Re: Nessus NASL + Canned Exploit database

From: Muhammad Faisal Rauf Danka (mfrd@attitudex.com)
Date: Wed Aug 06 2003 - 17:33:57 EDT


Take a look at our mission:
http://www.securitynerds.org/html/mission.html

Our goal at SecurityNerds is to create a site bringing three important faculties of computer security together in one central location. Those being Pen-Testing, IDS and forensics. All of which in some fashion or another, directly or indirectly cross over into one or more of the other fields.

The initial focus of SecurityNerds will give professional pen-testers a site to get trust worthy, reliable code. SecurityNerds is working on a database that directly correlates exploit code with the vulnerabilities discovered by a variety of v/a tools. SecurityNerds also has future plans of correlating with CVE & OVAL id's.

Our primary focus will be to correlate our database with nessus id's and possibly looking at working with other v/a tools down the road. Future plans also include creating a nessus module that directly intigrates with our database during scans.

Regards
--------
Muhammad Faisal Rauf Danka

--- Joe Skaboika <caffeinex36@yahoo.com> wrote:
>
>
>Has anyone seen any project involving linking nessus .NASL scripts with a
>canned exploit database of some sort.
>
>For instance, I plug my .NBE file into this tool which spits me out known
>public canned exploits (the actual exploit not links or info). I was
>thinking about a pen-testing extention to nessus where I pipe output from
>nessus into a tool that runs a canned exploit automagically (based on this
>database)
>
>I realize known canned exploits are buggy and architecture for something
>like this would be a nightmare but I'm curious if anyone has started or
>even started thinking of anything like this.
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT