Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Auditing Firewalls

From: Javier Fernández-Sanguino <jfernandez () germinus com>
Date: Fri, 14 Dec 2007 15:52:40 +0100
Gleb Paharenko <gpaharenko () gmail com> ha escrito:


Hi.

I've found audit scripts is very useful not even for security checks,
but for gathering info from audited system. It is easier to make
baselines also. Can somebody  provide more links to good audit
scripts, especially for windows. Did somebody compare solaris scripts
with JASS, and windows staff with MBSA? Did someone give a shot to
cscript instead of batch files?
Well, I've always used the Audit script for Windows I wrote back some years ago (http://cvs.savannah.nongnu.org/viewvc/tiger/audit/audit_windows.bat?root=tiger&view=markup).
Unlike MBSA or CIsecurity's scripts, that audit script only gathers information, it is up to you to analyse it and infer issues. It also depends on some external tools (specially Sysinternals') to extract more data from the system than the data available with the OS tools.
A quick search in Google for other audit scripts brings up http://www.open-audit.org/. As part of their audit scripts they provide some Visual Basic scripts (that can use cscript) to extract system information. 

Regards

Javier


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: