How To Build a Raspberry Pi Vulnerability Scanner (It's AWESOME)
HTML-код
- Опубликовано: 4 июл 2024
- In this video, I'm showing you step by step how to build a raspberry pi vulnerability scanner from the ground up. This will allow you to scan your own network, understand the results coming out of a scanner, and be able to add vulnerability management skills to your cybersecurity skill set.
🥼 Raspberry Pi Lab
Raspberry SC15184 Pi 4 Model B 2019 Quad Core 64 Bit WiFi Bluetooth (2GB) amzn.to/3i61EhI
Miuzei Case for Raspberry Pi amzn.to/2Vzyrnz
Micro Center 32GB Class 10 Micro SDHC Flash Memory Card with Adapter amzn.to/3B0Qm6X
Micro HDMI to HDMI Cable 6FT amzn.to/3ekpiG3
VNC Viewer: www.realvnc.com/en/connect/do...
Nessus Download: www.tenable.com/downloads/nes...
Nessus Install: docs.tenable.com/nessus/10_0/...
Raspberry Pi Imager: www.raspberrypi.com/software/
CyberSN Job of the Week: cybersn.com/public/search-job...
📒 Show Notes 📒
⏰
0:00 Preview
0:30 Setting up Raspberry Pi
3:24 Setting up Nessus and VNC Viewer
11:30 Scanning a Target
14:45 Configuring Advanced Scan
16:21 Discovered Vulnerabilities and their types
17:59 Scanning your Home Network
20:29 CyberSN Job of the Week
Simply Cyber's mission is to help purpose driven professionals make and and take a cybersecurity career further, faster.
📱 Social Media
LinkedIn: / geraldauger
Twitter: / gerald_auger
RUclips: / geraldauger
Discord: / discord
Twitch: / gerald_auger_simplycyber
🔥 My Curated Website of Free Cyber Resources
SimplyCyber.io
📷 🎙 💡 MY STUDIO SETUP
📷 Camera / Video
Sony Alpha a6400 amzn.to/2TZliEb
Sigma 30mm F1.4 amzn.to/3hEJFA2
Gonine AC-PW20 AC Adapter (for a6400) amzn.to/3wDZBqc
Fotga 52mm Slim Fader amzn.to/3khne5w
Boom Scissor Arm Stand amzn.to/3efSv5b
Logitech C922 Pro Stream Webcam 1080P amzn.to/3i8AI0B
BlueAVS HDMI to USB Video Capture Card 1080P amzn.to/3i5JAEk
Anker USB C to HDMI Adapter amzn.to/3kjjoJ4
60-Inch Lightweight Tripod amzn.to/36B5j1u
5X 6.5ft Portable Green Screen Chromakey Collapsible amzn.to/3efW9Mp
Glide Gear TMP100 Adjustable Teleprompter amzn.to/3B36DrZ
🎙 Audio
Blue Yeti Nano Premium USB Mic amzn.to/3efWcb3
BOYA BY-M1 3.5mm Electret Condenser Microphone amzn.to/3AZzJIN
Boom Scissor Arm Stand amzn.to/3efSv5b
Neewer Professional Microphone Pop Filter Shield amzn.to/3ekdZOi
💡 Lighting
UBeesize 10’’ LED Ring Light amzn.to/3i23qAm
Neewer Ring Light Kit:18"/48cm Outer 55W 5500K Dimmable LED Ring Light amzn.to/2U0slwo
Fovitec 2-Light High-Power Fluorescent Studio Lighting Kit amzn.to/36zDS8A
Neewer 2-Pack Dimmable 5600K USB LED amzn.to/3B0crCQ
Neewer 480 RGB Led Light amzn.to/2Vzwmbf
60-Inch Lightweight Tripod amzn.to/36B5j1u
🧑🏻💻 Workstation
2020 Apple Mac Mini with Apple M1 Chip amzn.to/3wybMVL
Logitech MX Master 3 Advanced Wireless Mouse amzn.to/3xFCkWp
Apple Magic Keyboard amzn.to/3ehMRiP
Huanuo Dual Monitor Stand Mount amzn.to/3keFZqc
Dell U2717D IPS 27" UltraSharp InfinityEdge Slim Widescreen amzn.to/36znqoG
USB C to SD Card Reader amzn.to/2VG1RRd
StarTech 2 Port USB C KVM Switchamzn.to/3efWoa7
Toshiba Canvio Basics 1TB Portable External Hard Drive USB 3.0 amzn.to/3hZOK4A
External Hard Drive Portable Carrying Case amzn.to/3r62XRM
Mountable Surge Protector Power Strip with USB 5 Outlets 3 USB Ports amzn.to/3wDmlqv
👉 Some product links are affiliate links which means if you buy something SimplyCyber receives a small commission (but it all costs the same to you, so consider it supporting the channel 😉 )
🙌🏼 Donate
Like the channel and got value? Please consider supporting the channel
www.buymeacoffee.com/SimplyCyber
😎 Merch 😎
👉🏼 SimplyCyber Branded Gear: teespring.com/stores/simplycyber
🎥 Livestreams are produced through StreamYard.
$10 credit using my referral link below if you ever upgrade to pro plan.
streamyard.com?pal=6534222448689152
Disclaimer: All content reflects the thoughts and opinions of Gerald Auger and the speakers themselves, and are not affiliated with the employer of those individuals unless explicitly stated. Наука
🚨 You will have to wait 24 hours for the plugins (what the scanner uses to check) or force a plugin download. Thats why no good vulns poppep up. You can do it manually by following this docs.tenable.com/nessus/Content/InstallPluginsManually.htm
Just got an internship doing vulnerability scanning this is exactly what I needed thank you!
Congrats! 🎉
Hey sir , I’ve been following you since beginning. Thank you for all the content , I can’t wait to tell here “I got the job “ . Last 5 months to get my cyber degree. Trust the process . Thanks again .
This is a great project to do. I just did a 5 cybersecurity lab project video and wish I added this one!!!
Thanks Nicole. Sounds like a b-sides cut of the video is in order. :)
Are you doing cybersec still?
This was great! Very informational and easy to follow.
Glad it was helpful! This one was a lot of fun to play with.
Another great episode that's helping me in my day to day journey of becoming a cyber professional. Thank you..
Thanks Reed. I appreciate the feedback and happy to hear I'm part of your journey!
Now if only there were Raspberry Pis available. Thank you Gerry!
I believe... I need to check out all of your Rpi Labs!
i havnet but should create a playlist to make it easier. The webgoat one is really good if you want to learn web app pentesting.
Great video !!!
Timestamps
0:00 Preview
0:30 Setting up Raspberry Pi
3:24 Setting up Nessus and VNC Viewer
11:30 Scanning a Target
14:45 Configuring Advanced Scan
16:21 Discovered Vulnerabilities and their types
17:59 Scanning your Home Network
20:29 CyberSN Job of the Week
This was a great video. Would have loved to see you investigating that suspected Windows box to bring it full circle. Thanks for the great content!
Glad you enjoyed it!
Great video and project , just finished the raspberry pie Nessus lab by followed your video 🙏
How was your experience? Find any 'new' devices on the network? Any interesting findings? Thanks for the kind words and trying the lab out.
@@SimplyCyber , great experience , still trying to figure out why my windows 10 pc is not discovered , I am able to ping from pi but not showing the ip during discovery 💡 , not sure if it’s firewall ? , playing with the Nessus , thanks 🙏
@@kannans4822 maybe disable win firewall or defender (just for a minute!) and rescan to see if its blocking the scan. be sure to turn it back on!
Nice tutorial excited to try it out. I've been using my Pi as Retropies but want to try new tools.
Thanks KC. Retropi is fun, i had that for a bit on this one. Its very practical lab that can provide your home network with some visibility to boot!
Thanks for the Squad support too! The loyalty badging looks really cool.
@@SimplyCyber it does look cool! gang gang. Top 3 games on retro?
@@shahataman i always play moon patrol as soon as i build out a retro/mame type setup. Joust and Galaga are next up after that.
Wonderfully published video! I'm the corporate STEM liaison for our local group and I'd love to chat sometime.
Cool! Dm me on LinkedIn or SimplyCyber discord server
I was a bit confused as to which machine you were downloading what to.... so as a noob, this was not clear to me. but anyway... I will figure it out. thanks for the project! it something I hope to get organised and figured out... thanks!
Thanks for feedback. In the video I download the Nessus deb file
From the website to the mac. I then use scp to copy from the mac to the pi.
@@SimplyCyber thank you so much!! I got a little lost there... lol
Great video. Please turn up your mic gain a bit. You are way quieter than other channels.
Working on it! Appreciate that. its always hard for me to tell. I need to get more like other channels where the mic is in screen and upside my head.
I’m doing this. I guess you could try scanning your router but would have to hit from the WAN side. Probably a LAN side scan of the router could be valuable as well.
Yes. hopefully you dont find anything too concerning on the router. Might be less interesting without creds.
@@SimplyCyber I run Peplink so I don’t expect any issues. 😎
Great video.Can you please provide the link for Devsec interview you mentioned 21.22
DevSecOps explained with Ashish Rajan ruclips.net/video/eRli3MVA-qk/видео.html
Have a pair of PI v1 left over here. Would like to use them with wifi-n dongles as sensors and a PC/VM for more processing requirements. Or just the raspebby logging findings to a syslog server. Any1 helping ?
Hey simplilearn is offering a program to get network and security plus , ceh, cism, ccsp & the ccsp.. do you think its worth it? It’s a year and 2800$?
Does it include the exam fees for taking each of those certs? $2800 is a lil pricey, but if you are getting all the exam fees its not awful.
@@SimplyCyber do you recommend simplilearn? Also it does include all tests , do u think having all those certs with no experience is pointless ?
Does this Nessus for Raspberry Pi require a subscription, or is there a free (no cost) version?
The version I show is free and gives you access to up to 16 ip
I find it easier and more convenient to enable the web server on the pi and access the GUI via web browser from another computer rather than messing with VNC.
great idea. I likely could have downloaded the deb file from the pi itself instead of scp. Is your idea saying setting up SimpleHTTPServer on the pi?
But either way, running a web server on the pi makes the Nessus web interface accessible without needing VNC
can't you just use an hdmi cord to hook up the rasberry pi to a monitor? why would you need to use the VNC viewer or terminal?
You can but I wanted a headless unit
that's fair, I am still a newbie, so will have to look at this again in the future.
thanks!@@SimplyCyber
Look, i dont want this comment to sound like hate, but i have a problem when you talk about adding this lab as "experience using vulnerability scanners".
I'm a software engineer learning CyberSEC, working on startups and with almost 10 years coding in Python and building apps.
I'm also learning CyberSEC and like the content on your channel, but it makes noise to me when you tell this is "experience", and i get it, its a lot more than doing nothing, but i have a problem when i have to choose people to work with me and have a resume/CV filled with "arduino intermediate" (turned on a led) and that type of points in their resume/CV.
I want to be clear, this is not a hateful comment, but i also cant be silent about this, the video is good, the content is also fine, but to me, adding something on a resume is not about starting an app and getting a list of "information", it's about knowledge, so, taking this video and then learning to solve some vulnerabilities would be great, but getting a list of "this is just information, we can ignore it" is not something i can use to add value on the business i work at.
Not to mention vuln scanning is simply the start of the process, that’s why we call them “vulnerability management programs” in security. The scan is 10% of the work, assessing the local risk, what the threat actually is and working with people to get them remediated is where the value to the firm lies, not in a scan.
Love this commentary and agree that the scan is only a part of the picture, I wouldn’t even call this resume bullet vulnerability management, but having the scanner and being able to run a scan and get results does unlock the capability to begin to play with vulnerabilities and understand the non context results from the scanner and adding context from your knowledge of environment.
I do wish I got better more interesting results to play w/ but perhaps based on your feedback a follow up video that takes the next step and does vulnerability mgmt (context scans, poam/risk register, accepting risk, risk mitigation that isn’t patching, etc and what a resume bullet could look like w the whole picture) could be useful. Thoughts?
Appreciate following the channel and giving constructive criticism.
@@SimplyCyber Part 2 would be awesome!
@@SimplyCyber I’ve moved to mostly agent based scans using varying types of endpoint management software, for host based OS’s it’s really the only way to get decent results. And even then there are NVD coverage gaps in nearly all of the products so you almost need more than one vendor. The downside to agent based scans are fairly numerous as well, some don’t detect apps that aren’t installed using an installer, many don’t detect third-party vulns and the false positive rate can be daunting at times. For third-party there’s now an entire category of toolset to dig in there.
From a network scanner perspective you need to run both unauthenticated and authenticated scans to gain the visibility needed. Scanner service account for Windows and SSH keys for Linux. Network devices and others (like ESX) come with their own issues and challenges.
The other part that’s becoming more and more crucial, at least operationally, is to have a standard threat model you pass the vulns through, I use a customized/localized version of DREAD+D. Realistically ops folks can’t “just patch everything” anymore, there’s just not enough time or people. End result is that you have to pass the data through a threat model to prioritize based on local conditions and hand off a prioritized list for remediation.
Then, to help refine that prioritized list even further, and be able to react more quickly, threat intelligence can really be a benefit. It’s quite costly (like, a lot) but if you feed it your vulns it’ll tell you when the bad guys are actively trying to exploit them so you can alert and pass that on as “red button” patching to ops/infra/systems teams.
Tracking and managing the remediation process itself… ugh. None of the vendors get this part, they STILL don’t understand life only starts at the scan. Today I’m using a combination of Jira and Splunk to track, manage and alert on that part. And it’s fugly, like super icky but I’m lucky to have full-time engineers on my team to wrestle that beast.
@@c1ph3rpunk I’m jealous of how mature your program is. Great points with the gaps and agent based challenges. Expect a shoutout in the part 2 video!
My phone's so infested and all my devices by some guys claiming to be Nigerian Security agency. I'd let this guy flash my phone and boot
Same guy offered my $1mil finders fee to help shield his royal family inheritance from the Nigerian Revenue Service. Will only cost me $2,500.00 up front to put in his account (Bitcoin only) - but I'll make sooooo much $$$$.