Nmap Development mailing list archives
Re: Socat
From: Chuck <chuck.lists () gmail com>
Date: Fri, 17 Jun 2005 14:28:00 -0400
Doesn't nessus fit that description 100% already?It doesnt actually exploits :( Just checks, what the target is actually vulnerable to ...Not quite true since many checks in Nessus are done by trying to exploit the vulnerability. You don't get interractive shell or VNC access through it but that does not mean it's not an exploit.exactly, it doesnot allows vulnerability exploitation for all cases except few like DOS attacks etc..
I think you are both right in that I believe that Nessus (in the NASL language) has the ability to run exploits, but many NASL scripts do something less than exploiting in order to minimize the possibility of crashing the service / system. In light of that fact, I am interested in what this project would give us that we don't already have. If the goal is a tool that actually exploits services to verify they are vulnerable, then I think this could be done by writing some NASL scripts (which can be run on the command line separate from Nessus if desired). If the goal is to exploit services and give the attacker control of the box, then I agree with Martin Mačok that Metasploit already fills that niche. Perhaps this is related to Fyoder's project idea to "Add NASL (Nessus Attack Scripting Language) support to Nmap, without using LibNASL". I could perhaps see some use to running NASL scripts from NMap (if you have only one or a few NASL scripts you want to run it may be easier than running Nessus, especially since Nessus is not easy to run from the command line). I don't see why this would have to be done without using LibNASL since both NMap and Nessus (the program itself and some of the mostly older plugins) are licensed under the GPL. Is there something I am missing there? Chuck _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev