The goal of the article is to propose a set of tools for evaluating security of SOHO routers. The chosen set contains tools for port scanning, performing denial of service attacks and testing vulnerabilities of web interfaces of the routers. All the chosen tools are free for use what makes them available to anyone, however, it has significant cost to functionality, documentation and support. This chapter provides review of the tools. It focuses on ease of use, level of maintenance, documentation and whether the tools have GUI. Summary table evaluating the tools is provided at the end of the chapter.
is a free and open source (GNU GPL) utility for network discovery and security auditing. It uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap was first released in 1997 and its author is Gordon “Fyodor” Lyon. Besides him, many other people made valuable contributions to development of the tool. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OSX. Classic Nmap is a command-line tool, however, Nmap suit includes GUI and results viewer called Zenmap. Documentation is available on Nmap homepage. It provides all the necessary information about configuration options and is very easy to understand.
is a command line tool written by Robert “RSnake” Hansen in 2009 and it was presented at Defcon 17 a few weeks after its release. Originally it was written in Perl but later versions in other languages, such as python (PyLoris), PHP and exe version were written by other authors. The tool performs low bandwidth denial of service attack. It keeps sending incomplete http POST requests until the web server runs out of resources. 21 The script is available on ha.ckers.org6 including manual. The manual explains how the script performs the denial of service attacks and describes configuration options. Following the manual the tool is very easy to use.
is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for potentially dangerous files/programs, checks for outdated versions of servers and version specific problems. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. It is written by Chris Sullo and David Lodge and the first version Nikto 1.00 Beta was released in 2001. It is a command line tool written in Perl and it should run on any system that supports basic Perl installation. It has been tested on Windows, Mac OSX and various Linux and Unix installations. Documentation is available on the Nikto homepage. Nikto is very easy to use, it provides output that is easy to understand it and is suitable for testing vulnerabilities of the web servers of SOHO routers.
is a web application attack and audit framework. The project’s goal is to create a framework to help secure web applications by finding and exploiting all web application vulnerabilities. It is developed using Python and licensed under GPLv2.0. The project was created in 2006 and is leaded by Andres Riancho. Linux, BSD and Mac platforms are supported. The framework should work on Windows as well, however, the current version was not tested on Windows and the installation process is not supported due to its complexity. The framework can be used via both console and GUI (graphical user interface). It can be downloaded from w3af homepage where documentation is available as well. The framework provided usable results from only few router scans. The problem was caused by the fact that routers have restricted CPU and memory 6 The source could be downloaded from the URL by the end of 2014 but is not available anymore. The script is available in Appendix B. 22 resources and they tend to fail during the scans due to overload. Reducing scan load by disabling some of the plugins and lowering the number of requests sent per minute helped solve this in some cases. However, there were also problems with the framework itself. It was crashing permanently and a bug was found.
is proprietary vulnerability scanner developed by Tenable Network Security. The “Nessus” Project was started by Renaud Deraison in 1998. The tool is cross-platform and is licenced under GPL (2.2.11 and earlier). It is available in four versions each supporting a different range of features depending on price. All versions but Nessus Home are paid. The Home version supports web application scanning and therefore it is sufficient for the purpose of the thesis. Besides web application scanning it supports features like vulnerability scanning, configuration audit, and malware detection. Documentation is available on Tenable Network Security homepage. Nessus is user friendly and easy to configure. However, the web application scanner does not output scanned URLs and therefore it cannot be verified whether authentication was successful for a particular scan.
is an online web application security scanner licenced under GNU AGPLv3, which automatically finds vulnerabilities and weaknesses of a given web application and provides remedy advice. It currently supports applications with no authentication, basic authentication, and form-based authentication. It is developed by Revok Team in Red Hat and the first version was released in 2013. Revok performs vulnerability and security hardening checks on OWASP Top 10 vulnerabilities and it supports auto-detection of authentication type and login URL. Compared to other web vulnerability scanners that provide complex configurations it is very easy to use. However, the simplicity sometimes comes at cost to functionality. 7 The bug was found in rfi (remote file inclusion) audit plugin. An unexpected exception was raised. 23 Revok binary package for download along with documentation are available on Revok homepage. The documentation is very brief and provides only basic information about the tool’s configuration options. If one wants to set more advanced options it is probable he would not find it in the documentation.