Portal Home > Knowledgebase > Articles Database > Perl script to test server against hacking
Perl script to test server against hacking
| Posted by PingWebsite, 05-12-2008, 07:37 AM |
| This is a bit of a loaded question, since such software can also be used by unscrupulous persons to find the weak point of a server! So it's best to maybe PM me with any suggestions!
I'm looking for a Perl script/application that is preferably GNU, which I can use or modify to run security checks via the internet on remote servers. My company already offers a server monitoring application, and I want to upgrade this application to the next level by including a hacking security check.
Thanks!
Simon
|
| Posted by jseymour, 05-12-2008, 08:21 AM |
| Not a perl script, but pretty much a standard application for this (which we use for testing on our servers). Nessus works very well for this, and the plugins are updated regularly to cover more current issues.
|
| Posted by Feeyo, 05-12-2008, 08:55 AM |
| I agree here. Nessus best app to do this.
Or NSS (Network Security Scanner)
SATAN (Security Administrator's Tool for Analyzing Networks)
Saint
And there are so many more security scanners out there.
Last edited by Feeyo; 05-12-2008 at 08:58 AM.
|
| Posted by PingWebsite, 05-12-2008, 09:26 AM |
| OK re those applications. I'm familiar with them and they are good! But I want to integrate such types of testing into my existing perl scripts that I use for server testing.
Looks like I will have to write something from scratch
Thanks
Simon
|
| Posted by atomicturtle, 05-12-2008, 01:29 PM |
| Check out nikto, http://www.cirt.net/nikto2
Its a nice lightweight webapp vulnerability scanner written in perl. I would also recommend checking out www.owasp.org, for tutorials, and other testing tools.
And if you can afford it, WebInspect is a fantastic commercial scanner.
|
| Posted by cloud911, 05-13-2008, 02:44 AM |
| Be careful with the dangerous plugins of Nessus. Once it caused my server to go down. Other than that, its quite useful stuff.
|
| Posted by ContentColo-Dave, 05-13-2008, 02:48 AM |
| Nessus is definitely the tool to use.
|
| Posted by drokmed, 05-13-2008, 12:36 PM |
| Finding weakness is one thing, automated response to exploit attempts is another.
I'd recommend an Intrusion Detection System (IDS) with active response, either on or near your firewall. Snort is very popular, psad with fwsnort is another good one.
|
| Posted by brianoz, 05-14-2008, 07:14 AM |
| Server hardening is also a good idea - suPHP, suhosin, CSF/APF, turn off all unused services, etc etc. If you don't know how to harden a server get an experienced sysadmin to do it - the money you spend hiring a knowledgeable guy to do it you will save over and over again when your accounts and server don't get hacked.
|
Add to Favourites 
Print this Article
Also Read
