Hand Held Auditing Device

[davems at davewking.com (Dave King)]

A couple of things you might want to know are that you may want to be
careful choosing a device if you want metasploit 3 and Nessus 3.x to run
on them.  With Metasploit 3 I remember hearing that it doesn't work on
the n770 for example (I haven't heard if it works on the n800 though). 
I believe the Silica runs on one of these.  I think it's a ruby slowdown
thing but I'm not sure.  I tried to get it to run on an iPaq using
familar and had the same problems.  Also, if you want to run Nessus 3
then it's limited to certain distributions and all of these are x86
processors (which would eliminate arm devices I believe).  You could
possible cross compile 2.x to arm or something since the source is
available and it would be able to do most everything 3 can do, mostly it
just works slower and misses a couple of new features.  I was kind of
wondering if a pepper pad would work for a handheld tool like this
(http://www.hanbitamerica.com/), it's got a x86 processor (AMD Geode) in
it i hear so it might be possible to get one of the Nessus packages to
work on it.  Something more like the n800 though seems like it would be
better since it's smaller.  If all you wanted was a Nessus client for a
handheld device then that's not hard to do.  I wrote a ruby library to
connect to nessus about a year ago (I need to get back in there an
polish it up) http://rubyforge.org/projects/nessuslibs/ .  This is very
interesting and it would be great to have a functional handheld for
assessments.

Dave

Robert Clark wrote:
> Hey All,
>
> For my masters dissertation I'm thinking about cloning some of the
> functionality of the Silica device from ImmunitySec (
> http://www.immunitysec.com/products-silica.shtml )
>
> Obviously to do this I'm looking at a number of factors, building an
> embedded distribution of Linux along the lines of Familiar Linux (
> http://familiar.handhelds.org/ ) With the intended platform being a PDA
> with bluetooth and Wifi (obviously).
>
> Now apart from the base distribution I will also be looking to tie
> together a few F/OSS projects here, Metasploit, Nessus and a few tools
> that I am writing myself ( Mainly statistical analysis of passive
> traffic for use in social engineering ).
>
> Anyway, if anyone is interested in a project like this or has any
> comments about how they would approach it / what they would use, please
> feel free to email me.
>
> Thanks
> -Rob
>
> --
> /**
>   * Robert Clark
>   **
>   * Technical Student ALICE/DAQ
>   * Software Engineer CERN PH/AID
>   **
>   * Gentoo Linux Forensics
>   * hyakuhei at gentoo.org
>   * GPG : 0x2217D168
>   */
>
>
>