Page 52 - index
P. 52
Continuous Scanning
Francisco Amato, CEO, Infobyte LLC
Introduction:
Doing a security audit for your infrastructure, web site or services whether it be annually or every six
months is a great first step to better securing your systems, but in many cases it is not enough.
Adding to that, if the audit only involves one tool, our attack surface unfortunately is pretty small.
The idea of this post is to tell everyone about how to use the Faraday platform to be able to do
continuous scannings using almost all the auditing tools on the market.
The goal will be to do a scan every week or by events after a set of targets with different tools and
obtain all the results on your Faraday platform. This should allow you to detect and mitigate new
issues in your infrastructure.
While it is always necessary to conduct regular manual security audits (at least for the time being
the software is not better than people). By doing continuous scannings it can help a company pick
off a lot of the low hanging fruit and let them concentrate on trickier stuff.
Preparation:
We are going to use the following tools:
● w3af
● nmap
● nikto
● burp
● zap
● nessus
● openvas
Using a set of scripts together with different API we can obtain from a list of IPs/ Websites the
corresponding reports.
Each report must be copied to $HOME/.faraday/report/[workspace_name]
Faraday than will convert all the reports into valuable information to be interpreted by the user.
Script:
The following script will centralize all the actions we mentioned before.
./cscan.py: #execute each script inside ./scripts/network/ and ./scripts/web/
./scripts/web #directory for web tools
52 Cyber Warnings E-Magazine – October 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
