Perimeter
2/25/2011
03:30 PM
John H. Sawyer
John H. Sawyer
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

The Power Of Open-Source Security Tools

Free, open-source tools like the Metasploit Framework and w3af exemplify the power of community involvement and support

As an attacker and a defender, I've used many open-source tools over the years. Some of them fall to the wayside as newer, better tools get released. Others simply get left behind because they're no longer supported. What I've grown to appreciate more and more is the community support and passion of those involved in the projects responsible for the tools that I've come to rely on regularly.

Two examples that have reaffirmed my belief in open source lately are the Metasploit Framework and w3af projects. The first, Metasploit, has such a strong community built around it that whether you ask a question to the mailing list or the IRC channel, you'll typically have an answer within an hour or less. In addition to the great response time, the question is often answered by a core developer or contributor, and regularly by the actual Metaploit project creator, HD Moore.

Yesterday, in the Metaploit IRC channel, someone had used the new Linux installer for Metasploit and was having a problem starting Postgresql after a reboot. Since I hadn't used the installer yet, I spent about five minutes with a virtual machine to see what it looked like and figure out the answer to the problem. It was great because not only did I help someone else, I also got a chance to test out the new installer.

What I found was a really easy-to-use installer for Linux that should help potential users who aren't very comfortable with the terminal and software installation on Linux. There are a couple of installer versions, including the one I tested that packages Java and Postgresql. Since updates to the Metasploit Framework are a regular occurrence, there's an option included during the install to update regularly via a cron job.

The other open-source project I want to mention is w3af. It is a Web application security testing framework written in Python. It can be used with or without a graphical user interface and is very powerful with a modular architecture that lets you choose only the items you want to use during an assessment. One nice feature that sets w3af apart from many other Web scanners is the ability to exploit found vulnerabilities, like SQL injection, command injection, cross site scripting, and remote file includes.

Besides the w3af being an awesome tool, the support is great. I approached the project lead, Andres Riancho, last week with a bug that he then fixed and updated in the subversion software repository within about 10 minutes. I updated my install and was ready to go again with the fix in place. Similarly, the w3af IRC channel has proved to be a valuable resource as questions come up.

Is open-source software for everyone? No, but as an IT security professional you should certainly be aware of what's out there because it could be useful for a couple of reasons. The first is you might actually come to use an open-source tool that helps you do your job better and earns you a raise (hey, it could happen!). The second is that quite a few open-source security tools are often used for malicious purposes, so it helps to know the abilities of the tools and the artifacts they leave behind so you know what you're up against.

John Sawyer is a Senior Security Analyst with InGuardians. The views and opinions expressed in this blog are his own and do not represent the views and opinions of his employer. He can be reached at johnhsawyer@gmail.com

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2012-0871
Published: 2014-04-18
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVE-2012-6646
Published: 2014-04-18
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.

CVE-2013-4279
Published: 2014-04-18
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Best of the Web