Nessus NASL + Canned Exploit database

From: Joe Skaboika (caffeinex36_at_yahoo.com)
Date: 08/06/03

  • Next message: Tony Kava: "RE: Dialup Testing scripting?" 
    Date: 6 Aug 2003 18:32:56 -0000
To: pen-test@securityfocus.com
    ('binary' encoding is not supported, stored as-is)

    Has anyone seen any project involving linking nessus .NASL scripts with a
    canned exploit database of some sort.

    For instance, I plug my .NBE file into this tool which spits me out known
    public canned exploits (the actual exploit not links or info). I was
    thinking about a pen-testing extention to nessus where I pipe output from
    nessus into a tool that runs a canned exploit automagically (based on this
    database)

    I realize known canned exploits are buggy and architecture for something
    like this would be a nightmare but I'm curious if anyone has started or
    even started thinking of anything like this.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Tony Kava: "RE: Dialup Testing scripting?"

    Relevant Pages

    • Re: Aggregating vulnerability report data?
      ... It currently is possible to take the nessus reports and dump them to a database. ... > I've been involved in doing vulnerability assessments ... Scanner's to work useful SQL queries to correlate both ...
      (Pen-Test)
    • Re: Nessus NASL + Canned Exploit database
      ... Our primary focus will be to correlate our database with nessus id's and possibly looking at working with other v/a tools down the road. ...
      (Pen-Test)
    • RE: Nessus NASL + Canned Exploit database
      ... taking a look at IDS Informer. ... It has an attack database of 700+ attacks which ... Nessus NASL + Canned Exploit database ... I was thinking about a pen-testing extention to nessus ...
      (Pen-Test)