Nessus, Snort & Ethereal Power Tools: Customizing Open Source Security Applications

If you have Nessus, Snort, and Ethereal up and running and are now ready to customize, code, and torque these tools to their fullest potential, then this book is for you. The authors of this book provide the inside scoop on coding the most effective and efficient Snort rules, Nessus plug-ins with NASL, and Ethereal wiretap, dissector, and tap modules. After reading this book, you will be a master at coding your own tools to detect malicious traffic, scan for vulnerabilities, and capture only the packets YOU really care about.

• Nessus Power Tools
• Create Extensions and Custom Tests: Customize NASL and extend the capabilities of Nessus using Include Files; Process Launching and Results Analysis; and the Nessus Knowledge Base.
• Debug Newly Created or Existing NASLs: Use the command-line interpreter or the Nessus daemon to test the validity of code and vulnerability tests.
• Automate NASL Creation: Automate and simplify creation of complex NASLs using Plugin Templates, Perl’s CGI Module, and XML Parsing.
• Snort Power Tools
• Create Custom Rules: Write, test, and optimize advanced rules to work on even the most complex traffic.
• Master Plugins and Preprocessors: Write detection plugins, output plugins, and preprocessors to optimize speed and efficiency of rules.
• Patch Snort to Enhance and Customize Performance: Use Snort AV (Active Verification) to reduce false positives and Snort-Wireless to provide layer 2 Wireless IDS functionality.
• Ethereal Power Tools
• Enable Ethereal to Read New Data Sources: Use libcap to capture packets, use text2pcap to convert from hex dumps to the pcap format, and learn techniques for reverse engineering and undocumented packet capture file format and writing a wiretap module.
• Program Your Own Protocol Dissector: Set up and program advanced dissectors either linked into Ethereal or as a plugin.
• Create and Customize Ethereal Reports: Unlock the power of Ethereal by reporting with a line-mode tap module; a GUI tap module; grep and awk commands; and Python programs to parse tethereal’s verbose output and PDML (SML) output.

About the Authors

Neil Archibald is a security professional from Sydney, Australia. He has a strong interest in programming and security research. Neil is employed by Suresec LTD as a Senior Security Researcher. He has previously coauthored Aggressive Network Self-Defense, (Syngress, ISBN: 1–931836–70–5).

Gilbert Ramirez was the first contributor to Ethereal after it was announced to the public and is known for his regular updates to the product. He has contributed protocol dissectors as well as core logic to Ethereal. He is a Technical Leader at Cisco Systems, where he works on tools and builds systems.

Noam Rathaus is the cofounder and CTO of Beyond Security, a company specializing in the development of enterprise-wide security assessment technologies, vulnerability assessment-based SOCs (security operation centers), and related products. Noam coauthored Nessus Network Auditing (Syngress, ISBN: 1–931836–08–6). He holds an Electrical Engineering degree from Ben Gurion University and has been checking the security of computer systems since the age of 13. Noam is also the editor-in-chief of SecuriTeam.com, one of the largest vulnerability databases and security portals on the Internet. He has contributed to several security-related open source projects, including an active role in the Nessus security scanner project. He has written more than 150 security tests to the open source tools vulnerability database and also developed the first Nessus client for the Windows operating system.