Penetration Testing mailing list archives
RE: Distributed Vulnerability Scanners
From: charl van der walt <charl () sensepost com>
Date: Fri, 7 Mar 2003 02:01:08 +0200 (SAST)
hey, i wasn't going to mention this until i saw qualys and vigilante being mentioned. it feels awfully like i'm doing a plug, but i think this approach is worth mentioning: over the last few years we've been developing an Internet-based scanning solution called "HackRack" - check www.hackrack.com. The live site is running version 2 of the system but i'm going to describe version 3, which is currently in Alpha testing. HackRack is essentially a web front end for Nessus, but is also more, less and different. it's more because, in addition to the Nessus scans, we also scan for key DNS entries, open and closed ports and 'pingable' ips within a given range. in addition, HackRack stores all its findings in a database and presents its findings in an interactive web interface that allows for 'drill-in' information regarding the problem, real-time retesting of a specific issue and rescanning of an entire host. it allows for direct, interactive support, which we offer as part of the subscription. the reporting interface can also be "taught" which issues are important and which should be deprioritized or ignored in the future. finally, hackrack can initiate additional scans or reports intelligently based on the findings of previous scans. i.e. if we find an new ip 'up' on the network, we can automagically initiate a scan on that ip and deliver the report. HackRack is less because it doesn't attempt to be a heavy-duty scanner. rather, it attempts to provide only the most important vulnerability information timeously in a simple, succinct form. HackRack is different because it focuses on detecting changes. we don't deliver full reports, only reports on what has changed since the previous day's scans. with this approach, combined with the support and the 'learning' feature our aim is to ensure that every single report we deliver is studied, because the client knows it will be important. it's a humble product, but a philosophy i believe in. rgds charl ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- Distributed Vulnerability Scanners Talisker (Mar 06)
- RE: Distributed Vulnerability Scanners Greg Reber (Mar 06)
- Re: Distributed Vulnerability Scanners Gideon Rasmussen, CISSP (Mar 06)
- Re: Distributed Vulnerability Scanners Talisker (Mar 09)
- Re: Distributed Vulnerability Scanners Alex Zimin (Mar 06)
- Re: Distributed Vulnerability Scanners cdowns (Mar 07)
- Re: Distributed Vulnerability Scanners Michael Murray (Mar 09)
- <Possible follow-ups>
- RE: Distributed Vulnerability Scanners Erik Birkholz (Mar 06)
- RE: Distributed Vulnerability Scanners charl van der walt (Mar 06)
- Re: Distributed Vulnerability Scanners Peter Mercer (Mar 07)
- RE: Distributed Vulnerability Scanners charl van der walt (Mar 09)
- Re: Distributed Vulnerability Scanners Peter Mercer (Mar 07)
- RE: Distributed Vulnerability Scanners Kohlenberg, Toby (Mar 06)
- Re: Distributed Vulnerability Scanners Renaud Deraison (Mar 07)
- RE: Distributed Vulnerability Scanners Rapaille Max (Mar 07)
- Re: Distributed Vulnerability Scanners sacha . faust . bourque (Mar 07)
- Re: Distributed Vulnerability Scanners spectom (Mar 11)
- RE: Distributed Vulnerability Scanners Sunny Chowdhury (Mar 09)
- RE: Distributed Vulnerability Scanners Ken Smith (Mar 11)
- Re: Distributed Vulnerability Scanners Preston (Mar 11)
- RE: Distributed Vulnerability Scanners Greg Reber (Mar 06)