Penetration Testing mailing list archives

RE: Features of a vulnerability scanner

From: "Kohlenberg, Toby" <toby.kohlenberg () intel com>
Date: Mon, 1 Dec 2003 12:58:03 -0800

(All opinions are my own and in no way reflect the views of my employer)

one key feature that I haven't ever seen is confidence in a result.
I'd like my VS to tell me why it believes and answer is correct and
how confident it is of that answer. Is Sendmail not vulnerable because
it isn't present, because the banner clearly shows a non-vulnerable
version, because the banner doesn't give enough information to make a
real decision, because the banner doesn't say Sendmail? 

Give me these details and a confidence value to go with them so that I
can help diagnose errors in the scanner.

toby

-----Original Message-----
From: Patrick Boucher [mailto:pboucher () gardienvirtuel com] 
Sent: Monday, December 01, 2003 11:07 AM
To: Marc Ruef; pen-test () securityfocus com
Subject: Re: Features of a vulnerability scanner


Greetings,

1) One of the most important feature in a vulnerability scanner is it's 
ability to modify it's parameters, For exemple, something the target
will not 
answer to Ping, traceroute or even TCP ping.  But will have port 25
open.  
The scanner should do it's work even in thoses conditions.

2) And SQL injection and analysis of the web page's content. Like
extracting 
comments or error in HTML programming.

That's one of the primary thing that, I think, is missing. 

If any body know of a way to do thoses thing, please let me know! 

Patrick

 On Monday 01 December 2003 05:26, Marc Ruef wrote:

Dear List

I would like to ask you pen-testers two generic questions about
vulnerability scanners:

1. Which features for you are very important or is the most important

in a

vulnerability scanner software? 2. Which features are you missing in

the

existing vulnerability scanner products?

A vulnerability scanner in this context is a tool that looks

automaticly

for potential security holes. There are for example Nessus, ISS

Internet

Scanner, Symantec NetRecon, GFI LanGuard, SATAN, SAINT, Vigilante,

Dante

Security Scanner, ... Port scanner and enumeration utilities like

nmap,

N-Stealth, Whisker or Nikto are here not counted to vulnerability

scanners.


Yours,

Marc Ruef



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Features of a vulnerability scanner Marc Ruef (Dec 01)
- Re: Features of a vulnerability scanner Patrick Boucher (Dec 01)
- RE: Features of a vulnerability scanner Blake Wiedman [Icons] (Dec 01)
- Re: Features of a vulnerability scanner wirepair (Dec 01)
- Re: Features of a vulnerability scanner Anders Thulin (Dec 03)
- <Possible follow-ups>
- RE: Features of a vulnerability scanner Gonenc, Ozan (Dec 01)
- RE: Features of a vulnerability scanner Kohlenberg, Toby (Dec 01)
- RE: Features of a vulnerability scanner Brass, Phil (ISS Atlanta) (Dec 03)