Re: Socat

[Chuck <chuck.lists () gmail com>]

> > > > Doesn't nessus fit that description 100% already?
> >
> > > It doesnt actually exploits :(
> > > Just checks, what the target is actually vulnerable to ...
> >
> > Not quite true since many checks in Nessus are done by trying to
> > exploit the vulnerability. You don't get interractive shell or VNC
> > access through it but that does not mean it's not an exploit.
>
> exactly, it doesnot allows vulnerability exploitation for all cases except
> few like DOS attacks etc..

   I think you are both right in that I believe that Nessus (in the
NASL language) has the ability to run exploits, but many NASL scripts
do something less than exploiting in order to minimize the possibility
of crashing the service / system.

   In light of that fact, I am interested in what this project would
give us that we don't already have.  If the goal is a tool that
actually exploits services to verify they are vulnerable, then I think
this could be done by writing some NASL scripts (which can be run on
the command line separate from Nessus if desired).  If the goal is to
exploit services and give the attacker control of the box, then I
agree with Martin Mačok that Metasploit already fills that niche.

   Perhaps this is related to Fyoder's project idea to "Add NASL
(Nessus Attack Scripting Language) support to Nmap, without using
LibNASL".  I could perhaps see some use to running NASL scripts from
NMap (if you have only one or a few NASL scripts you want to run it
may be easier than running Nessus, especially since Nessus is not easy
to run from the command line).  I don't see why this would have to be
done without using LibNASL since both NMap and Nessus (the program
itself and some of the mostly older plugins) are licensed under the
GPL.

   Is there something I am missing there?

Chuck


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev