RE: Nessus NASL + Canned Exploit database

• Previous message: Ian: "Re: Kerberos DoS (Windows 2000)"
• In reply to: Joe Skaboika: "Nessus NASL + Canned Exploit database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Joe Skaboika" <caffeinex36@yahoo.com>, <pen-test@securityfocus.com>
Date: Thu, 7 Aug 2003 13:15:40 +0100

Hi Joe,

If you are interested in testing with real exploit code you may be interested in
taking a look at IDS Informer. It has an attack database of 700+ attacks which
it can replay while spoofing source and destination ip addresses. You can grab
an eval from our website if you would like to take a look

www.blade-software.com

Regards
Matt

-----Original Message-----
From: Joe Skaboika [mailto:caffeinex36@yahoo.com]
Sent: 06 August 2003 19:33
To: pen-test@securityfocus.com
Subject: Nessus NASL + Canned Exploit database

Has anyone seen any project involving linking nessus .NASL scripts with a
canned exploit database of some sort. For instance, I plug my .NBE file into
this tool which spits me out known public canned exploits (the actual exploit
not links or info). I was thinking about a pen-testing extention to nessus
where I pipe output from nessus into a tool that runs a canned exploit
automagically (based on this database) I realize known canned exploits are
buggy and architecture for something like this would be a nightmare but I'm
curious if anyone has started or even started thinking of anything like this.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Ian: "Re: Kerberos DoS (Windows 2000)"
• In reply to: Joe Skaboika: "Nessus NASL + Canned Exploit database"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Aggregating vulnerability report data? ... It currently is possible to take the nessus reports and dump them to a database. ... > I've been involved in doing vulnerability assessments ... Scanner's to work useful SQL queries to correlate both ... (Pen-Test) Re: Nessus NASL + Canned Exploit database ... Our primary focus will be to correlate our database with nessus id's and possibly looking at working with other v/a tools down the road. ... (Pen-Test) Nessus NASL + Canned Exploit database ... Has anyone seen any project involving linking nessus .NASL scripts with a ... canned exploit database of some sort. ... thinking about a pen-testing extention to nessus where I pipe output from ... (Pen-Test)