Penetration Testing mailing list archives
[PEN-TEST] mediocre reporting
From: Brian DeLine <Brian_DeLine () HERMANMILLER COM>
Date: Mon, 4 Dec 2000 09:37:17 -0500
I've never dealt with Vigilante, but their sample report indicates that a Windows NT box is susceptible to the Ftpd Args Core Dump vulnerability (UNIX only vulnerability). I imagine that this is a case of their marketing people putting the sample report together. I also notices that they do not put CVE reference numbers with the vulnerabilities. http://www.vigilante.com/securescan/sample_report/samplereport.pdf
Date: Sat, 2 Dec 2000 04:03:42 +0100 From: "Rietveld, Peter" <priet () CENTENNIUM NL> Subject: VVIGILANTe Security Scanner MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit A related company is evaluating security scanners for PenTesting. They
have
had a convincing marketing presentation of Vigilante. From their website *www.vigilante.com I 've gathered that they have somehow mixed: a.. Fyodor nmap v2.53 b.. ISS Internet Scanner NT v6.1 c.. Linux traceroute v1.4a5 d.. NAI CyberCop NT v5.5 e.. SC Robert 3.0.1 f.. Slayer icmp v2.1 g.. VIGILANTe Exploit Arsenal v1.11 h.. VIGILANTe PortScanner v1.29 i.. VIGILANTe protocolid v1.26 This product is supposed to catch something like 1000 security bugs, but
ah,
how many does ISS find, or cybercop? I consider this to be a more or less gratuite claim, since it is not a hard claim, but more like something well it must be something like a thousand. Well, all this means they run more than one box, or run *Nix stuff on NT,
or
vice versa. Anyway, I am just a bit curious. Anyone take a deeper look
into
their product? Is it useable?
Current thread:
- [PEN-TEST] mediocre reporting Brian DeLine (Dec 05)