Tutorials of how to use Metasploit, Nessus and Nmap Obed A. Adames Méndez Computer Engineering Jeffrey L. Duffany, Ph.D. Computer Engineering Polytechnic University of Puerto Rico Abstract This paper is in support of three newly Confidentiality is also known as secrecy or privacy; created tutorials, focused on different Security and breaches of confidentiality range from the Penetration testing tools. The tutorials have been embarrassing to the disastrous. Integrity means that selected to cover three different areas in the information is protected against unauthorized security and penetration field. These tutorials are changes that are not detectable to authorized users; will provide basic understanding on the many incidents of hacking compromise the functionalities and capabilities of each particular integrity of databases and other resources. tool. Authentication means that users are who they claim Currently there are many different ways to to be. Availability means that resources are protect our systems. However none of them are accessible by authorized parties; "denial of service" 100% secure. We may have severe vulnerabilities attacks, which are sometimes the topic of national in our system and may not be aware of it. Testing news, are attacks against availability. Other our systems for vulnerabilities is something that we important concerns of computer security should not overlook. professionals are access control and The purposed of these tutorials is to give an nonrepudiation. Maintaining access control means overview of the free security tools that are not only that users can access only those resources available and that we can use to verify the integrity and services to which they are entitled, but also that and the security of a network. We will also they are not denied resources that they legitimately demonstrate how vulnerabilities can be exploited can expect to access. Nonrepudiation implies that a using this tools. person who sends a message cannot deny that he Key Terms Computer Security, Network sent it and, conversely, that a person who has Scan, Penetration Testing, Vulnerability. received a message cannot deny that he received it. In addition to these technical aspects, the INTRODUCTION conceptual reach of computer security is broad and multifaceted. Computer security touches draws The term computer security is used frequently, from disciplines as ethics and risk analysis, and is but the content of a computer is vulnerable to few concerned with topics such as computer crime; the risks unless the computer is connected to other prevention, detection, and remediation of attacks; computers on a network. As the use of computer and identity and anonymity in cyberspace. networks, especially the Internet, has become What is penetration testing? Penetration pervasive, the concept of computer security has testing, often called “pentesting”, “pen testing”, or expanded to denote issues pertaining to the “security testing”, is the practice of attacking your networked use of computers and their resources. own or your clients’ IT systems in the same way a The major technical areas of computer security hacker would to identify security holes. Of course, are usually represented by the initials CIA: you do this without actually harming the network. confidentiality, integrity, and authentication or The person carrying out a penetration test is called availability. Confidentiality means that information a penetration tester or pentester.[1] cannot be access by unauthorized parties. The purpose of the newly created tutorials is to interference with the scan) during the run. Also, provide a basic understanding to new computer owing to the large and active user community security tools users on how computer security providing feedback and contributing to its features, works. The tutorials will provide users with the Nmap has been able to extend its discovery description of the graphical user interface, console capabilities beyond simply figuring out whether a applications, examples of how to employ the tool, host is up or down and which ports are open and and practical exercises. closed; it can determine the operating system of the The tutorials are designed around three security target, names and versions of the listening services, tools which are described as follows: estimated uptime, type of device, and presence of a Nmap: (Network Mapper) is a security scanner firewall. used to discover hosts and services on a Nmap features include: computer network, thus creating a "map" of the Host Discovery - Identifying hosts on a network. network. For example, listing the hosts which Nessus: is a proprietary comprehensive respond to pings or have a particular port open. vulnerability scanning program. It is free of Port Scanning - Enumerating the open ports on charge for personal use in a non-enterprise one or more target hosts. environment. Its goal is to detect potential Version Detection - Interrogating listening vulnerabilities on the tested systems. network services listening on remote devices to Metasploit: is an open-source, computer determine the application name and version security project which provides information number. about security vulnerabilities and aids in OS Detection - Remotely determining the penetration testing and IDS signature operating system and some hardware development. Its most well-known sub-project characteristics of network devices. is the Metasploit Framework, a tool for Scriptable interaction with the target - using developing and executing exploit code against Nmap Scripting Engine (NSE) and Lua a remote target machine. Other important sub- programming language, customized queries projects include the Opcode Database, can be made. shellcode archive, and security research. In addition to these, Nmap can provide further The Metasploit Project is also well known information on targets, including reverse DNS for anti-forensic and evasion tools, some of names, device types, and MAC addresses. which are built into the Metasploit Framework. Typical uses of Nmap: Auditing the security of a device by identifying NMAP the network connections which can be made to Nmap (Network Mapper) is a security scanner it. originally written by Gordon Lyon (also known by Identifying open ports on a target host in his pseudonym Fyodor Vaskovich)[2] used to preparation for auditing. discover hosts and services on a computer network, Network inventory, Network mapping, thus creating a "map" of the network. To maintenance, and asset management. accomplish its goal, Nmap sends specially crafted Auditing the security of a network by packets to the target host and then analyzes the identifying unexpected new servers. responses. Unlike many simple port scanners that just send packets at some predefined constant rate, Nmap is used to discover computers and Nmap accounts for the network conditions (latency services on a computer network, thus creating a fluctuations, network congestion, the target "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive NESSUS services on a network, despite the fact that such Nessus is the world’s most widely-deployed services aren't advertising themselves with a service vulnerability and configuration assessment product discovery protocol. In addition, Nmap may be able with more than five million downloads to date. to determine various details about the remote Nessus 5[5] features high-speed discovery, computers. configuration auditing, asset profiling, sensitive Like most tools used in computer security, data discovery, patch management integration, and Nmap can be used for black hat hacking, or vulnerability analysis of your security posture with attempting to gain unauthorized access to computer features that enhance usability, effectiveness, systems. It would typically be used to discover efficiency, and communication with all parts of open ports which are likely to be running your organization. vulnerable services, in preparation for attacking The Nessus tool works a little differently than those services with another program.[3] System other scanners. Rather than purporting to offer a administrators often use Nmap to search for single, all-encompassing vulnerability database that unauthorized servers on their network, or for gets updated regularly, Nessus supports the Nessus computers which don't meet the organization's Attack Scripting Language (NASL), which allows minimum level of security.[4] Nmap is often security professionals to use a simple language to confused with host vulnerability assessment tools describe individual attacks. Nessus administrators such as Nessus, which go further in their then simply include the NASL descriptions of all exploration of a target by testing for common desired vulnerabilities to develop their own vulnerabilities in the open ports found. In some customized scans. jurisdictions unauthorized port scanning may be Nessus is an open-source network vulnerability illegal. scanner that uses the Common Vulnerabilities and To use Nmap you must open the command Exposures architecture for easy cross-linking prompt windows with administrator privilege see between compliant security tools. Nessus employs Figure 1. the Nessus Attack Scripting Language (NASL), a simple language that describes individual threats and potential attacks. Nessus has a modular architecture consisting of centralized servers that conduct scanning, and remote clients that allow for administrator interaction. Administrators can include