From: Matt Foster (matt.foster@blade-software.com)
Date: Thu Aug 07 2003 - 08:15:40 EDT
Hi Joe,
If you are interested in testing with real exploit code you may be interested in
taking a look at IDS Informer. It has an attack database of 700+ attacks which
it can replay while spoofing source and destination ip addresses. You can grab
an eval from our website if you would like to take a look
www.blade-software.com
Regards
Matt
-----Original Message-----
From: Joe Skaboika [mailto:caffeinex36@yahoo.com]
Sent: 06 August 2003 19:33
To: pen-test@securityfocus.com
Subject: Nessus NASL + Canned Exploit database
Has anyone seen any project involving linking nessus .NASL scripts with a
canned exploit database of some sort. For instance, I plug my .NBE file into
this tool which spits me out known public canned exploits (the actual exploit
not links or info). I was thinking about a pen-testing extention to nessus
where I pipe output from nessus into a tool that runs a canned exploit
automagically (based on this database) I realize known canned exploits are
buggy and architecture for something like this would be a nightmare but I'm
curious if anyone has started or even started thinking of anything like this.
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT