# Server security test



## adripillo (Jul 3, 2013)

Is there any good program to test a firewall on a server? Like some brute-force attack and massive connection tries? Thanks again.


----------



## SirDice (Jul 3, 2013)

How about security/nmap and/or security/nessus?


----------



## adripillo (Jul 3, 2013)

SirDice said:
			
		

> How about security/nmap and/or security/nessus?



The security/nessus is marked BROKEN*.*


----------



## adripillo (Jul 3, 2013)

Any chance of getting one that could use with a GUI?


----------



## adripillo (Jul 3, 2013)

Found security/zenmap that uses a GUI but again, gtk20 failed and so all instal*l*ation failed.


```
gmake[3]: *** [all-recursive] Error 1
gmake[3]: Leaving directory `/usr/ports/x11-toolkits/gtk20/work/gtk+-2.24.19/modules/printbackends'
gmake[2]: *** [all-recursive] Error 1
gmake[2]: Leaving directory `/usr/ports/x11-toolkits/gtk20/work/gtk+-2.24.19/modules'
gmake[1]: *** [all-recursive] Error 1
gmake[1]: Leaving directory `/usr/ports/x11-toolkits/gtk20/work/gtk+-2.24.19'
gmake: *** [all] Error 2
*** [do-build] Error code 1

Stop in /usr/ports/x11-toolkits/gtk20.
*** [build] Error code 1

Stop in /usr/ports/x11-toolkits/gtk20.

===>>> make failed for x11-toolkits/gtk20
===>>> Aborting update

===>>> Update for gtk-2.24.18 failed
===>>> Aborting update

===>>> Killing background jobs
Terminated
===>>> Upgrade of libXi-1.7.1_1,1 to libXi-1.7.2,1 complete


===>>> You can restart from the point of failure with this command line:
       portmaster <flags> security/zenmap x11-toolkits/gtk20 x11-toolkits/py-gtk2 

===>>> Exitin
```


----------



## ShelLuser (Jul 3, 2013)

What good is testing your security going to be if you're not going to invest some time to try and understand the testing procedures themselves?

When looking at security/nmap it really isn't as difficult as you make it out to be, especially considering that the nmap(1) manual page lists several ready-to-use examples which you can apply right away.


----------



## adripillo (Jul 4, 2013)

ShelLuser said:
			
		

> What good is testing your security going to be if you're not going to invest some time to try and understand the testing procedures themselves?
> 
> When looking at security/nmap it really isn't as difficult as you make it out to be, especially considering that the nmap(1) manual page lists several ready-to-use examples which you can apply right away.



Yes*,* but graphical is more "easy" to show to the people that only use _W_indows. But thank you


----------



## Solaris (Jul 4, 2013)

Here is the slow comprehensive scan command that i have grabbed from zenmap GUI*:*

`nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" 123.123.123.123`


----------



## adripillo (Jul 4, 2013)

Solaris said:
			
		

> Here is the slow comprehensive scan command that i have grabbed from zenmap gui :
> 
> `nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" 123.123.123.123`



*T*hank you, will try it.


----------



## throAU (Jul 5, 2013)

adripillo said:
			
		

> Yes*,* but graphical is more "easy" to show to the people that only use _W_indows. But thank you



If people only use Windows and can't figure out command line options for `nmap` (or what the options actually mean, and what they are trying to accomplish), then they really have no business performing security audits.

As far as reporting goes, `nmap` can output to XML from memory.


----------



## adripillo (Jul 5, 2013)

throAU said:
			
		

> If people only use Windows and can't figure out command line options for `nmap` (or what the options actually mean, and what they are trying to accomplish), then they really have no business performing security audits.
> 
> As far as reporting goes, `nmap` can output to XML from memory.



Yes*,* but when you need to show the test result in a conference or something*,* some people there do not understand what you are showing, so graphics for them are more easy.


----------



## throAU (Jul 8, 2013)

adripillo said:
			
		

> Yes*,* but when you need to show the test result in a conference or something*,* some people there *do not understand what you are showing*, so graphics for them are more easy.



So just dodgy something up in Calc? 

Nah, more seriously, nmap definitely does XML output, which you should be able to import into a spreadsheet and do pretty graphs or whatever with


----------

