Nessus on N810

Yesterday I decided to continue with my Nessus on N810 project, and basically had to start over again because I had done a re-install of my Linux box. So, on with the maemo environment setup and downloading required packages.

First I tried OpenVAS, but it had way too many dependencies which were not included in the environment and I got bored after hunting these all down after a while. Then I continued with Nessus 2.x series which there is sources still available and compiling the stuff was a breeze like the first time.

After installing the stuff on the N810 and downloading the plugins, I thought that last time it died because of way too many plugins. I did some quick harvesting of what to include:

• copy the dependencies which are present in NASL scripts
• copy all the plugins from CVE-2005 to CVE-2009
• copy os fingerprinting plugins, CVE NOMATCH plugins
• copy .inc files and exclude local security checks
  

Then I installed the openssl package to the device as nessus-mkcert wanted it, and added the user with nessus-adduser. Then to the fun part, running nessusd & nessus. The daemon slowly chugged on the plugins (which load way faster next time), but the system was fully usable. Last time it was really hard on the system, maybe the OS2008 update has something to do with it?

Running nessus client:


When entering the credentials to the login screen I was greeted with a long wait. I thought it crashed like earlier, but it actually did finish and I was able to use the GUI. The next screenshot shows the Plugins tab:


The exiting moment came next when I entered the subnet as target and clicked start the scan. The screen blanked and flickered once and I thought it crashed. It didn't crash and begun testing the hosts, multiple at a time. However, at some point the device rebooted.

I decided to tune the default values to be more friendly for the device, running one test per host, and only one host at a time. I also increased the timeout value in case tests do not finish in time. Now I decided to target my XP and a Linux sitting in VMWare. Here is a screenshot of the scan:


Last but not least I actually got some results from the scan. The Linux had a vulnerable BIND service listening which Nessus correctly identified. As can be seen from the screenshot, the report is actually quite readable:


What buggers me though is that it didn't show any progress on the portscan level, so I actually have to do some sniffing to verify if it does scan the default services ports or not. Also the scan options were only few, maybe it is because of the GUI or it requires NMAP.

Anyways, I'm glad I continued the project, which was basically just compiling it to the proper platform and finetuning what it eats. Having a simple and small vulnerability scanner which fits your pocket sounds fun.

Next N810 project I should continue working on is the packet injection with a USB WLAN adapter, which requires some electronics work. Too bad I'm too lazy to go to a hardware shop. As a side-effect from that project I think checking out a USB ethernet adapter can be worthwhile too. Then the device wouldn't be restricted to WLAN.