Intro
I like to read /. every morning to catch up on nerd world happenings. One morning I read about a new vulnerability that was discovered in a commonly deployed network service. The penetration test I was working on that day happened to have that service running. However, because I am not yet a Stack Smashing Sorcerer, I initially felt a bit of dread about trying to figure out how to exploit this issue by myself in 1 day. "Wait", I thought. "Full disclosure and the Open Source Community FTW!" I tried an "svn up" in my Metasploit directory and there it was! Someone had committed a module to exploit that vulnerability in the last 24 hours.
Many of you have probably been in the same situation. Or perhaps you have run into a bug that makes your testing tool crash while testing a certain web application. Maybe you find that your tool is missing a lot of vulnerabilities that it should be finding. Have you considered checking your tool out via subversion? With subversion you get to use the bleeding edge features and bug fixes. There is always the danger that someone may have committed a new bug, but most open source projects of significant size keep their subversion fairly clean and functional.
What tools should you consider checking out of SVN?
Anything you would like. It will generally be easier on you to checkout those tools written in scripting languages like Python, Ruby, or Perl. Tools written in languages you will compile, like C or Java, can be checked out as well, but will be mildly less convenient because you will have to compile them yourself. However, compiling a tool yourself when needed is no trouble at all when it will give you that new feature you need, or fix that show stopper bug. Tools that have new features added regularly or with modules that are updated regularly are other good candidates that you should consider checking out of SVN. Here are some tools that I prefer to check out of SVN:
W3af
svn co https://w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af
(Written in Python. After you check it out with this command, the application will automatically check for SVN updates at run time and ask you if you would like to update.)
Metasploit
svn co https://www.metasploit.com/svn/framework3/trunk/ metasploit
(Written in Ruby. Updated often with lots of great vulnerability exploits.)
Nmap
svn co --username guest --password "" svn://svn.insecure.org/nmap/
(Written in C, so you will have to compile and install it yourself. Has the script DB that is being updated often. Check out their site for tips on things you can do with their SVN.)
Nikto
svn co https://svn2.assembla.com/svn/Nikto_2/trunk nikto
(Written in Perl. They do not have official releases as often as I would like. So checking it out of SVN is a great way for me to access new features!)
What tools are not worth checking out?
Projects that commit broken or untested code to their main subversion trunk on a regular basis, projects that never have any activity on their main subversion trunk or have probably been abandoned (Grendel), or Projects that are too difficult or cumbersome to compile yourself are probably not worth the time and effort to check them out of subversion and compile them.
Aren't you curious what bug fixes or features you are missing out on? Check it out! (Hee hee, svn check it out.)
Tip: Add an alias to your ~/.bashrc to execute the program from the directory you checked it out in to. Like so:
alias w3af="python ~/SVN/w3af/w3af_console"
Be aware though, some programs will require that your current working directory is the directory the program is located in.
No comments:
Post a Comment