From: Patrick Boucher (pboucher@gardienvirtuel.com)
Date: Mon Dec 01 2003 - 14:07:21 EST
Greetings,
1) One of the most important feature in a vulnerability scanner is it's
ability to modify it's parameters, For exemple, something the target will not
answer to Ping, traceroute or even TCP ping. But will have port 25 open.
The scanner should do it's work even in thoses conditions.
2) And SQL injection and analysis of the web page's content. Like extracting
comments or error in HTML programming.
That's one of the primary thing that, I think, is missing.
If any body know of a way to do thoses thing, please let me know!
Patrick
On Monday 01 December 2003 05:26, Marc Ruef wrote:
> Dear List
>
> I would like to ask you pen-testers two generic questions about
> vulnerability scanners:
>
> 1. Which features for you are very important or is the most important in a
> vulnerability scanner software? 2. Which features are you missing in the
> existing vulnerability scanner products?
>
> A vulnerability scanner in this context is a tool that looks automaticly
> for potential security holes. There are for example Nessus, ISS Internet
> Scanner, Symantec NetRecon, GFI LanGuard, SATAN, SAINT, Vigilante, Dante
> Security Scanner, ... Port scanner and enumeration utilities like nmap,
> N-Stealth, Whisker or Nikto are here not counted to vulnerability scanners.
>
> Yours,
>
> Marc Ruef
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:43 EDT