Perimeter
2/25/2011
03:30 PM
John H. Sawyer
John H. Sawyer
Commentary
Connect Directly
RSS
E-Mail
50%
50%

The Power Of Open-Source Security Tools

Free, open-source tools like the Metasploit Framework and w3af exemplify the power of community involvement and support

As an attacker and a defender, I've used many open-source tools over the years. Some of them fall to the wayside as newer, better tools get released. Others simply get left behind because they're no longer supported. What I've grown to appreciate more and more is the community support and passion of those involved in the projects responsible for the tools that I've come to rely on regularly.

Two examples that have reaffirmed my belief in open source lately are the Metasploit Framework and w3af projects. The first, Metasploit, has such a strong community built around it that whether you ask a question to the mailing list or the IRC channel, you'll typically have an answer within an hour or less. In addition to the great response time, the question is often answered by a core developer or contributor, and regularly by the actual Metaploit project creator, HD Moore.

Yesterday, in the Metaploit IRC channel, someone had used the new Linux installer for Metasploit and was having a problem starting Postgresql after a reboot. Since I hadn't used the installer yet, I spent about five minutes with a virtual machine to see what it looked like and figure out the answer to the problem. It was great because not only did I help someone else, I also got a chance to test out the new installer.

What I found was a really easy-to-use installer for Linux that should help potential users who aren't very comfortable with the terminal and software installation on Linux. There are a couple of installer versions, including the one I tested that packages Java and Postgresql. Since updates to the Metasploit Framework are a regular occurrence, there's an option included during the install to update regularly via a cron job.

The other open-source project I want to mention is w3af. It is a Web application security testing framework written in Python. It can be used with or without a graphical user interface and is very powerful with a modular architecture that lets you choose only the items you want to use during an assessment. One nice feature that sets w3af apart from many other Web scanners is the ability to exploit found vulnerabilities, like SQL injection, command injection, cross site scripting, and remote file includes.

Besides the w3af being an awesome tool, the support is great. I approached the project lead, Andres Riancho, last week with a bug that he then fixed and updated in the subversion software repository within about 10 minutes. I updated my install and was ready to go again with the fix in place. Similarly, the w3af IRC channel has proved to be a valuable resource as questions come up.

Is open-source software for everyone? No, but as an IT security professional you should certainly be aware of what's out there because it could be useful for a couple of reasons. The first is you might actually come to use an open-source tool that helps you do your job better and earns you a raise (hey, it could happen!). The second is that quite a few open-source security tools are often used for malicious purposes, so it helps to know the abilities of the tools and the artifacts they leave behind so you know what you're up against.

John Sawyer is a Senior Security Analyst with InGuardians. The views and opinions expressed in this blog are his own and do not represent the views and opinions of his employer. He can be reached at johnhsawyer@gmail.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3345
Published: 2014-08-28
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

CVE-2014-3347
Published: 2014-08-28
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid s...

CVE-2014-4199
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVE-2014-4200
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.