot on it and see if it doesn't leave reg entries or anything of that matter. And never forget, a searching really helps people with time management.
P.S. Welcome to the forums Smile

Insert original signature here with Greasemonkey Script.

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 4 months 2 weeks ago
Joined: 2006-11-18 10:26
vulnerability scanner

"vuln scanner" = vulnerability scanner...a common network security tool.

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

xtr.eme
Offline
Last seen: 16 years 8 months ago
Joined: 2008-02-03 07:13
Which port scanner is

Which port scanner is "this"?

Neither of the two I found, SoftPerfect Network Scanner and HoverIP, appear have the functionality I require (for example OS detection or more importantly service detection (nmap -p).

I will investigate regshot

xtr.eme

rab040ma
Offline
Last seen: 4 months 1 week ago
Joined: 2007-08-27 13:35
Regshot just tells you

Regshot just tells you whether a particular program leaves traces when you run it.

If you need to install special drivers to use your penetration or vulnerability testers, that would definitely leave a trail through the registry.

The port scanner I guess digitxp is talking about tell you what ports are being used on your own machine (and by what software), not what ports are open on other machines.

There's nothing like nmap for that. Just boot into your Backtrack CD and you can do all that stuff and more.

MC

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 4 months 2 weeks ago
Joined: 2006-11-18 10:26
excellent idea

Yes, excellent idea. The bootable Backtrack CD is Good Stuff™ and a great admin tool.

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

xtr.eme
Offline
Last seen: 16 years 8 months ago
Joined: 2008-02-03 07:13
There are in fact several

There are in fact several port scanners like nmap; nmap is just the best

xtr.eme

Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 7 months ago
Joined: 2006-06-18 13:55
I think I will probably

I think I will probably absent myself from this discussion. The last time it came up it got a little heated. I've made my points in the past for those who choose to search for them.

Let me just say that I think we should make an exception to the rule for exploit tools.
I think the portable use of exploit tools should leave all kinds of traces behind.
In fact I'm not sure why someone would want to test for exploits on someone else's machine without their explicit permission.
The owner of the machine in question probably has a right to know that exploit tools were used on their machine. Perhaps a big red desktop icon saying this machine was tested with metasploit.

"Metasploit can be used by administrators to test the vulnerability of computer systems in order to protect them, or by Black Hat hackers and script kiddies to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities."

nough said by me,

Tim

Things have got to get better, they can't get worse, or can they?

xtr.eme
Offline
Last seen: 16 years 8 months ago
Joined: 2008-02-03 07:13
"Metasploit can be used by

"Metasploit can be used by administrators to test the vulnerability of computer systems in order to protect them, or by Black Hat hackers and script kiddies to break into remote systems. Like many information security tools, Metasploit can be used for both legitimate and unauthorized activities."

And in the same way, Portable Metasploit could be used by System Admin or Black Hats. Metasploit is a highly respected penetration testing tool. Portable Firefox is probably used by Black Hats to facilitate breaking into another PC, but that is no reason not to release it.

The owner of the machine in question probably has a right to know that exploit tools were used on their machine. Perhaps a big red desktop icon saying this machine was tested with metasploit.

I am asked by friends to test their computer systems' security. However, they do not want their registry filled with junk.

xtr.eme

Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 7 months ago
Joined: 2006-06-18 13:55
Acknowledged

Your reply is acknowledged.

Things have got to get better, they can't get worse, or can they?

RMB Fixed
Offline
Last seen: 14 years 10 months ago
Joined: 2006-10-24 10:30
Shark PAF :

http://prdownloads.sourceforge.net/wireshark/WiresharkPortable-0.99.7.pa...

@Tim : It's not the tools, it's the mentality of the people using them .
..and trust me, the rotten ones will do it no-matter how much we pretend the software doesn't exist .

xtr.eme
Offline
Last seen: 16 years 8 months ago
Joined: 2008-02-03 07:13
Yes, I am aware that there

Yes, I am aware that there is a portable Wireshark, however it makes no attempt at including WinPcap other than starting the installer.

Maybe this will be a feature added in the future, although the general feeling seems to be that it is impossible to do on a limited account.

xtr.eme

userPA
Offline
Last seen: 16 years 6 months ago
Joined: 2008-04-13 14:09
There is portable

There is portable WinPCAP:
http://www.cacetech.com/products/oem-winpcap.htm

Unfortunately it's commercial, but it works with nmap, wireshark, etc. I'm using all those tools as portable with CACE WinPcap without any problems. Just copy the CACE WinPCap dlls into the program directory (e.g. nmap directory).

My point isn't advising people to buy it, but that there is absolutely no reason why the free/open source WinPcap cannot be made portable.

operat0r
Offline
Last seen: 1 week 1 day ago
Joined: 2006-08-01 21:44
metasploit portable / autopwn

http://rmccurdy.com/scripts/MetasploitPortable.exe

* current as of 5823 SVN REV !

* you must be local admin
* winpcap is required for SYN scans !

* run the Metasploit 3 GUI.bat

* open a console ( ctrol + o )

AUTOPWN EXAMPLE

load db_sqlite3
db_destory pentest
db_create pentest
db_nmap -vvv 192.168.1.101
db_autopwn -p -t -e

rmccurdy.com for updates !!!

basically took windows installer updated it and made it portable Smile ENJOY ! visit the root site for more portable apps including w3af !

Signature automatically removed for containing links

Log in or register to post comments