Nessus插件开发及实例

Nessus是当前较先进的漏洞扫描软件，它以插件的形式完成漏洞检查。该文在分析了其插件开发语言的基础上，提出了Nessus插件开发的基本流程，通过一类弱口令探测插件的实例来说明Nessus插件的开发。     

基于Web的漏洞扫描系统的设计与实现

分析了网络漏洞扫描器在网络安全领域的重要作用及其工作原理，介绍了漏洞扫描器开源软件Nessus的优点，介绍了一个在Nessus的基础上开发的基于Web的网络漏洞扫描系统的设计与实现。     

基于Nessus的漏洞扫描系统设计与实现

本文介绍了基于Nessus的漏洞扫描系统设计结构,分析了Nessus漏洞扫描工具及其代码结构,设计出了基于Nessus的漏洞扫描系统,详细阐述了漏洞扫描系统的框架;给出了预定IP范围模块、配置漏洞扫描策略模块、预定插件集模块的详细设计;最后给出了实验结果及分析。实验表明,该系统对目标主机的漏洞检测是较为有效的。     

从OVAL漏洞信息转换到Nessus扫描插件的研究与实现在

网络安全漏洞扫描应充分考虑执行的效率和信息的共享.本文通过对OVAL和Nessus的介绍,分析OVAL Definition与Nessus plugin之间的异同,提出并实现了一种将OVAL公布的漏洞信息转换成Nessus扫描插件的方法,共享了漏洞信息,并提升了漏洞检测的品质.最后经过实验说明该方法的可行性.     

网管秘籍 审核网络安全的十大必备工具

一、Nessus：这是一款UNIX平台的漏洞评估工具，可以说它是最好的、免费的网络漏洞扫描程序。其更新速度很快，有超过11000个插件。其关键特性包括安全和本地的安全检查，拥有GTK图形接口的客户端／服务器体系结构，还有一个嵌入式脚本语言（可以编写我们自己的插件或理解现有的插件）。Nessus3现在是闭源软件，不过仍是免费的，除非你需要最新的插件。     

Nessus插件调度算法研究

本文介绍了Nessus插件相关的技术及插件间的运行关系，给出了Nessus调度算法；设计了一种更为简单、效率更高的贪心算法；实验表明，该算法有着较好的性能。     

主动Web漏洞扫描中的场景技术研究

当前,主要的开源Web漏洞扫描工具如Nikto、Nessus等都存在误报率与漏报率较高、评估不准确、扫描效率较低等问题。本文对漏洞扫描过程进行建模,在传统的基于配置的扫描策略上,提出了一种基于场景的扫描策略。使用场景树描述漏洞场景,并给出了场景树的构建及维护策略。最后,以Nikto的漏洞数据库为例,示范了如何将多条漏洞用例转化为场景树描述。使用漏洞场景扫描策略可以提高扫描效率,减小误报率,提高评估的准确度。     

Google Web安全检测工具研究

Skipfish是Google 2010年推出的一款开源Web安全检测工具,与Nikto和Nessus等工具相比,skipfish使用递归抓取和基于字典的探针技术生成交互式目标网站地图,在性能上采用单线程复用技术、自定义的http堆栈和启发式行为分析等技术减少了网络探测流量,使其具有显著的速度优势.文章针对其源码,重点分析了其使用主要的数据结构、执行流程、多I/O异步机制和字典的使用,对于理解Skipfish软件架构和关键技术并以此为基础进行应用扩展和优化提供了有力的帮助.     

使用Nessus查明系统漏洞

Nessus根据已知的系统漏洞和弱点,对被评估的系统进行模拟攻击,最后给出一份详细的报告。而你所要做的,不是安装和运行工具,而是要将评估报告汇报给企业,并决定对哪些漏洞必须立即打上补丁,哪些弱点可以暂时放缓处理。     

基于Kali Linux的渗透测试及防范研究

渗透测试是通过模拟恶意黑客的攻击方法，评估计算机网络系统安全的一种评估方法。文章基于Kali Linux系统探究了MS17-010漏洞，利用虚拟化平台搭建渗透测试环境，并模拟实际攻击环境。先使用Nessus、Nmap、MSF等工具收集信息，再利用MS17-010漏洞进行渗透，获取了靶机的shell控制权，渗透效果明显，完成了对目标主机的渗透。基于MS17-010漏洞的攻击原理，提出了相应的防范方法，结果表明防范方法具有通用性，对其他漏洞的防范具有借鉴作用。     

Open source security: opportunity or oxymoron?

As the computer industry focuses on system and network security, a growing number of users are taking a closer look at open source software in order to gauge whether its potential advantages outweigh its possible disadvantages. Although open source security has been around for years, it has never been as widely used as open source products like the Linux OS or Apache Web server have been. John Pescatore, Internet security research director at market-research firm Gartner Inc., said open source security tools now represent 3 to 5 percent of security-software usage but could comprise 10 to 15 percent by 2007. A key factor in this potential growth is the quality of numerous open source security packages. Open source software products include free tools that users can download from the Internet, packages that come with commercial vendor support, and tools bundled with closed source products. The most popular tools include Netfilter and iptables; intrusion-detection systems such as Snort, Snare, and Tripwire; vulnerability scanners like Nessus and Saint; authentication servers such as Kerberos; and firewalls like T.Rex. Some companies are even beginning to use open source security to protect mission-critical applications     

基于强化学习的渗透路径推荐模型

渗透测试的核心问题是渗透测试路径的规划,手动规划依赖测试人员的经验,而自动生成渗透路径主要基于网络安全的先验知识和特定的漏洞或网络场景,所需成本高且缺乏灵活性。针对这些问题,提出一种基于强化学习的渗透路径推荐模型QLPT,通过多回合的漏洞选择和奖励反馈,最终给出针对渗透对象的最佳渗透路径。在开源靶场的渗透实验结果表明,与手动测试的渗透路径相比,所提模型推荐的路径具有较高一致性,验证了该模型的可行性与准确性;与自动化渗透测试框架Metasploit相比,该模型在适应所有渗透场景方面也更具灵活性。     

Accurate and efficient exploit capture and classification

Software exploits, especially zero-day exploits, are major security threats. Every day, security experts discover and collect numerous exploits from honeypots, malware forensics, and underground channels. However, no easy methods exist to classify these exploits into meaningful categories and to accelerate diagnosis as well as detailed analysis. To address this need, we present SeismoMeter, which recognizes both control-flowhijacking, and data-only attacks by combining approximate control-flow integrity, fast dynamic taint analysis and API sandboxing schemes. Once it detects an exploit incident, SeismoMeter generates a succinct data representation, called an exploit skeleton, to characterize the captured exploit. SeismoMeter then classifies the captured exploits into different exploit families by performing distance computing on the extracted skeletons. To evaluate the efficiency of SeismoMeter, we conduct a field test using exploit samples from public exploit databases, such as Metasploit, as well as wild-captured exploits. Our experiments demonstrate that SeismoMeter is a practical system that successfully detects and correctly classifies all these exploit attacks.     

An artificial intelligence membrane to detect network intrusion

We propose an artificial intelligence membrane to detect network intrusion, which is analogous to a biological membrane that prevents viruses from entering cells. This artificial membrane is designed to monitor incoming packets and to prevent a malicious program code (e.g., a shellcode) from breaking into a stack or heap in a memory. While monitoring incoming TCP packets, the artificial membrane constructs a TCP segment of incoming packets, and derives the byte frequency of the TCP segment (from 0 to 255 bytes) as well as the entropy and size of the segment. These features of the segment can be classified by a data-mining technique such as a decision tree or neural network. If the data-mining method finds a suspicious byte sequence, the sequence is emulated to ensure that it is just a shellcode. If the byte sequence is a shellcode, the sequence is dropped. At the same time, an alert is communicated to the system administrator. Our experiments examined seven data-mining methods for normal and malicious network traffic. The malicious traffic included 114 shellcodes, provided by the Metasploit framework, and including 10 types of metamorphic or polymorphic shellcodes. In addition, real network traffic involving shellcodes was examined. We found that a random forest method outperformed all the other datamining methods and had a very high detection accuracy, including a true-positive rate of 99.6% and a false-positive rate of 0.4%.     

对半偶图像作LDA变换的人脸识别方法

对于人脸图像而言，偶图像相当于原始图像与它的镜像的和。为了增大训练样本，许多人脸识别算法把镜像图像加入到训练集中。与这些方法不同，本文把原始训练集中的每一幅图像都变换为它的半偶图像得到新的训练集。对于新的训练集，采用LDA(Linear discriminant analysis)方法提取特征后作分类。在ORL和IIS人脸库上的实验结果表明，对半偶图像作LDA的人脸识别方法有较高的识别率。     

一种基于最小二乘估计的玻壳曲面拟合方法

位移传感器测量已经成为一种重要的测量手段。为估计一种基于线性可变差动传感器(LVDT)玻壳测试系统的质量，用最小二乘法对测试曲面进行球面拟合，得到相对应的玻壳曲面。利用该曲面计算曲率半径，检验各位移传感器(LVDT)安装是否准确，从而测试生产的玻壳是否合格，并利用坐标值即可对系统进行系统误差的校正。由于最小二乘法可削弱误差较大的点的影响，根据其特点建立数学模型进行拟合，其结果对6寸玻壳的生产加工环节具有更直接的指导意义。