- BackTrack 4: Assuring Security by Penetration Testing
- Shakeel Ali Tedi Heriyanto
- 507字
- 2021-04-09 21:20:57
Installing additional weapons
Although BackTrack 4 comes with so many security tools, sometimes you need to add additional software tools because:
- It is not included with the default BackTrack 4
- You want to have the latest version of the software not available in the repository
Our suggestion is to try to first search for the package in the repository. If you find the package in the repository, please use that package, but if you can't find it, you may want to get the software package from the author's website and install it by yourself. We suggest you use the software in the repository as much as you can.
The command to search for the package in the repository is:
apt-cache search <package_name>
If you found the package and you want to get more information about it, use:
apt-cache show <package_name>
It will display more information about the software package.
Then you will be able to use apt-get to install the package:
apt-get install <package_name>
However, if you can't find the package in the repository and you are sure that the package will not cause any problems later on, you can install the package by yourself.
Download the software package from a trusted source. Then use the dpkg command to add the additional software. Make sure that the software is bundled in Debian package format (DEB).
In this section, we will give examples on how to install additional security tools. The tools are Nessus and WebSecurify.
Nessus vulnerability scanner
As an example for the first case, we want to install the latest Nessus vulnerability scanner (Version 4). We have already searched in the BackTrack repository, and the available Nessus is Nessus Version 2, so we won't use it. The reason why BackTrack doesn't include the latest Nessus version is because of the licensing issue. Since Version 3, Nessus is no longer open source software. A Linux distribution can't distribute it anymore without licensing it from the Tenable Security (the company who develops Nessus).
We download the latest Nessus package generated for Ubuntu 8.10 Linux distribution from Nessus website (http://www.nessus.org). To install the package we issue the command:
dpkg -i Nessus-x.y.z-ubuntu810_i386.deb
You can then follow the instructions given on the screen to configure your Nessus:
/opt/nessus/bin/nessus-fetch --register <your_activation_code>
/etc/init.d/nessusd start
- Open your browser and connect to
https://localhost:8834.
WebSecurify
WebSecurify is a web security testing environment that can be used to find vulnerabilities in web applications.
It can be used to check for the following vulnerabilities:
- SQL injection
- Local and remote file include
- Cross-site scripting
- Cross-site request forgery
- Information disclosure problems
- Session security problems
WebSecurify tool is available from the BackTrack repository. To install it you can use the apt-get command:
# apt-get install websecurify
Besides the three tools that have already been discussed briefly, you can also search for other tools in the BackTrack repository using the apt-cache search command.
- Hi!扁平化Photoshop扁平化用戶界面設計教程
- SolidWorks2014基礎實例教程
- iPhone Applications Tune/Up
- AutoCAD 2019中文版計算機輔助繪圖全攻略
- PS App UI設計從零開始學
- 快學熟用D3
- 有趣的Flutter:從0到1構建跨平臺App
- AutoCAD 2016入門與提高(超值版)
- Photoshop插畫藝術火星風暴
- 中文版After Effects 2022基礎教程
- 科技繪圖/科研論文圖/論文配圖設計與創作自學手冊:科研動畫篇
- Flash CS5動畫設計教程
- 中老年學微信(圖解大字版)
- SAP Business ONE Implementation
- JSF 1.2 Components