3

My scenario is that I have a VPS with Apache (mostly for development of my own projects) accessed via SSH; and I time to time I would like to do a quick check just to be sure that there's no potential flaw I would not be aware of.

Most of the time I'm behind evil firewalls so I can't simply do an n-map from another (desktop) machine.

Now there are these services like nmap scan at online-domain-tools.com or GRC's ShieldsUp! that allow for such quick security checkup.

Nice. However:

  • they never offer scan of a third IP---only the very same IP that is requesting the scan via the web interface (obviously because that could be easily abused)

  • since all (that I know) have web-based interface, it's quite complicated to use them from SSH command line (unless you're a lynx/links freak); particularly, scans cannot be easily scheduled or called from a test script

Is there an equivalent to these services that can be used for a single machine, via command line, or other terminal-friendly interface?

Edit: I'm starting to think I might be looking in the wrong direction. Or that the service is yet to be offered ;)

But to make it clear, idea of such scenario is:

  1. I make agreement (and pay) provider of this service, running on theirhost

  2. I log in to myhost

  3. Using a a CLI tool I instruct theirhost to scan me (which and how scans they run is their know-how)

  4. Either directly or e.g. via e-mail, I receive results

Alois Mahdal
  • 391
  • 1
  • 5
  • 16
  • Maybe you should look at nmap closer: try http://nmap.org/ Also, you don't want to be executing any such scanning on the server but targeting the server from an external host usually. – ewanm89 Nov 06 '12 at 21:25
  • @ewanm89 I don't want to run the scans on my host, I want to *instruct other* host: "Please, scan *me* (and send me report e.g. via e-mail or store it for me)." ---- About the same thing what I would use one of those web services for, if I had X on the server, which I obviously don't want. – Alois Mahdal Nov 06 '12 at 21:34
  • Okay, then, nmap, nessus... plenty of tools depending what precisely you want to scan for just start looking. nmap can very easily be used from the command line if you learn to use it. – ewanm89 Nov 06 '12 at 21:37
  • @ewanm89 I know nmap (don't know Nessus, had just a glance) but my main limitation is that I don't have the other host to perform scans **from** This is exactly where ShieldsUp! comes handy, except that it's not very usable from terminal environment. – Alois Mahdal Nov 06 '12 at 21:43
  • A VPS with ssh is all you need, you can install which tools you want yourself. You are getting your own lines crossed, I think it's a way to ssh past firewall you really need? – ewanm89 Nov 06 '12 at 23:06
  • You don't want to use web interface, but you are then saying you can't get a host to do it from to set it up yourself (really shouldn't be hard). – ewanm89 Nov 06 '12 at 23:07
  • Try [lynx](https://duckduckgo.com/Lynx_%28web_browser%29) or [w3m](https://duckduckgo.com/?q=w3m) – bonsaiviking Nov 07 '12 at 04:12
  • 2
    Avoid ShieldsUP - it's [generally hocus-pocus](http://web.archive.org/web/20060215171504/http://blog.netwarriors.org/articles/2003/11/11/shieldsup-analyzed). Furthermore, [Steve Gibson is a known infosec charlatan](http://attrition.org/errata/charlatan/steve_gibson/). There was even [an entire website](http://web.archive.org/web/20070622061544/http://www.grcsucks.com/) dedicated to debunking his marketing hype and sci-fi security gibberish. – Polynomial Nov 07 '12 at 11:31

3 Answers3

8

Pay for another cheap VPS and install nmap, w3af, etc and any other tools there. Then you SSH in and run your tests. You could also schedule the tests to happen automatically and email the results.

This is not a pre-made service, but it does accomplish what you've asked for with a handful of tiny scripts, done more cheaply and with more control than a paid service.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • 3
    Alternatively, instead of paying for one VPS more, I could use a friend's VPS for that. In exchange for a reverse service... – Alois Mahdal Nov 07 '12 at 13:17
6

You can rent an EC2 server fo only 6.5 cents per hour (11.5 cents for Windows). Then run whatever scanning/testing suite you want.

If you're looking for a third-party security scanning service, there's hundreds of them now that these scans are a required part of PCI compliance. Just Google for "PCI Scanning Vendor".

tylerl
  • 82,225
  • 25
  • 148
  • 226
1

If your VPS is running Linux, you could install a simple web proxy (such as Tinyproxy) and then visit sites like the ones you mentioned using the proxy. You can configure the proxy to permit connections only from the local host, and then use an SSH tunnel to connect to the proxy.

For example, assume you have a web proxy on your VPS which is listening on localhost:3128. You can log in via SSH and tunnel your local machine's port 3128 to the VPS's 3128 like this:

ssh -L 3128:localhost:3128 your-vps-host.com

Having done that, tell the web browser on your local machine to use localhost:3128 as a proxy. Then visit one of the scanning sites you mentioned, and they'll scan the IP address you're coming from -- which will be your VPS.

Mox
  • 189
  • 3