Installing additional weapons
Although BackTrack 4 comes with so many security tools, sometimes you need to add additional software tools because:
- It is not included with the default BackTrack 4
- You want to have the latest version of the software not available in the repository
Our suggestion is to try to first search for the package in the repository. If you find the package in the repository, please use that package, but if you can't find it, you may want to get the software package from the author's website and install it by yourself. We suggest you use the software in the repository as much as you can.
The command to search for the package in the repository is:
apt-cache search <package_name>
If you found the package and you want to get more information about it, use:
apt-cache show <package_name>
It will display more information about the software package.
Then you will be able to use apt-get to install the package:
apt-get install <package_name>
However, if you can't find the package in the repository and you are sure that the package will not cause any problems later on, you can install the package by yourself.
Download the software package from a trusted source. Then use the dpkg command to add the additional software. Make sure that the software is bundled in Debian package format (DEB).
In this section, we will give examples on how to install additional security tools. The tools are Nessus and WebSecurify.
Nessus vulnerability scanner
As an example for the first case, we want to install the latest Nessus vulnerability scanner (Version 4). We have already searched in the BackTrack repository, and the available Nessus is Nessus Version 2, so we won't use it. The reason why BackTrack doesn't include the latest Nessus version is because of the licensing issue. Since Version 3, Nessus is no longer open source software. A Linux distribution can't distribute it anymore without licensing it from the Tenable Security (the company who develops Nessus).
We download the latest Nessus package generated for Ubuntu 8.10 Linux distribution from Nessus website (http://www.nessus.org). To install the package we issue the command:
dpkg -i Nessus-x.y.z-ubuntu810_i386.deb
You can then follow the instructions given on the screen to configure your Nessus:
/opt/nessus/bin/nessus-fetch --register <your_activation_code>
/etc/init.d/nessusd start
- Open your browser and connect to
https://localhost:8834.
WebSecurify
WebSecurify is a web security testing environment that can be used to find vulnerabilities in web applications.
It can be used to check for the following vulnerabilities:
- SQL injection
- Local and remote file include
- Cross-site scripting
- Cross-site request forgery
- Information disclosure problems
- Session security problems
WebSecurify tool is available from the BackTrack repository. To install it you can use the apt-get command:
# apt-get install websecurify
Besides the three tools that have already been discussed briefly, you can also search for other tools in the BackTrack repository using the apt-cache search command.