Penetration Testing mailing list archives
AW: How do VA scans work technically
From: <puppe () hisolutions com>
Date: Thu, 10 Jul 2008 10:09:41 +0200
Salve, the data is quite old by now, but you will find some stuff on the topic on my site: http://www.vulnerability-assessment.de/doku.php -- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________ Mindestinformationen im geschäftlichen E-Mail-Verkehr nach §37a HGB: Sitz der Gesellschaft / registered office: Berlin Handelsregistereintrag / Commercial register: Amtsgericht Berlin Charlottenburg - HRB 80155 Vorstand / Management Board: Torsten Heinrich, Timo Kob, Michael Langhoff Vorsitzender des Aufsichtsrates / Chairman of the supervisory board: Prof. Dr. Klaus Müller
-----Ursprüngliche Nachricht----- Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im Auftrag von Aseem Kumar Gesendet: Mittwoch, 9. Juli 2008 10:52 An: pen-test () securityfocus com Betreff: Re: How do VA scans work technically Hi, Thanks for all the gr8 replies. Showing of already remediated vulnerabilities was what i was concerned. So i always have to take the reports from these scans with a pinch of salt. They even might miss something. But what if i am running say a web server on a non-standard port and have really disabled all settings that might allow an outsider to get a banner or version number of underlying application then will the scanners still be able to do some heuristics and come out with nearly correct answers. Can someone point me to any link that will provide more insight into this process. Regards Aseem On Wed, Jul 9, 2008 at 11:07 AM, Killy <killfactory () gmail com> wrote:Nessus can ne configured to perform safe scans. It will still for blank root, as and administrator passwords under that config. So, it depends on your definition of exploit :) Nessus can also be configured to prrerform brute force attacks using ahydraplugin/module You also perform thorough tests/scans. I have feeling that you are wanting to if nessus and qualys operate like metasploit, canvas or other exploit frameworks. I would say no. But nessusbis very flexible and you can customize It and create your own plugin to do just about anything. There is plenty of documentation and help online. Sent from my iPod On Jul 8, 2008, at 4:02 PM, "Aseem Kumar" <kumaraseem () gmail com> wrote:Hey, Can someone tell me (any weblink , any ebook, or direct answers) as to how the VA scans like those of Qualys or Nessus work? How do they find the vulnerabilities of a system without everexploitingit? Regards Aseem ------------------------------------------------------------------------This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar -------------------------------------------------------------------------- Love enables you to put your deepest feelings and fears in the palm of your partner's hand, knowing they will be handled with care. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- How do VA scans work technically Aseem Kumar (Jul 08)
- RE: How do VA scans work technically Tariq Naik (Jul 08)
- Re: How do VA scans work technically Jason (Jul 09)
- RE: How do VA scans work technically Tariq Naik (Jul 16)
- Re: How do VA scans work technically Jason (Jul 09)
- Re: How do VA scans work technically Killy (Jul 08)
- Re: How do VA scans work technically Aseem Kumar (Jul 09)
- Re: How do VA scans work technically Todd Haverkos (Jul 09)
- AW: How do VA scans work technically puppe (Jul 10)
- RE: How do VA scans work technically Rivest, Philippe (Jul 10)
- Re: How do VA scans work technically Aseem Kumar (Jul 10)
- RE: How do VA scans work technically sandip (Jul 25)
- Re: How do VA scans work technically Aseem Kumar (Jul 09)
- Re: How do VA scans work technically Zed Qyves (Jul 22)
- RE: How do VA scans work technically Tariq Naik (Jul 08)
- <Possible follow-ups>
- Re: How do VA scans work technically HITESH PATEL (Jul 09)